Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do...
-
Upload
darrell-hill -
Category
Documents
-
view
214 -
download
0
description
Transcript of Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do...
![Page 1: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/1.jpg)
Application Layer Attack
![Page 2: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/2.jpg)
DDoS
• DDoS – Distributed Denial of Service• Why would any one want to do this? • In some cases, for bringing down service of
competitors, or for extortion money.
![Page 3: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/3.jpg)
Application Layer Attack
• There is a particular type of attack – simply ask bots to send requests to the victim for large files.
• Now, the victim, the server, has to send large files therefore the bandwidth is saturated and no more requests can be satisfied.
![Page 4: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/4.jpg)
CAPTCHA• One way is to see if we can distinguish human
from bots.• CAPTCHA -- Completely Automated Public Turing
test to tell Computers and Humans Apart • Below is a picture from wiki
![Page 5: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/5.jpg)
CAPTCHA
• Was proposed by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford.
• http://www.captcha.net/captcha_crypt.pdf
![Page 6: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/6.jpg)
Other things you can do
• With the CAPTCHA idea, they actually did something else: scan an old book, and show a word in the book along with one from CAPTCHA.
• You don’t know which one is from where. • So while you login, you help the library to
recognize words.
![Page 7: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/7.jpg)
Problem with CAPTCHA
• The problem is that you do not want to answer a CAPTCHA problem every 30 mins if you are watching a movie.
![Page 8: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/8.jpg)
The other solution
• Ask the client to solve a puzzle, basically asking the client to spend some resource before getting service.
• Can you design some puzzles?
![Page 9: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/9.jpg)
Puzzles
• Some puzzles include:– Finding a string such that the first k bits of its SHA-
1 hash are 0. – By controlling k, you control the difficulty of the
puzzle.– A problem is that this puzzle is biased toward
clients with fast machines.
![Page 10: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/10.jpg)
Memory-bound puzzles are better
• Memory speed varies less significantly than CPU speed.
• Forcing the client to do a lot of read from main memory.
• How?
![Page 11: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/11.jpg)
One memory bound puzzle
• There is a one-to-one function F() that cannot be reversed.
• Server started from x_0. x_i = F(x_i-1). • Server sends x_k to the client. Ask him to
return x_0.
![Page 12: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/12.jpg)
Other solutions• Speak-up: When system is in trouble, instead waiting
to drown, you should speak up!• Meaning that you should also send a lot of requests.• The server serves the one with loudest voice.• From their 2006 sigcomm paper:
![Page 13: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/13.jpg)
Speak-up
• Actually, every client has to pay the server some currency in the form of bandwidth.
• The hope is that the clients have spare bandwidths but the attackers already have used up their bandwidths.
• These dummy byes are a waste of resource.
![Page 14: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/14.jpg)
What we are working on
• Introducing p2p to DDoS defense.
![Page 15: Application Layer Attack. DDoS DDoS – Distributed Denial of Service Why would any one want to do this? In some cases, for bringing down service of competitors,](https://reader036.fdocuments.net/reader036/viewer/2022082723/5a4d1af77f8b9ab059982350/html5/thumbnails/15.jpg)
A useful link
• http://staff.washington.edu/dittrich/misc/ddos/