2.22.dos - Denial-of-Service (DoS) CS 161 - Computer...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Denial-of-Service (DoS) CS 161 - Computer Security TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ Feb 22, 2010
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Announcements • Section 108 (Tu 2-3PM, TA: Joel) is being moved from 70 Evans to 122 Barrows for the next three weeks – Will go back to 70 Evans on March 16
Background image of page 2
The Threat of Denial-of-Service • Denial-of-Service ( DoS , or “ doss ”): keeping someone from using a computing service • Two basic approaches available to an attacker: – Deny service based on a program flaw • E.g., supply an input that crashes a server – Deny service based on resource exhaustion • E.g., consume CPU, memory, disk, network • How broad is this sort of threat? Very : huge attack surface • We do though need to consider our threat model – What might motivate a DoS attack?
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Motivations for DoS • Showing off / entertainment / ego • Competitive advantage – Maybe commercial, maybe just to win • Vendetta / denial-of-money • Extortion • Political statements • Impair defenses • Warfare
Background image of page 4
DoS Defense in General Terms • Defending resources from exhaustion can be really hard. Requires: Isolation mechanisms Reliable identification of different users • Need to beware of asymmetries , where attackers can consume victim resources with little comparable effort – Makes DoS easier to launch • One dangerous form of asymmetry: amplification – Attacker leverages system’s structure to pump up the load they induce on a resource
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
How could you DoS a multi-user Unix system on which you have a login? # rm -rf / • (if you have root - but then just “halt” works well!) char buf[1024]; int f = open("/tmp/junk"); while (1) write(f, buf, sizeof(buf)); • Gobble up all the disk space! while (1) fork();
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 29

2.22.dos - Denial-of-Service (DoS) CS 161 - Computer...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online