The secrets of DDoS attacks

Adam Siemion
 Contents
● Introduction (what is DoS and Ddos ?)
● Threats
● Timeline
● Solutions
 DoS
● Denial of Serivce (DoS) attack – an incident
that disables a victim from receiving or
providing normal service.
● Relies on consuming limited or non-
renewable system resources.
● Can be launched by using system design
weaknesses, CPU intensive tasks or
flooding.
 DDoS
● Distributed Denial of Service does not
depend on system or protocol weaknesses.
● Uses the computing power of thousands of
vulnerable, unpatched machines to
overwhelm a target or a victim.
● Compromised hosts are gathered to send
useless service requests at the same time.
● The burst of generated traffic crashes the
victim or disables it.
 Threats
● Hard to detect and stop.
● Can spread within a few minutes.
● Usually period of flooding lasts for a few
hours and is sporadic.
● IP spoofing makes it harder to identify
attackers.
 DdoS timeline
● Febuary 2000 – DdoS attack caused
shutdown of Yahoo, Amazon, eBay for few
hours.
● May 2001 – worm Code Red was supposed
to attack whitehouse web page.
● October 2002 – DdoS attack againts DNS
servers.
● August 2003 – worm Blaster attacks
Microsoft web page.
● January 2004 – virus MyDoom has infected 1
mln of computers, which attack SCO web
page.
 Loses
● In 2000 the entire Yahoo network was down
for three hours causing loses around
$500,000.
 Solutions to DDoS
● Attack prevention and preemption
– Regular patching and security updates.
– Prevent hosts from becoming masters/agents.
● Attack source traceback
– Identify source of the attack and block it.
– Cannot always trace packet origins.
● Attack detection and filtering
– Identify attack packets.
– Drop suspect packets.
– While filtering dropping of useful packets should
be minimum.