04-10-2012, 12:30 PM
Internet Threats Denial Of Service Attacks
Internet Threats.ppt (Size: 200.5 KB / Downloads: 19)
The Internet And InformationSecurity
“The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about the Internet is that you’re connected to everyone else.” Vint Cerf
Denial Of Service Problems
Exploding in popularity
No skill required
High juvenile ratio
High availability of menu-driven programs available, on multiple platforms
Up and ruining in minutes
Unix, NT, Win95, etc
Programs available via the Internet within HOURS of the identified exploit
Often requires assistance across multiple ISPs
Coordination efforts impossible at best
Syn Floods
TCP Handshake required to set up communication
Send- HELLO! (TCP_SYN)
Recv- Yea, What? (TCP_SYN_ACK)
Send- Let’s Talk! (TCP_ACK)
SYN Flood exploits Handshake
Bad_Guy sends TCP_SYN from forged source that doesn’t exist
Victim tries to send a TCP_SYN_ACK, but can’t find the source, so it queues the message
Message is queued for ~75 seconds
Bad-Guy fills up SYN Queue
Victim can’t communicate
Mail Bombs
Large amounts of email to victim
“FROM” address randomly created
Mail trail is often relayed through several relay systems
Difficult to track origination
One Word: SPAM
Explosion of tools available from Spamming organizations to make this point-and-click, and professionally difficult to trace
Smurf Attacks
Attack
Bad_Guy sends a “broadcast_ping_request”, that looks like it came from “Victim”, and sends it to “Innocent 3rd Party”
Every host on “Innocent 3rd Party”’s network/subnet sends a “broadcast_ping_reply” to the victim
Victim gets hit with a massive ping attack
Good_guy traces the Attack to the “Innocent 3rd Party”
Compensators
Disable Broadcast Ping Replies on your routers
“no ip directed broadcasts”
Deploy monitoring software
Call your ISP
Filter ICMP