DOS Attack and Computer science security
johnjeremiah9
8 views
28 slides
Mar 04, 2025
Slide 1 of 28
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
About This Presentation
DOS and DDOS and its types and classification
Slide Content
Computer Security
Fundamentals
by Chuck Easttom
Chapter 4 Denial of Service Attacks
Fundamentals
by Chuck Easttom
Chapter 4 Denial of Service Attacks
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 2
Chapter 4 Objectives
Understand how DoS attacks are
accomplished
Know how certain DoS attacks work
Protect against DoS attacks
Defend against specific DoS attacks
Chapter 4 Objectives
Understand how DoS attacks are
accomplished
Know how certain DoS attacks work
Protect against DoS attacks
Defend against specific DoS attacks
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 3
Introduction
Denial-of-Service Attacks
One of the most common types of attacks
Second only to virus/worm attacks are denial-of-
service attacks.
Prevent legitimate users from accessing the
system
Know how it works
Know how to stop it
Introduction
Denial-of-Service Attacks
One of the most common types of attacks
Second only to virus/worm attacks are denial-of-
service attacks.
Prevent legitimate users from accessing the
system
Know how it works
Know how to stop it
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 4
Introduction (cont.)
Computers have physical limitations
Number of users
Size of files
Speed of transmission
Amount of data stored
Exceed any of these limits and the
computer will cease to respond
appropriately
Introduction (cont.)
Computers have physical limitations
Number of users
Size of files
Speed of transmission
Amount of data stored
Exceed any of these limits and the
computer will cease to respond
appropriately
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 5
Overview
Common Tools Used for DoS
LOIC (Low Orbit Ion Cannon)
Does nothing to hide the attacker address
GUI
Easy to use
•Free tool
available on the
net
•Open source
•Witten in C++, C#
•Windows, Linux,
Android, iOS
•JavaScript
version called
JS LOIC
Overview
Common Tools Used for DoS
LOIC (Low Orbit Ion Cannon)
Does nothing to hide the attacker address
GUI
Easy to use
•Free tool
available on the
net
•Open source
•Witten in C++, C#
•Windows, Linux,
Android, iOS
•JavaScript
version called
JS LOIC
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 6
Overview (cont)
Common Tools Used for DoS (cont’d.)
XOIC (similar to LOIC)
GUI
Easy to use
Overview (cont)
Common Tools Used for DoS (cont’d.)
XOIC (similar to LOIC)
GUI
Easy to use
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 7
Overview (cont.)
Common Tools Used for (D)DoS (cont’d.)
TFN (Tribal Flood Network) and TFN2K (Windows
and Linux)
Detection more difficult
Can perform various protocol floods (TCP, UDP, ICMP).
Master controls agents.
Agents flood designated targets.
Communications are encrypted.
Communications can be hidden in traffic.
Master can spoof (falsify) its IP.
Overview (cont.)
Common Tools Used for (D)DoS (cont’d.)
TFN (Tribal Flood Network) and TFN2K (Windows
and Linux)
Detection more difficult
Can perform various protocol floods (TCP, UDP, ICMP).
Master controls agents.
Agents flood designated targets.
Communications are encrypted.
Communications can be hidden in traffic.
Master can spoof (falsify) its IP.
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 8
Overview (cont.)
Common Tools Used for (D)DoS (cont’d.)
Stacheldracht (“barbed wire”)
Combines Trinoo (written in C) with TFN
Detects and automatically enables source
address forgery
Performs a variety of attacks
Overview (cont.)
Common Tools Used for (D)DoS (cont’d.)
Stacheldracht (“barbed wire”)
Combines Trinoo (written in C) with TFN
Detects and automatically enables source
address forgery
Performs a variety of attacks
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 9
Overview (cont.)
DoS Weaknesses
The flood must be sustained.
When packets stop sending, the attack stops.
Hacker’s own machine are at risk of discovery.
Overview (cont.)
DoS Weaknesses
The flood must be sustained.
When packets stop sending, the attack stops.
Hacker’s own machine are at risk of discovery.
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 10
DoS Attacks
TCP SYN Flood Attack
Hacker sends out a SYN packet.
Receiver must hold space in buffer.
Bogus SYNs overflow buffer.
DoS Attacks
TCP SYN Flood Attack
Hacker sends out a SYN packet.
Receiver must hold space in buffer.
Bogus SYNs overflow buffer.
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 11
DoS Attacks (cont.)
DoS Attacks (cont.)
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 12
DoS Attacks (cont.)
Methods of Prevention
SYN Cookies
Initially no buffer is created.
Client response is verified using a cookie.
Only then is the buffer created.
Resource-intensive.
DoS Attacks (cont.)
Methods of Prevention
SYN Cookies
Initially no buffer is created.
Client response is verified using a cookie.
Only then is the buffer created.
Resource-intensive.
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 13
DoS Attacks (cont.)
Methods of Prevention
RST (TCP reset) Cookies
Server sends a false SYN+ACK back
Server should receive an RST in reply
Client generated an RST packet telling the server that something
is wrong
Server now knows that the host is legitimate
Not compatible with Windows 95
DoS Attacks (cont.)
Methods of Prevention
RST (TCP reset) Cookies
Server sends a false SYN+ACK back
Server should receive an RST in reply
Client generated an RST packet telling the server that something
is wrong
Server now knows that the host is legitimate
Not compatible with Windows 95
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 14
DoS Attacks (cont.)
Methods of Prevention
Stack Tweaking
Complex method
Used only by very advanced network administrators
Alters TCP stack (for instance by
selectively dropping
incoming connections)
Makes attack difficult but not impossible
DoS Attacks (cont.)
Methods of Prevention
Stack Tweaking
Complex method
Used only by very advanced network administrators
Alters TCP stack (for instance by
selectively dropping
incoming connections)
Makes attack difficult but not impossible
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 15
DoS Attacks (cont.)
Smurf IP Attack
Hacker sends out ICMP broadcast with
spoofed source IP.
Intermediaries respond with replies.
ICMP echo replies flood victim.
The network performs a DDoS on itself.
DoS Attacks (cont.)
Smurf IP Attack
Hacker sends out ICMP broadcast with
spoofed source IP.
Intermediaries respond with replies.
ICMP echo replies flood victim.
The network performs a DDoS on itself.
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 16
DoS Attacks (cont.)
Protection against Smurf attacks
Guard against Trojans.
Have adequate AV software.
Utilize proxy servers.
Ensure routers don’t forward ICMP
broadcasts.
DoS Attacks (cont.)
Protection against Smurf attacks
Guard against Trojans.
Have adequate AV software.
Utilize proxy servers.
Ensure routers don’t forward ICMP
broadcasts.
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 17
DoS Attacks (cont.)
UDP Flood Attack
UDP is connectionless
Hacker sends UDP packets to a random port
Target system tries to determine what
application is waiting on the destination port
No application and target system generates an
ICMP packet “destination unreachable”
Sends the packet back to the forged source
address
DoS Attacks (cont.)
UDP Flood Attack
UDP is connectionless
Hacker sends UDP packets to a random port
Target system tries to determine what
application is waiting on the destination port
No application and target system generates an
ICMP packet “destination unreachable”
Sends the packet back to the forged source
address
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 18
DoS Attacks (cont.)
UDP Flood Attack (cont.)
If enough UDP packets are delivered to ports
on the target, the system will become
overloaded trying to determine awaiting
application (which do not exist) and generating
and sending packets back.
Causes system to tie up resources sending
back packets
DoS Attacks (cont.)
UDP Flood Attack (cont.)
If enough UDP packets are delivered to ports
on the target, the system will become
overloaded trying to determine awaiting
application (which do not exist) and generating
and sending packets back.
Causes system to tie up resources sending
back packets
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 19
DoS Attacks (cont.)
ICMP Flood Attack: two types
Floods – Broadcasts of pings
The idea is to send so much data to slow down the
target system that it slows down (disconnected from
the Internet, because of no sending replies fast
enough)
Nukes – Exploit known bugs in operating
systems (the attacker send a packet of information
that he knows the OS on the target system cannot
handle: In many cases it will cause the target system to
lock up completely)
DoS Attacks (cont.)
ICMP Flood Attack: two types
Floods – Broadcasts of pings
The idea is to send so much data to slow down the
target system that it slows down (disconnected from
the Internet, because of no sending replies fast
enough)
Nukes – Exploit known bugs in operating
systems (the attacker send a packet of information
that he knows the OS on the target system cannot
handle: In many cases it will cause the target system to
lock up completely)
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 20
DoS Attacks (cont.)
The Ping of Death (PoD)
Sending a single large packet.
TCP packet size is 65535 bytes
Lower layers (e.g. Ethernet) have lower packet
sizes:1500 bytes
Most operating systems today avoid this
vulnerability.
Still, keep system patched.
DoS Attacks (cont.)
The Ping of Death (PoD)
Sending a single large packet.
TCP packet size is 65535 bytes
Lower layers (e.g. Ethernet) have lower packet
sizes:1500 bytes
Most operating systems today avoid this
vulnerability.
Still, keep system patched.
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 21
DoS Attacks (cont.)
Teardrop Attack
Hacker sends a fragmented message
Victim system attempts to reconstruct
message
Causes system to halt or crash
DoS Attacks (cont.)
Teardrop Attack
Hacker sends a fragmented message
Victim system attempts to reconstruct
message
Causes system to halt or crash
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 22
DoS Attacks (cont.)
Land Attack
Simplest of all attacks
Hacker sends a forged packet with the same
source and destination IP (making the target
system sending messages to and from itself)
System “hangs” attempting to send and
receive message
DoS Attacks (cont.)
Land Attack
Simplest of all attacks
Hacker sends a forged packet with the same
source and destination IP (making the target
system sending messages to and from itself)
System “hangs” attempting to send and
receive message
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 23
DoS Attacks (cont.)
Echo/Chargen Attack
Echo service sends back whatever it receives
Chargen is a character generator.
Combined, huge amounts of data form an
endless loop.
Attacker
Victim 2Victim 1
Chargen
Echo
Spoofed
DoS Attacks (cont.)
Echo/Chargen Attack
Echo service sends back whatever it receives
Chargen is a character generator.
Combined, huge amounts of data form an
endless loop.
Attacker
Victim 2Victim 1
Chargen
Echo
Spoofed
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 24
Distributed Denial of Service
(DDoS)
Routers communicate on port 179
Hacker tricks routers into attacking target
Routers initiate flood of connections with
target
Target system becomes unreachable
Distributed Denial of Service
(DDoS)
Routers communicate on port 179
Hacker tricks routers into attacking target
Routers initiate flood of connections with
target
Target system becomes unreachable
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 25
Real-World Examples
MyDoom
Worked through e-mail
The virus/worm would repeatedly email itself to
everyone in the address book each time the e-mail was
opened and at preset time all infected machines would
begin coordinated attack on www.sco.com
Slammer
Spread without human intervention
Real-World Examples
MyDoom
Worked through e-mail
The virus/worm would repeatedly email itself to
everyone in the address book each time the e-mail was
opened and at preset time all infected machines would
begin coordinated attack on www.sco.com
Slammer
Spread without human intervention
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 26
How to Defend Against DoS Attacks
In addition to previously mentioned methods
Configure your firewall to
Filter out incoming ICMP packets.
Egress filter for ICMP packets.
Disallow any incoming traffic.
Use tools such as NetStat and others.
How to Defend Against DoS Attacks
In addition to previously mentioned methods
Configure your firewall to
Filter out incoming ICMP packets.
Egress filter for ICMP packets.
Disallow any incoming traffic.
Use tools such as NetStat and others.
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 27
How to Defend Against DoS Attacks
(cont.)
Disallow traffic not originating within the network.
Disable all IP broadcasts.
Filter for external and internal IP addresses.
Keep AV signatures updated.
Keep OS and software patches current.
Have an Acceptable Use Policy.
How to Defend Against DoS Attacks
(cont.)
Disallow traffic not originating within the network.
Disable all IP broadcasts.
Filter for external and internal IP addresses.
Keep AV signatures updated.
Keep OS and software patches current.
Have an Acceptable Use Policy.
© 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 28
Summary
DoS attacks are common.
DoS attacks are unsophisticated.
DoS attacks are devastating.
Your job is constant vigilance.
Summary
DoS attacks are common.
DoS attacks are unsophisticated.
DoS attacks are devastating.
Your job is constant vigilance.
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8
- Slides 28
- Age 276 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
51 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
49 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
39 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
38 views
21
Know for Certain
DaveSinNM
24 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
27 views