Network Defenses to Denial of Service Attacks - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Network Defenses to Denial of Service Attacks

Description:

Applications, hosts and networks are often significantly oversubscribed. ... mitigated the recent Slammer/Sapphire worm by temporarily blocking UDP port 1434 ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 12
Provided by: ntgrdD
Category:

less

Transcript and Presenter's Notes

Title: Network Defenses to Denial of Service Attacks


1
Network Defenses to Denial of Service Attacks
John Kristoff jtk_at_depaul.edu 01 312 362-5878
2
DoS attack prevention is difficult
  • Applications, hosts and networks are often
    significantly oversubscribed.
  • Internet (data) traffic is naturally bursty on
    all time scales, thus
  • discerning bad traffic from good can be hard.
  • There is no one, easy thing to fix that will make
    the problem go away.
  • Its been proposed that re-architecting the
    Internet is a solution, but no one wants to go
    through that pain.

3
Visualizing DoS Attack Data
4
Visualizing Bottlenecks
5
What are the popular defenses?
  • Block bogon, invalid and attack packets.
  • Monitor traffic thresholds, patterns and trends.
  • Rate limit traffic to help prevent
    oversubscription.
  • Prevent end hosts from becoming DoS agents.
  • Black hole victim hosts/networks.
  • Maintain good incident response and support
    staff.
  • As you might guess, no one defense solves it all.

6
In depth look at packet blocking
  • Blocking invalid/bogon packets from reaching the
    net is generally considered a best practice.
  • However, it may severely impact forwarding
    performance and be difficult to manage.
  • Blocking on general attack characteristics may
    also block and break legitimate applications.
  • Many ISPs mitigated the recent Slammer/Sapphire
    worm by temporarily blocking UDP port 1434
    traffic.

7
Traceback
  • Enabled routers generate or encode trace
    information to the traced destination.
  • Victims can use trace information to discover the
    real path back to the original source.
  • Authentication, deployment and practical issues
    exist.

8
Source path isolation engine
  • Routers keep a hash of all packets passing
    through and send to a collector.
  • To trace a packet, query the collector based on
    packet characteristics.
  • SPIE can potentially trace a single packet.
  • Significant scaling and deployment issues.

9
Pushback
  • A mechanism to signal downstream routers to
    aggressively drop/limit attack traffic.
  • Routers must detect attack traffic. A similar
    problem shared by signature based filters.
  • If attack traffic is widely distributed, pushback
    may be ineffective.
  • IMHO, pushback and related techniques are the
    most interesting and elegant network-based
    solutions.

10
Slammer/Sapphire the DoS attack
11
Other defenses
  • Legal action. Costly (in more ways than one) and
    problematic when crossing legislative borders.
  • Mirror and distribute victims. Costly and
    management intensive.
  • User education? Security Forum 2003!
  • Thanks! Stop by for a visit at http//ntg.depaul.e
    du/rd/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Network Defenses to Denial of Service Attacks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!