08-11-2012, 02:39 PM
Past and Future Internet Disasters: DDoS attacks
1Past and Future Internet.pdf (Size: 592.74 KB / Downloads: 52)
The Problem:
Massive distributed DoS attacks have the potential to severely
decrease backbone availability and can virtually detach a
network from the Internet.
Survey: Motives for DDoS attacks
Cyber warfare: Prevent information exchange
A means to blackmail a company or even country and cause
image and money loss
Youthful mischief (Übermut) and desire to feel the power „to
rule the world“
Proof of technical excellence to „the world“ and oneself
Outbreak of worms from Internet security research ;-)
Survey: (D)DoS Attack types Summary
A)DoS attacks:
A1) Exploitation of a system weakness
A2) Computational system overload
A3) Misusing a protocol
A4) Flooding-based attacks
B)DDoS attacks:
B1) The amplifying network in “direct DDoS attacks”
B2) The amplifying network in “reflector DDoS attacks”
What is exactly “amplified” in an amplifying network?
• rate of packets (if each computer in one of s stages sends x packets
to n neighbours: x*s^n exponentially many packets are sent to the victim!!)
• size of packets (if requests size > reply size)
• difficulty to trace back an attack to the initating attacker
How it works:
The attacker sends many „pings“
(ICMP echo requests) to an IP
address that identifies a subnet
while spoofing the sender as the
victim‘s IP address. All computer in
that subnet reply to the victim,
which is flooded by replies.
How the SQL Slammer DDoS attack works
• The amplifying network of zombies is built fast by worm spreading
based on exploiting a system vulnerability
• System vulnerability: Exploit Microsoft SQL Servers and MSDEenabled
products vulnerable to the SQL Server resolution service
buffer overflow.
• Slammer's main function is propagation, sending 376 bytes of code
across port 1434/UDP until the SQL Server shuts down
• Scanning/infection/attack code is combined
Countermeasures:
• Patch the vulnerable SQL server installations
• Filter attack traffic to port 1434/UDP