Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by...
-
Upload
britney-gregory -
Category
Documents
-
view
226 -
download
0
Transcript of Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by...
![Page 1: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/1.jpg)
1
Inferring Denial of Service
AttacksDavid Moore, Geoffrey Volker and Stefan
SavagePresented by Rafail Tsirbas
4/1/2015
![Page 2: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/2.jpg)
Footer Text 2
Outline
• Denial of Service Attacks• Motivation & Limitations• Backscatter Analysis• Results• Conclusion
4/1/2015
![Page 3: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/3.jpg)
Footer Text 3
Denial of Service Attacks
• Logic Attackso “Ping of Death”
• Flooding Attackso Overflow victim’s computer
4/1/2015
![Page 4: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/4.jpg)
Footer Text 5
Flooding Attacks• The attacker tries to
overflow victim’s pco SYN Floodso TCP DATAo TCP NULLo ICMP Echo Requestso DNS Requesto Zero Day Attacko NTP “monlist”o …
4/1/2015
Attacker Victim
![Page 5: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/5.jpg)
Footer Text 6
Flooding Attacks• Distributed Denial of
Service Attackso A lot more powero Hide easiero More sophisticated attack
• IP spoofingo Change source IP addresso Tools Shaft, TFT etc
4/1/2015
Attacker
Botnets
![Page 6: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/6.jpg)
Footer Text 74/1/2015
Outline
• Denial of Service Attacks• Motivation & Limitations• Backscatter Analysis• Results• Conclusion
![Page 7: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/7.jpg)
8
Motivation & Limitations
• “How prevalent are Denial of Service Attacks in the Internet today?”
• Base line for long term analysis• Limitation Factors
4/1/2015
![Page 8: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/8.jpg)
94/1/2015
Outline
• Denial of Service Attacks• Motivation & Limitations• Backscatter Analysis• Results• Conclusion
![Page 9: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/9.jpg)
Footer Text 11
Backscatter effect
4/1/2015
Attacker Victim
Host A
Host BHost C
![Page 10: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/10.jpg)
Footer Text 12
Backscatter analysis
4/1/2015
Attacker Victim
Host A
Host BHost C
M packets
N pc’s monitoring
E(x) =
![Page 11: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/11.jpg)
Footer Text 13
Backscatter analysis
• Estimation of attack rate:o R >= * Where: average inter-arrival backscatter
• Analysis Limitations:o Address uniformityo Reliable Deliveryo Backscatter hypothesis
4/1/2015
![Page 12: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/12.jpg)
Footer Text 14
Attack classification
• Flow-basedo How many, how long, what kind
• Event-basedo Fixed time windows
4/1/2015
![Page 13: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/13.jpg)
Footer Text 15
Backscatter analysis
• They monitored /8 Network
• 3 weeks long
4/1/2015
/8 Network
Monitor
![Page 14: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/14.jpg)
Footer Text 164/1/2015
Outline
• Denial of Service Attacks• Motivation & Limitations• Backscatter Analysis• Results• Conclusion
![Page 15: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/15.jpg)
Footer Text 17
Results
4/1/2015
Flow based•Over 12,800 attacks•6,000 distinct IP addresses•Almost 200 million backscatter packets
Event-based•10,000 distinct IP addresses•Almost 200 million backscatter packets
![Page 16: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/16.jpg)
Footer Text 18
Results
4/1/2015
![Page 17: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/17.jpg)
Footer Text 19
Responses Protocols
4/1/2015
![Page 18: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/18.jpg)
Footer Text 20
Protocols
4/1/2015
![Page 19: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/19.jpg)
Footer Text 21
Duration
4/1/2015
![Page 20: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/20.jpg)
Footer Text 22
TLDs
4/1/2015
![Page 21: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/21.jpg)
4/1/2015Footer Text 23
Outline
• Denial of Service Attacks• Motivation & Limitations• Backscatter Analysis• Results• Conclusion
![Page 22: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/22.jpg)
Footer Text 24
Conclusions
• New techinque “backscatter analysis”• DoS attacks exist
4/1/2015
![Page 23: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/23.jpg)
Footer Text 25
Questions?
4/1/2015
![Page 24: Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.](https://reader035.fdocuments.net/reader035/viewer/2022070416/5697c02a1a28abf838cd834b/html5/thumbnails/24.jpg)
Footer Text 26
Thank You!
4/1/2015