Professional Documents
Culture Documents
Introduction
Overview of DDoS Attack ? How it works Impact of business Mitigation Prevention Challengers Q&A
How it works
A botnet is a network of computers that have been infected and can be used remotely by hackers in order to carry out various attacks. Botnets: nearly 1/4 of all computers have them. They use your computer to send spam, collect personal information, or take down websites, all without your knowledge
Attacked
Server Statistics
Tools efficiency
HTTP Flood Test Report Date: 10/13/2011 12:51:31 PM Target URL: www.srilankatravelhub.com Target Port: 80 Duration: 4 minutes, 14 seconds Requests Issued: 81907 Responses Received: 58 Requests Lost: 99.93% Request Rate: 322.47 requests per second
Trend of attacks
DDoS Attacks Continue to Grow Attackers today are a lot more sophisticated Every organization online is a potential DDoS Target
Legal
DDoS is a federal Crime and its illegal in the united states under national information infrastructure protection act 1996 It s illegal in many countries now Legal battle to protect DDoS There s no such thing as a DDoS attack. A DDoS is a protest, it s a digital sit-it. It is no different than physically occupying a space. It s not a crime, it s speech. Nothing was malicious, there was no malware, no Trojans. This was merely a digital sit-in. It is no different from occupying the Woolworth s lunch counter in the civil rights era.
DDOS Tools
Mobile DDoS
Business Impact
System Impact Business impact
Cost Of Prevention
Victim
Application - exploit some feature of a specific application on victim host - disables legitimate client use of that application and possibly strains resources - indistinguishable from legitimate packets - semantics of application must be heavily used in detection Host - disable access to the target machine completely by overloading or disabling its communication mechanism (ex: TCP SYN attack) - attack packets carry real destination address of target host Network Attacks - consume incoming bandwidth of a target networks - attack packets have destination addresses within address space of network - high volume makes detection easy Infrastructure - target some distributed service that is crucial for the global Internet operation or operation of a sub-network - ex: DNS server attacks
Capacity
Ensure that you have adequate bandwidth on your Internet connection. You'll be able to foil many low-scale DDoS attacks by simply having enough bandwidth (and processing power) to service the requests.
Prevention
Deploy an intrusion prevention system
Prevention (Technical)
Proper Firewall Configuration
Accept Only dedicated ports Such as port 80 is reachable directly Update Subscription
Prevention
Traffic Monitor
Monitor
Monitors in and out packet Checks the hashtable Server thread
Manager
Analyzes the supplied data Sorts the IPs in one of several classes
Prevention
Traffic generated by reflector Reflector enable filtering Deploy trace back mechanism IDS/IPS
Keep an audit trail that describes what was changed and why. Create interdepartmental Standard Operating Procedures (SOPs) and Emergency Operating Procedures (EOPs). Network monitoring isn't enough; your administrators must know your configuration in detail. Test yourself both locally and over the Internet. Your processes can harm you just like as hackers. Keep people aware of old configurations and their purpose. When something is different, ask why. Know the trade-offs between simplicity, cost, and survivability. Protect yourself against hackers.
Practical Challengers
Distributed response needed at many points on Internet - attacks target more than one host - wide deployment of any defense system cannot be enforce because Internet is administered in a distributed manner Economic and social factors - distributed response system must be deployed by parties that do not suffer direct damage from DDoS attacks - many good distributed solutions will achieve only sparse deployment Lack of detailed attack information - attacks scenarios are unique Lack of defense system benchmarks - currently no benchmark suite of attack scenarios that would enable comparison between defense systems Difficulty of large-scale testing - defenses need to be tested in a realistic environment - lack of large-scale testbeds
Thank You !
Q&A