CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the...
Transcript of CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the...
CSCI-UA.9480Introduction to Computer Security
Session 2.2
Denial of Service
Prof. Nadim Kobeissi
Defining Denial of Service
2CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
2.2a
What is a Denial of Service attack?
An attack “where the perpetrator seeks to make
a machine or network resource unavailable to
its intended users by temporarily or indefinitely
disrupting services of a host connected to the
Internet.”
3CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
What is a Denial of Service attack?
Some resource is being starved by an
adversary:
⚫ Network overload?
⚫ CPU overload?
⚫ Memory overload?
4CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
What is a Denial of Service attack?
Some resource is being starved by an
adversary:
⚫ Network overload: send too many packets.
⚫ CPU/memory overload: force the server to
carry out too many password stretching
instances.
⚫ Application overload: send too many
database/API requests.
5CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Examples of Denial of Service vectors.
UDP flood: unlike TCP, UDP has no flow control
built in.
⚫ Fork bombs: :(){ :|: & };:
⚫ SYN flood: Initiate several TCP connections but
never complete (ACK) them.
⚫ LAND attack: Craft a TCP packet where the
source and destination IP addresses are both
equal to the victim’s IP.
⚫ Malformed packets: exploit parsing errors.
6CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Test your knowledge!
7CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Can you figure out why the following Bash
command would be a “fork bomb”?
:(){ :|: & };:
Test your knowledge!
8CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Can you figure out why the following Bash
command would be a “fork bomb”?
:(){ :|: & };:Define a function called “:” Run “:”, pipe output to “:” executed in
the background.Run “;” for the first time.
DDoS: Distributed Denial of Service.
Example: Mirai botnet (600,000+ victims):
⚫ Caused serious damage to many leading
hosting providers (e.g. OVH, Dyn...)
⚫ Among the highest ever recorded throughput
for DoS attacks.
9CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
DDoS: Distributed Denial of Service.
Example: Mirai botnet (600,000+ victims):
⚫ Caused serious damage to many leading
hosting providers (e.g. OVH, Dyn...)
⚫ Among the highest ever recorded throughput
for DoS attacks.
10CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
DDoS: Distributed Denial of Service.
Example: Mirai botnet (600,000+ victims):
⚫ Caused serious damage to many leading
hosting providers (e.g. OVH, Dyn...)
⚫ Among the highest ever recorded throughput
for DoS attacks.
11CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
DDoS: Distributed Denial of Service.
Example: Mirai botnet (600,000+ victims):
⚫ Caused serious damage to many leading
hosting providers (e.g. OVH, Dyn...)
⚫ Among the highest ever recorded throughput
for DoS attacks.
12CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
DDoS: Mirai botnet device composition.
13CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
DDoS: Mirai botnet device composition.
14CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
DDoS: Mirai botnet victims.
15CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Examples of other botnets.
⚫ Srizbi botnet: responsible for most of the
spam in the world at some point.
⚫ Carna botnet: used for estimating the size of
the Internet.
16CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Another example: “Project Chanology”
Instead of a slide, at this point in the class we will watch this short
documentary on Project Chanology:
https://www.youtube.com/watch?v=vRb6L7SCSro
17CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Mitigating Denial of
Service Attacks
18CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
2.2b
Basic defenses against Denial of Service.
Firewalls, switches, and routers at ingress points of
a network that use packet filtering.
⚫ Build models of normal and abnormal behavior
and flag abnormal behavior.
⚫ Intrusion detection systems that look for attack
signatures or abnormally high rates of traffic or
both.
⚫ CAPTCHAs to ensure that a human and not a
bot is carrying out the request.
19CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Basic defenses against Denial of Service.
CAPTCHAs to ensure that a human and not a
bot is carrying out the request.
⚫ Proof of work: request hashes, etc.
20CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Content Delivery Networks: CloudFlare.
21CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Content Delivery Networks (CDNs).
Akamai, CloudFlare, Amazon CloudFront,
Microsoft Azure…
⚫ Concerns regarding centralizing of Internet
traffic (i.e. man-in-the-middle capabilities).
⚫ Questions w.r.t. freedom of expression
online:
22CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Next time:Designing
Secure Network Systems
23CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
2.3