Professional Documents
Culture Documents
Prevention.
Shahzad Khan
Zohaib Mukhtar
Agenda
References
Brief introduction
Denial of Service
A DoS (Denial of Service) attack aims at preventing, for
the victim.
Unidirectional Commands
Handler
Handler
Handler
Handler
Handler
Handler
Agent
Agent
Agent
Agent
Agent
Coordinating
communication
Agent
Attack Traffic
Using internet
Target
software.
Penetration: Attacker gets inside agents machine.
Eavesdropping: Attacker gets access to same network of
agent machine.
Man in the middle: Attacker listens agents machine
output and controls output.
How: Smurf
Attacker sends sustained Internet Control Message
log
Allow unicast traffic
AOIP.ORG(config)# access-list 101 permit ip any 192.168.1.0
0.0.0.255 log
Attach the ACL to the interface for inbound traffic
AOIP.ORG(config)# interface fa0/0
AOIP.ORG(config-if)# ip access-group 101 in
AOIP.ORG(config-if)# exit
existent IP address.
Victim replies with syn/ack but neither receives ACK nor
RST from non-existent IP address.
Victim keeps potential connection in a queue in SYNRecv state, and the queue is small and takes some time to
timeout to flush the queue.
E.g 75 seconds
seconds, the victim will never clear the queue and stops to
respond to legal users.
Normal Connection
that source.
Protection using Switches
Most switches have rate-limiting and ACL capability.
Automatic rate limiting, traffic shaping, delayed binding.
Bogon filtering (Bogus IP filtering)
How: Bottleneck
The attacker shuts down victims connection by
Bottleneck Prevention
Strategic firewall Placement
Companys firewall is placed on ISPs premises.
This shorts the connection line between ISP and router
firewall.
References
https://blog.cloudflare.com/65gbps-ddos-no-problem/
https://en.wikipedia.org/wiki/IP_address_spoofing
https://en.wikipedia.org/wiki/Smurf_attack
http://
www.academia.edu/9966857/DDoS_SYN_Flooding_Mitigation_and_Prevention
http://www.anythingoverip.co.za/tutorials/course-content/iscw/mitigating-smurf-d
os-attacks
/
http://
www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-co
ntents-34/syn-flooding-attacks.html
CERT, "CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing
Attacks," September 1996.
https://hakin9.org/syn-flood-attacks-how-to-protect-article /
The continued rise of DDoS attacks. Candid Wueest. Version 1.0 October 21,
2014, 13:00 GMT. https://
www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/
the-continued-rise-of-ddos-attacks.pdf
Thank You!
Team 20
Shahzad Khan
Zohaib Mukhtar