Содержание
- 2. What Are DDoS Tools? Clog victim’s network. Use many sources (“daemons”) for attacking traffic. Use “master”
- 3. How They Work Victim Daemon Daemon Daemon Daemon Daemon Master Real Attacker
- 4. How They Talk Trinoo: attacker uses TCP; masters and daemons use UDP; password authentication. TFN: attacker
- 5. Deploying DDOS Attackers seem to use standard, well-known holes (i.e., rpc.ttdbserver, amd, rpc.cmsd, rpc.mountd, rpc.statd). They
- 6. Detecting DDOS Tools Most current IDS’s detect the current generation of tools. They work by looking
- 7. What are the Strong Defenses? There aren’t any…
- 8. What Can ISPs Do? Deploy source address anti-spoof filters (very important!). Turn off directed broadcasts. Develop
- 9. Traffic Volume Monitoring Look for too much traffic to a particular destination. Learn to look for
- 10. Can We Do Better Some Day? ICMP Traceback message. Enhance newer congestion control techniques, i.e., RED.
- 11. ICMP Traceback For a very few packets (about 1 in 20,000), each router will send the
- 12. Enhanced Congestion Control Define an attack as “too many packets drops on a particular access line”.
- 14. Скачать презентацию