1 쉽게 접근하자 dos! sookmyung women’s univ. 최서윤. 2 the dos?! sockstress dos using...
TRANSCRIPT
6
Denial of Service attack
Distributed Denial of Service attack
The DoS?!
- Destruction system
- Bandwidth consumption
- Exhausts Server Resources
9
Sending small WINDOW size Attack TCP
ACK Window size= 0
Client
SYN/ACK
SYN
ACK win =0Server
Sockstress
12
• Defense
- Short-term Block packets with small window sizes with a firewall
- Long-term Patch OS to reclaim RAM
Sockstress
20
IPv4 : DHCP - Dynamic Host Configuration Protocol - Router provides one
NEED AN IP
USE THIS IP
Link Local DoS
21
IPv6 : Router Advertisement - Every client on the LAN creates an address and joins the network
I AM Router! Join!
OKAY
Link Local DoS
23
• flood_ router6
Using BackTrack5
Also effects FreeBSD
Windows dies within 30 seconds
No effect on Mac OS X & Ubuntu Linux
RA Flood
24
• Windows Vulnerability
One attacker kills all the Windows machines on a LAN
Win 8 & Server 2012 dies (BSoD)
RA Flood
25
• Effects of New RA Flood
Microsoft Surface RT dies
Win 7 & Server 2008 Freeze during attack
Win 8 & Server 2012 dies (BSoD)
iPad 3 & Android phone slows and crashes (sometimes) Mac OS X dies
RA Flood
26
• Defense
Disable IPv6
Turn off Router Discovery Get a switch with RA Guard Microsoft provides some protection
RA Flood
27
Resource
http://code.google.com/p/r-u-dead-yet/
Keep-Alive DoS Script http://www.esrun.co.uk/blog/keep-alive-dos-script/ Router Advertisement DoS in Windows http://samsclass.info/ipv6/proj/flood-router6a.htm
RA Guard Evasion http://samsclass.info/ipv6/proj/RA-evasion.html
Jester pichttp://mashable.com/2010/11/29/hacker-wikileaks/
LOIChttp://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon
28
Resource
News http://dailysecu.com/news_view.php?article_id=1663
Generation about DoS attackhttp://privacy-pc.com/articles/generations-of-dos-attacks-some-history-and-links-to-jester-anonymous-and-lulzsec.html
Layer 4 DoShttp://unknownhad.wordpress.com/2013/03/16/what-is-ddos-layer-7-and-layer-4-and-low-rate-ddos/
Layer 7 DoShttps://www.owasp.org/images/4/43/Layer_7_DDOS.pdf
About LOIChttp://gizmodo.com/5709630/what-is-loic
29
Resource
Layer 7 DoShttps://devcentral.f5.com/articles/layer-4-vs-layer-7-dos-attack
About Sockstress and New RA floodDEFCON-21-Bowne-Prince-Evil-DoS-Attacks-and-Strong-Defenses
YoutubeSam Bowne video