Download - Simulation and Analysis of DDos Attacks
1
Simulation and Analysis of
DDos Attacks
Poongothai, MDepartment of Information
Technology,Institute of Road and Transport
Technology, Erode Tamilnadu, India
Sathyakala, MDepartment of Information
Technology,Institute of Road and Transport
Technology, Erode Tamilnadu, India
Speaker: 101061555 鍾國君
2012 – International Conference on Emerging Trends in Science, Engineering and Technology
2
OutlineIntroduction to DDos AttackDDos Attack ArchitectureAdvantages of DDos Attack Four Phase of bot installation DDos Attack MethodsDDos DefensesSimulationConclusion
3
Intruduction to DDos Attack
Distributed Denial of Service(DDos)◦Overloads the targeted server with
useless traffic, crashes the server and leaves it unable to properly communicate with the legitimate users.
◦Consume mainly the victim’s bandwidth, processing capacity and storage capacity.
◦May need human intervention to resume.
4
DDos Attack Architecture
5
Advantages of DDos Attack
Simple◦No sophisticated mechanisms.◦A single hacker can do.
Difficult to trace◦Multi-tiered structure.◦IP source spoofing.
6
Advantages of DDos Attack
Similar to legitimate traffic◦Attack streams from numerous
machines converge near the victim.
Robust ◦Attacks will continue even if one
node is dead.
7
Four Phase of Bot Installation
What is Bot?
◦A program that automatically operates as an user or another program.
◦Installed in the internal-node computers called “handlers” or “agents”.
◦Wait for the hacker to initiate the attack remotely.
8
Four Phase of Bot Installation
1.Scanning◦Installed bots scan lots of computers
for security flaws.
2.Exploitation◦Susceptible hosts are found and compromised hosts are listed.
9
Four Phase of Bot Installation
3.Deployment◦The “handler software” is installed in
the compromised hosts.
4.Propagation◦Handler then scans for vulnerable
hosts and compromises them, called “agents/Daemon”.
10
DDos Attack MethodsMethods
◦Smurf Floods Floods the network with ICMP ECHO
requests with the victim’s address, then the victim will filled with ping responses.
◦ICMP Floods The Attacker generates lots of ICMP
ECHO packets directed at the victim. Finally, the victim is busy replying all the ECHO requests.
11
DDos Attack Methods ◦UDP/TCP Floods
Send a large number of UDP/TCP packets to the victim and tie up the available network bandwidth.
◦TCP SYN Floods Not to give the final ACK packet and
make the victim waste the allocated buffer.
12
DDos Attack Methods
13
DDos Attack Methods Dynamics
◦Application attacks◦Protocol attacks◦Operating system attacks◦Host attacks◦Network attacks◦Infrastructure attacks
14
DDos Defense Classification
◦Preventive Eliminate the vulnerabilities in the
system and prevent the attacker from gaining a group of zombie machines.
◦Survival Increase the victim’s sources for
surviving during the attack.
◦Responsive Control the attack streams from
influencing the victim.
15
DDos Defense Strategy
◦Agent identification who is attacking?
◦Rate limiting Impose a rate limit on the incoming
streams.
◦Filtering Filter out the attack streams.
◦Reconfiguration Change the topology of the networks near
the victim.
16
DDos Defense Countermeasures
◦Path isolation Routers isolate traffic path, and this
information can be used to deploy filters on the path.
◦Privileged customer Customers used to communicate with the
server will have the first priority.
17
DDos Defense ◦Traffic baselining
Filter the traffic when some traffic parameter exceed their expected value.
◦Resource multiplication More resources are deployed to sustain
large attacks.
◦Legitimate traffic inflation Multiply the legitimate traffic.
18
SimulationThree considerations
◦DDos attack traffic◦Legitimate traffic◦Network topology
Software used - NS2◦Can replicate threats of interests in a
secure environment.
19
Simulation
20
ConclusionEvolution in intruder tools will
continue.
Even if the system/network is robust, others may be not. Thus, the security issue still exists.