Lecture 9 Denial of Service Attack

/

Lecture Overview

  • Lecture 9: Denial of Service Attack

    • Course: ITSY 4114 - Ethical Hacking

Introduction to DOS and DDOS

  • Types of Attacks

  • Outline of Discussion

  • Countermeasures

  • BOTNET

  • Tools for DOS

What is DOS?

  • Definition:

    • A cyber-attack aimed at making a machine or network resource unavailable to intended users.

    • Disruption can be temporary or indefinite.

Impact of DOS

  • Loss of Revenue

  • Lost Productivity

  • Impact of Remediation Costs

  • DDoS Impact:

    • Damage to brand reputation.

    • Loss of market share.

What is DDOS?

  • Definition:

    • A distributed denial-of-service (DDoS) attack utilizes multiple compromised systems to generate attack traffic.

    • Common sources: Computers and IoT devices.

    • Playbook: Flood messages to overwhelm the target, disabling legitimate user access.

Mechanics of DDoS Attacks

  • Functioning:

    • Carried out through networks formed by infected devices, or "bots".

    • Control Mechanism: Bots follow remote commands from the attacker.

  • Consequences:

    • Targets overwhelmed by numerous requests, leading to service denial due to inability to distinguish legitimate traffic.

Types of DOS and DDOS Attacks

  1. ICMP Flood:

    • Sends a flood of ICMP packets to server consuming resources.

  2. SYN Flood:

    • Overwhelms server by sending multiple TCP SYN packets.

  3. UDP Flood:

    • Rapidly sends UDP packets, flooding the target.

  4. HTTP Flood:

    • Bombards server with HTTP requests.

  5. Slowloris Attack:

    • Sends partial requests to keep connections open.

Additional Attack Types

  • Smurf Attack:

    • Floods with spoofed ICMP echo requests.

  • DNS Amplification:

    • Uses DNS resolvers to amplify traffic.

  • NTP Amplification:

    • Exploits Network Time Protocol for attack traffic.

  • Chargen Amplification:

    • Exploits Character Generator Protocol for flooding.

  • SSL/TLS Flood:

    • Overloads server with SSL/TLS requests.

UDP Flood Attack Mechanism

  • Process:

    • Large volumes of UDP packets sent to target system.

    • Leads to unresponsive performance as resources are overwhelmed.

Countermeasures for UDP DOS Attacks

  • Packet Filtering:

    • At network edge and firewalls.

  • Rate Limiting:

    • Restrict packet influx based on time periods.

  • Traffic Shaping:

    • Prioritize legitimate traffic.

  • Intrusion Prevention Systems (IPS) and Detection Systems (IDS):

    • Monitor for real-time attack prevention.

  • System Updates:

    • Regular patching to mitigate vulnerabilities.

  • Monitoring Traffic:

    • Early detection to prevent significant damage.

ICMP Flood Attack Overview

  • Definition:

    • A DDoS attack using ICMP packets to overwhelm networks or servers.

  • Defensive Strategies:

    • Rate limiting, blacklisting, and filtering techniques for protection.

Protection Against ICMP Flood Attacks

  • Firewall Rules:

    • Limit ICMP packet flow.

  • Intrusion Detection Systems:

    • Detect and block malicious traffic patterns.

  • Updates:

    • Keep systems patched against vulnerabilities.

  • Anti-DDoS Services:

    • For detection and blocking of attacks.

Ping of Death Attack

  • Mechanism:

    • Involves sending oversized ping packets (over 65,535 bytes) to crash systems.

Preventing Ping of Death Attacks

  • Updates:

    • Regular software/device updates.

  • Blocking ICMP:

    • Firewall settings prevent oversized packets.

Smurf Attack Mechanics

  • Functionality:

    • Spoofs source IP to flood target with ping packets causing server slow down or crash.

Defense Against Smurf Attacks

  • ICMP Traffic Filtering:

  • Block Traffic to Broadcast Address:

  • Rate Limiting:

  • DDoS Solutions:

Overview of SYN Flood Attack

  • Process:

    • Floods target using spoofed SYN packets.

    • Leaves connections half-open causing resource depletion.

Protection against SYN Flood Attacks

  • Firewalls Configuration:

    • Limit and block malicious IP requests.

  • SYN Cookies:

    • Verify SYN requests before resource allocation.

  • Intrusion Prevention Systems:

    • To detect and block attack patterns.

HTTP DOS Attacks Overview

  1. HTTP GET

    • Deliberately delays full request to exhaust resources.

  2. HTTP POST

    • Sends incomplete message bodies making servers wait indefinitely.

Slowloris Attack Mechanics

  • Procedure:

    • Opens multiple slow connections, consuming server resources until unresponsive.

Countermeasures against HTTP DOS Attacks

  • Connection Limiting:

  • Traffic Monitoring:

  • Web Server Software Updates:

Understanding Botnets

  • Definition:

    • A collection of infected Internet-connected devices, controllable remotely by hackers.

  • Purpose:

    • Carry out diverse tasks including DDoS attacks and data theft.

Creation of Botnets by Hackers

  • Exploitation of Vulnerabilities:

    • Gaining unauthorized access via security flaws.

  • Social Engineering:

    • Tricking users into installing malware.

  • Malvertising:

    • Infecting users through malicious ad clicks.

Tools Used for DOS Attacks

  • LOIC (Low Orbit Ion Cannon):

    • Floods target with heavy traffic for stress testing.

  • Slowloris:

    • Maintains multiple connections by sending partial requests.

  • HULK:

    • Sends a high volume of HTTP requests to servers.

  • Others:

    • Tor's Hammer and Xoic also used for overwhelming targets.

Conclusion**

  • Importance of understanding various attacks, their impacts, and defensive strategies in Ethical Hacking.

/