Overview of DoS and DDoS Attacks in Cybersecurity
This content provides an in-depth overview of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks in cybersecurity. It covers the types of attacks, including volumetric, reflected, and stealthy, along with detailed explanations and examples. Additionally, it discusses how DoS attacks can impact servers and devices, as well as common techniques used by attackers to disrupt services and overwhelm targets.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Cybersecurity (Security+) and P4 Programmable Switches Overview Cybersecurity Labs Ali AlSabeh, Jorge Crichigno University of South Carolina http://ce.sc.edu/cyberinfra Western Academy Support and Training Center (WASTC) University of South Carolina (USC) Energy Sciences Network (ESnet) June 20th, 2023 1
Denial of Service (DoS) and Distributed DoS (DDoS) Attacks 2
Denial of Service Attack (DoS) A Denial of Service (DoS) attack aims to render a server or a device unavailable to legitimate users by interrupting the device s normal services1 A Distributed DoS (DDoS) is a type of DoS that originates from multiple distributed sources (e.g., botnet DDoS attack), thus, amplifying the effect of DoS Packet volume of the largest network volumetric events observed by AWS in Q1 2020. [Figure taken from AWS Shield Report. https://tinyurl.com/yd3ehx47] Largest known DDoS attacks in Google Cloud between 2010 and 202. [Figure taken from Google Cloud blogs. https://tinyurl.com/bdzuupb6] 1Cloudflare, What is a denial-of-service (DoS) attack? , [Online]. Available: https://www.cloudflare.com/learning/ddos/glossary/denial-of-service/ 3
Types of DoS Attacks DoS attacks can be classified as volumetric, reflected, and stealthy DoS attacks Volumetric DoS attacks flood the target machine with traffic, depriving legitimate users from downloading the target s resources DoS attacks can be performed at various levels of the protocol stack (e.g., TCP, UDP) SYN requests Attacker Attacker UDP packets to random ports SYN - ACK Victim Waiting for ACK SYN request Victim host is unavailable Victim Normal host ICMP error packets of destination unreachable TCP SYN flood attack UDP flood attack 4
Types of DoS Attacks Reflected DoS attacks (amplification attacks) make use of a third-party component to send the attack traffic to a victim, ultimately hiding the attacker s own identity In a reflected DoS attack The attacker spoofs the source IP address of the target victim machine The reflector sends response packets that overwhelm the victim Smurf reflected DoS attack uses ICMP echo requests and public servers to overwhelm a target victim Attacker ICMP echo requests with the victims IP address Public servers . . . Public servers send ICMP replies to the spoofed host Victim Smurf reflected DDoS attack 5
Types of DoS Attacks Stealthy DoS attack (slow DoS) use low bandwidth rates when targeting a victim SlowLoris attack establishes many connections to a target server and holds them as long as possible SlowLoris sporadically sends partial requests to keep the session active User 1 Attacker Incomplete HTTP requests Normal HTTP request/ response connection User 2 Victim Normal connection: complete HTTP request/response connections SlowLoris attack: incomplete HTTP requests 6
DoS Mitigation DoS mitigation refers to the process of successfully protecting a targeted server or network from a DoS attack Traditional DoS mitigation strategies include purchasing and maintaining expensive equipment Modern infrastructure rely on cloud providers to provide DoS mitigation services1 ... Rate limiting Cloud protection Attacker Router/FW Victim Attacker Victim Cloud-based DoS protection Rate limiting against DoS attacks 1Cloudflare, What is DDoS mitigation? , [Online]. Available: https://www.cloudflare.com/learning/ddos/ddos-mitigation/ 7
DoS Mitigation Additionally, operating systems provide some level against DoS attacks In Linux, the following techniques are implemented: Reverse path filtering: prevents IP spoofing associated with DoS attacks SYN cookie: prevents against SYN flood attacks Session s caching: allows for rapid recent TCP sessions to Client Server Routing table SYN requests Encode client information into cookie 10.0.0.0/24 ... Fa0/0 SYN ACK With cookie No state of the client is kept in memory Router ACK with cookie If cookie is verified: State of the client is established 8
