Scribd Logo
Upload

Welcome to Scribd!

  • Denial-of-Service (Gligor, 84) : Otherwise-Authorized

    Uploaded by

    Pavan Kumar
    4 views14 pages
    The document discusses denial-of-service (DoS) attacks and ways to mitigate their impact. It defines DoS attacks as actions that make a specified service unavailable to legitimate users for longer than intended. DoS attacks aim to reduce network and server resource utilization by either destroying resources or exhausting them through flooding. Common flooding techniques include exploiting vulnerabilities to crash servers or overwhelming them with service requests. Detection and mitigation strategies mentioned include packet filtering, honeypots, and load balancing with front-end servers.

    Original Description:

    Original Title

    Dos

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses denial-of-service (DoS) attacks and ways to mitigate their impact. It defines DoS attacks as actions that make a specified service unavailable to legitimate users for longer than intended. DoS attacks aim to reduce network and server resource utilization by either destroying resources or exhausting them through flooding. Common flooding techniques include exploiting vulnerabilities to crash servers or overwhelming them with service requests. Detection and mitigation strategies mentioned include packet filtering, honeypots, and load balancing with front-end servers.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views14 pages

    Denial-of-Service (Gligor, 84) : Otherwise-Authorized

    Uploaded by

    Pavan Kumar
    The document discusses denial-of-service (DoS) attacks and ways to mitigate their impact. It defines DoS attacks as actions that make a specified service unavailable to legitimate users for longer than intended. DoS attacks aim to reduce network and server resource utilization by either destroying resources or exhausting them through flooding. Common flooding techniques include exploiting vulnerabilities to crash servers or overwhelming them with service requests. Detection and mitigation strategies mentioned include packet filtering, honeypots, and load balancing with front-end servers.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Denial-of-Service [Gligor, 84]

    ``A group of otherwise-authorized users of a specific


    service is said to deny service to another group of
    otherwise-authorized users if the former group makes
    the specified service unavailable to the latter group for
    a period of time which exceeds the intended (and
    advertised) waiting time”

    Slides mostly by Sherif Khattab 1


    DoS Attacks

     DoS attacks aim at reducing legitimate


    utilization of network and/or server resources
    through:
     resource destruction (exploit bugs in the OS)
     resource exhaustion
     vulnerability exploitation (e.g., SYN attack)
     brute-force flooding
     Network-level (e.g., lots of packets as in UDP floods)
     Service-level (e.g., flash crowds)

    Slides mostly by Sherif Khattab 2


    Service-level DoS
     A large number of attack hosts request
    service from the victim server at a high rate.
    For instance,
     download files from an FTP server, or
     get web pages from an WWW server

    Slides mostly by Sherif Khattab 3


    Front-ends

     Front-ends form a tree with the back-ends as its


    logical root.

    Slides mostly by Sherif Khattab 4


    Front-ends (contd.)

     Tree level of each front-end depends on its


    attack tolerance
     Front-ends can be the bottleneck that gets
    attacked. It usually can withstand a good
    amount of attack traffic.
     To join the network (or reconfigure), a front-
    end performs:
     Parent registration
     Address registration

    Slides mostly by Sherif Khattab 5


    DoS Attacks (1/4)
    Legitimate packets
    consume network
    resources, such as
    router buffers and link
    capacity Router

    Server

    Legitimate Client
    They also consume
    server resources, such
    as interrupt processing
    capacity, operating
    system structures,
    processing time, etc.

    Slides mostly by Sherif Khattab 6


    DoS Attacks (2/4)

     Network-level DoS attacks flood network resources


     Service-level DoS attacks exploit vulnerabilities to
    crash servers
     Service-level DoS attacks flood server resources,
    so that legitimate clients’ packets will be dropped…

    Slides mostly by Sherif Khattab 7


    Our Focus: Service-level Flooding DoS

    DoS
    DoSAttacks
    Attacks
    Resource
    Resource Resource
    Resource
    Destruction
    Destruction Exhaustion
    Exhaustion

    Brute-force
    Brute-force Vulnerability
    Vulnerability
    Flooding
    Flooding Exploitation
    Exploitation

    Service-level
    Service-level Network-level
    Network-level

    Slides mostly by Sherif Khattab 8


    The DoS Problem

    Distinguish attack packets/requests from


    legitimate packets/requests
     quickly
     accurately (low false positives and false
    negatives) and
     efficiently (small overhead)

    Primary metrics
     Legitimate Response Time
     Legitimate Throughput

    Slides mostly by Sherif Khattab 9


    State-of-the-art
    Prevention Detection/ Mitigation
    Recovery
    Network-level PacketScore; Replication;
    Network-level puzzles RED-PD; Overlay-based
    Heavy-hitter
    detection;
    DCAP; Pushback;
    MOVE; Capabilities;
    IP Hopping
    Application-level DDoS Shield; Replication
    Service-level puzzles; Shadow Honeypots;
    Reservation- Kill-Bots
    based Schemes

    Slides mostly by Sherif Khattab 13


    Honeypots [Spitzner][Provos]

     Honeypots are:
     decoy resources to trap attackers
     useful in detecting worm-infected hosts
     However, honeypots are
     at fixed locations
     separate from real servers

    DoS Attackers can evade honeypots

    Slides mostly by Sherif Khattab 14


    Roaming Honeypots [Khattab]

    In roaming honeypots, the locations of


    honeypots are:
     continuously changing
     unpredictable to non-compliant attackers
     disguised within servers

    Slides mostly by Sherif Khattab 15


    Main Assumption

    Unique, un-spoofable user identifier


    (dealing with proxy servers is an open problem)

    Proxy Server

    Slides mostly by Sherif Khattab 16


    Packet Filtering in firewalls

    Firewall •White-list:
    • allow packets from
    ? certain users/Ips.
    ? • Not Scalable,
    because list grows
    with number of users
    • Black list:
    • do not allow certain
    IPs or users.
    • More Scalable:
    # attackers << # users

    Slides mostly by Sherif Khattab 17

    You might also like