20-11-2012, 12:54 PM
Distributed Denial Of Service (DDoS)
Distributed Denial Of Service.pptx (Size: 189.48 KB / Downloads: 27)
Introduction
A Denial of Service (DoS) attack is an attack with the purpose of preventing legitimate users from using a specified network resource such as a website, webservice, or computer system.
- By overloading a server, router, network link.
A Distributed Denial of Service (DDoS) attack is a coordinated attack on the availability of services of a given target system or network that is launched indirectly through many compromised computing systems
DDoS Attack Architectures
Agent-Handler Model
The client is where the attacker communicates with the rest of the DDOS attack system.
The handlers are software packages located throughout the Internet
The agent software exists in compromised systems that will eventually carry out the attack
IRC-Based DDOS Attack Model
In this an IRC
channel is used to connect
the client to the agents.
This makes tracking the
DDOS command packets
more difficult.
IRC servers tend to have
large volumes of traffic
making it easier for the
attacker to hide his presence
DDoS Attack Taxonomy
Bandwidth Depletion Attacks.
A bandwidth depletion attack is designed to flood the victim network with unwanted traffic that prevents legitimate traffic from reaching the primary victim.
Bandwidth depletion attacks can be characterized as
- flood attacks
-amplification attacks.
DDOS attack tools
DDOS Agent Setup- There are the ways that attackers install malicious DDoS agent code onto a secondary victim system as either active or passive.
Attack Network Communication- The DDoS agent-handler and handler-client communication can be via TCP, UDP, and/or ICMP protocols.
Operating Systems Supported- DDOS attack tools are typically designed to be compatible with different operating systems (OS). Any OS system (such as Unix, Linux, Solaris, or Windows) may have DDOS agent or handler code designed to work on it.
DDoS COUNTER MEAUSRES
There are three categories of DDoS countermeasures:-
-Preventing the setup of the DDoS attack network, including preventing secondary victims
and detecting and neutralizing handlers.
-Dealing with a DDoS attack while it is in progress, including detecting or preventing, mitigating or stopping, and deflecting the attack.
- The post-attack category involving network forensics.
CONCLUSION
It is essential, that as the Internet and Internet usage expand, more comprehensive solutions and countermeasures to DDOS attacks be developed, verified, and implemented.