Chapter 9 Phase 3 Denial-of-Service Attacks.ppt

Chapter 9 Phase 3: Denial-of-Service Attacks Fig 9.1 Denial-of-Service attack categories Stopping Local Services Process killing (eg. inetd, httpd, named, sendmail) System reconfiguration (eg. Stop file sharing) Process crashing (eg. Stack-based buffer overflow) Logic bomb Defenses against Locally Stopping Services Keep systems patched Principle of Least Privilege applied to user accounts Run integrity-checking programs (eg.Tripwire) Locally Exhausting Resources Filling up the process table Achieved by forking recursively Prevents other users from running new processes Filling up the file system By continuously writing lots of data to file system Prevents other users from writing to files May causing system to crash Sending outbound traffic that fills up the network link By running a program that constantly sends bogus network traffic Consumes cpu cycles and network bandwidth Defenses against Locally Exhausting Resources Apply Principle of Least Privileges when creating and maintaining user accounts Run system monitoring tools Eg. Big Brother Remotely Stopping Services via Malformed Packet DOS Attacks Land attack Sends a spoofed packet to target where source IP and port numbers are same as target IP and port numbers, causing network services of vulnerable target to die Latierra attack Sends multiple Land attack packets to multiple ports Ping of Death Sends an oversized ( 65 kB) ping packet which causes network TCP/IP stack of vulnerable machines to stop working. Jolt2 attack Sends continuous stream of packet fragments, none of which have a fragment offset of zero. Target machine’s CPU cycle spent on packet reassembly Remotely Stopping Services via Malformed Packet DOS Attacks(cont.) Teardrop, Newtear, Bonk, Syndrop Sends overlapping IP packet fragments, causing TCP/IP stacks of vulnerable machines to crash Winnuke Sends garbage data to an open file sharing port (TCP port 139) on a Windows machine, causing the vulnerable machine to crash since data d