Ethics of Distributed DoS - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Ethics of Distributed DoS

Description:

Administrators of compromised machines (zombies) Target. Issues ... Why were the zombies not secure? Cost to society outweighs cost to individual ... – PowerPoint PPT presentation

Number of Views:101
Avg rating:3.0/5.0
Slides: 10
Provided by: publicclus
Category:

less

Transcript and Presenter's Notes

Title: Ethics of Distributed DoS


1
Ethics of Distributed DoS
  • (Why TFN is Evil)

March 2, 2000
Mintcho Petkov
Dartmouth College
2
Introduction
  • Timeline of Attacks
  • Feb 7 - Yahoo
  • Feb 8 - CNN, Buy.com, eBay, Amazon
  • Feb 9 - E-Trade, ZDNet

Investigation Uncovered Distributed Denial of
Service Attack (DDoS) Tool used Tribe Flood
Network (TFN) TFN created by the German hacker
Mixter
Source www.CNN.com
3
Denial of Service Attacks
  • What is DoS?
  • Consume all resources. No resources left for
    others
  • Must be intentional.

Examples Run a CPU-intensive program on tahoe
without caring about the results Allocate as
much memory as possible (on a multi-user
machine) Flood a network address with meaningless
traffic (commonly ICMP, UDP)
Distributed DoS Denial of Service launched from
several computers with automated coordination.
4
Tribe Flood Network
manual
Target
automated
5
Situation Analysis
  • Parties Involved
  • Creator of TFN (Mixter)
  • Attacker
  • Administrators of compromised machines (zombies)
  • Target

Issues Responsibility of Zombie administrators
Mixters Responsibility Overall Internet
Insecurity
6
Responsibility of Zombie Owners
  • If zombies were secure, no DDoS attack possible
  • Without a large number of high-bandwidth,
    low-security computers to be compromised, there
    is no attack.
  • Why were the zombies not secure?
  • Cost to society outweighs cost to individual
  • Conflict of interest (I have nothing important
    on this machine, so why invest in security?)
  • Not everybody is a security expert!

7
Mixters Responsibility
  • Security Administrator Tool for Analyzing
    Networks (SATAN)
  • Automatically exposes system vulnerabilities
  • Legitimate and illegitimate uses

TFN and Capacity Management Testing the maximum
amount of traffic a server can handle Distributed
packet flooding tools help Cracking random
computers NOT part of Capacity Management
Mixter Shares the Blame The tool can only be used
for malicious purposes
Source iss.net
8
Overall Internet Insecurity
  • Noteworthy Incidents
  • NATO website successfully flooded during Yugoslav
    War
  • FBI website made inaccessible by a DoS attack
    (Feb 18, 2000)
  • 227 computers used in a DDoS attack against the
    University of Minnesota (August 17, 1999)

General Concerns about TFN Automation Encryption
(list of compromised hosts encrypted) Concealment
Techniques (broadcast addressing) Large existing
networks of compromised machines
Sources CNN.com, news.yahoo.com, iss.net
9
Conclusions
To Summarize SATAN can be good TFN is
evil People can be careless The Internet is
insecure
  • References
  • Computer Security - www.iss.net
  • News - CNN.com,
    news.yahoo.com
  • Mixters Website - www.mixter.org
  • Analysis of TFN - staff.washington.edu/dittric
    h/misc/tfn.analysis
  • Expert on TFN - cbrenton_at_sover.net (Chris
    Brenton)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Ethics of Distributed DoS" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!