CSCI6268L25 - Foundations of Network and Computer Security...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #25 Oct 30 th 2009 CSCI 6268/TLEN 5550, Fall 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
SYN Floods A TCP-based method Normal TCP handshake starts with SYN from client Causes server to make an entry in the “SYN queue” and use up some time SYNs are very small, so attacker sends a ton of them A SYN at the server is called a “half-open connection” These eventually time out, but it takes a while
Background image of page 2
First Attempted Remedy: Filtering Victim can try and filter out the IP source address of the attacker This has to be done upstream or the victim’s connection bandwidth is saturated If ISP is willing to install a filter on the appropriate source address, this works But attacker can spoof source IP Attacker is not completing any TCP association, and wants to leave connections half-open This is almost always done
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Reflection Attacks (aka “Smurfing”) Technique for amplifying traffic Often works behind firewalls as well Instead of flooding victim V with SYNs, we send SYNs to hosts H 1 , H 2 , …, H n and spoof the source address as V (Here n is large… say, 1000 or more) Hosts send SYN/ACK to V V is very confused and reacts in various ways If hosts are behind firewall, it appears as though attack is coming from local machines Hosts are usually not overwhelmed, so they don’t feel the attack
Background image of page 4
DDoS: Distributed DoS Now, multiple attackers
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
DDoS Most famous attack was in Feb 2000 against Amazon, Yahoo, eBay, and other major e-commerce sites Estimated losses of $1.2 billion US Easy for almost anyone to launch Most of these, by the way, are hackers attacking other hackers
Background image of page 6
Recruiting “Zombies” A “Zombie” is a computer which has been captured by the attacker Typically by a virus or by just using some vulnerability Each infiltrated computer receives a hidden program from the “Zombie Master” The Zombie Master keeps a list of which computers he has control over When the time comes, he instructs all of his Zombies to simultaneously attack the victim computer
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Case Study: The Gibson Story Who is Steve Gibson? Owns Gibson Research Corp (grc) Old time programmer Self-proclaimed security expert Writes tools in assembly (!) Has taken on Microsoft for raw sockets in XP More on this later Some don’t like him (www.grcsucks.com)
Background image of page 8
Please read this article; it’s on our web page. It’s kind of wordy, but fun and informative reading.
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 31

CSCI6268L25 - Foundations of Network and Computer Security...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online