- Distributed Denial of Service Attacks
Содержание
- 2. What Are DDoS Tools? Clog victim’s network. Use many sources (“daemons”) for attacking traffic. Use “master”
- 3. How They Work Victim Daemon Daemon Daemon Daemon Daemon Master Real Attacker
- 4. How They Talk Trinoo: attacker uses TCP; masters and daemons use UDP; password authentication. TFN: attacker
- 5. Deploying DDOS Attackers seem to use standard, well-known holes (i.e., rpc.ttdbserver, amd, rpc.cmsd, rpc.mountd, rpc.statd). They
- 6. Detecting DDOS Tools Most current IDS’s detect the current generation of tools. They work by looking
- 7. What are the Strong Defenses? There aren’t any…
- 8. What Can ISPs Do? Deploy source address anti-spoof filters (very important!). Turn off directed broadcasts. Develop
- 9. Traffic Volume Monitoring Look for too much traffic to a particular destination. Learn to look for
- 10. Can We Do Better Some Day? ICMP Traceback message. Enhance newer congestion control techniques, i.e., RED.
- 11. ICMP Traceback For a very few packets (about 1 in 20,000), each router will send the
- 12. Enhanced Congestion Control Define an attack as “too many packets drops on a particular access line”.
- 14. Скачать презентацию
What Are DDoS Tools?
Clog victim’s network.
Use many sources (“daemons”) for attacking
What Are DDoS Tools?
Clog victim’s network.
Use many sources (“daemons”) for attacking
How They Work
Victim
Daemon
Daemon
Daemon
Daemon
Daemon
Master
Real Attacker
How They Work
Victim
Daemon
Daemon
Daemon
Daemon
Daemon
Master
Real Attacker
How They Talk
Trinoo: attacker uses TCP; masters and daemons use UDP;
How They Talk
Trinoo: attacker uses TCP; masters and daemons use UDP;
Deploying DDOS
Attackers seem to use standard, well-known holes (i.e., rpc.ttdbserver, amd,
Deploying DDOS
Attackers seem to use standard, well-known holes (i.e., rpc.ttdbserver, amd,
Detecting DDOS Tools
Most current IDS’s detect the current generation of tools.
They
Detecting DDOS Tools
Most current IDS’s detect the current generation of tools.
They
What are the Strong Defenses?
There aren’t any…
What are the Strong Defenses?
There aren’t any…
What Can ISPs Do?
Deploy source address anti-spoof filters (very important!).
Turn off
What Can ISPs Do?
Deploy source address anti-spoof filters (very important!).
Turn off
Traffic Volume Monitoring
Look for too much traffic to a particular destination.
Learn
Traffic Volume Monitoring
Look for too much traffic to a particular destination.
Learn
Can We Do Better Some Day?
ICMP Traceback message.
Enhance newer congestion control
Can We Do Better Some Day?
ICMP Traceback message.
Enhance newer congestion control
ICMP Traceback
For a very few packets (about 1 in 20,000), each
ICMP Traceback
For a very few packets (about 1 in 20,000), each
Enhanced Congestion Control
Define an attack as “too many packets drops on
Enhanced Congestion Control
Define an attack as “too many packets drops on
Анализ оперативно-тактических действий пожарных подразделений Самарского пожарно-спасательного гарнизона
Przeznaczenie
Технологии скрепления книжных блоков
259_18
Презентація_Слісаренко (1)
Выдающийся польский поэт Ю.Тувим
Ас Дв
Знаешь ли ты Животный мир Кировской области?
Православные места центра Белгорода(По пути проспекта Славы)
Размораживание системы отопления в БУЗ ВО Острогожская РБ
Специалист по работе на маркетплейсах
Полевые транзисторы
Adena
Изгиб балки
Презентация моих иллюстраций
20180122_shipovnik_siren
Рекомендации заземления оборудования (примеры)
Киле Полокто Гаврилович
Великие ученые и деятели науки
Проектирование электрического освещения. Лекция №2
Metal forming
Особенности организации пространства в японском доме
20170903_temperament
Священномученик Серафим (Звездинский) о Божественной Литургии
Halloween. Слайды
Виды соединений
Общие тенденции в развитии и представлении о труде
Drone Hunt. Охота взлетает на новый уровень