Cpre 532 - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Cpre 532

Description:

Feb 2000, Etrade, CNN, Yahoo fell to distributed denial of service by using ... Story of GRC.com. Grc.com/dos/grcdocs.htm. Next Time. Wrap up break in lab. Questions ... – PowerPoint PPT presentation

Number of Views:49
Avg rating:3.0/5.0
Slides: 10
Provided by: jamestruc
Category:
Tags: cnn | com | cpre | etrade | money

less

Transcript and Presenter's Notes

Title: Cpre 532


1
Cpre 532
  • Lecture 27

2
Outline
  • Denial of Service

3
Denial of Service
  • Motivation for denial of service
  • Money lost by companies
  • Status of hackers
  • Types
  • Bandwidth consumption
  • Big pipe to little pipe
  • Amplification of attack
  • Multiple sources
  • Packets that multiple
  • Resource starvation
  • CPU, memory, disk space
  • Programming flaws
  • Routing / DNS

4
Attacks
  • Smurf
  • Directed broadcast x.y.z.255 from one subnet to
    another
  • Ping x.y.z.255 and large number of hosts would
    answer
  • Spoof source address to victim's address
  • Syn flood
  • First part of three-way handshake was sent
  • Computer that received syn would allocate memory
    to handle new connection and wait a certain time
    before clearing memory
  • Solution is to free memory rapidly and allow more
    open connections, IDS can detect and couple with
    routers can mitigates situation
  • Teardrop
  • Dealt with reassembly of packets, fragments
    wouldnt layout correctly and made fragments
    smaller than 8 bytes
  • Spoolss
  • Force memory to be consumer over null session
  • Stream
  • Resource starvation (CPU) by sending ack packet
    to series of ports with random sequence number
    and source IP

5
Attacks
  • DDOS
  • Feb 2000, Etrade, CNN, Yahoo fell to distributed
    denial of service by using hundreds of computer
    sending syn packets
  • Tribe Flood Network
  • DDOS with attacker commanding masters which are
    in charge of daemons which carry out the attack
  • Attacker controls masters with ssh and master to
    daemon is controlled with icmp_echo_reply
    messages
  • Daemons can be controlled to carry out udpflood,
    syn flood, icmp flood, smurf attack

6
Attacks
  • Trinoo / wintrinoo
  • DDOS
  • Command daemons with udp packets
  • Manual DDOS
  • Hacker groups pick website to attack
  • Each hacker uses his or her exploited computers
    to attack
  • Countermeasures
  • Difficult, numerous pipes converging on one pipe
  • Egress filtering

7
Attacks
  • Email
  • Filling up email quotes
  • Log files
  • Log file rotation
  • Story of GRC.com
  • Grc.com/dos/grcdocs.htm

8
Next Time
  • Wrap up break in lab

9
Questions
  • Is the exam open book
  • Yes, same a previous test
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Cpre 532" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!