Well talk about what denial of service attacks are

This preview shows page 277 - 278 out of 283 pages.

So in this lesson, we will talk about Denial of service attacks and defenses. We'll talk about what denial of service attacks are and various defenses. We'll talk about how to infer denial of service activity, and we'll talk about how to secure networks against denial of service attacks using Software Defined Networking.
Image of page 277

Subscribe to view the full document.

So what is denial of service? Denial of service is simply an attack that attempts to exhaust various resources. One resource that a Denial of Service attack might exhaust is network bandwidth. Another is TCP connections. For example, a host might only have a limited number of TCP connections that it can open to various clients, or the Denial of Service attack might attempt to exhaust various server resources. For example, this victim might be a web server running complicated scripts to render web pages, and if the web server suddenly becomes the target of a bunch of bogus requests, the server may spend a lot of resources rendering pages for requests that are not legitimate. Before 2000, these Denial of Service attacks were typically single source. After 2000, with the rise of internet worms as we saw in an earlier lesson, these attacks could become distributed, effectively being launched from many attackers. Let's talk about three different types of defenses against denial of service attacks. First we have something called ingress filtering. Then we have something called URPF, or reverse path filtering checks. And then in the case of an attack on TCP connection resources, we can use something called TCP syn cookies to defend against Denial of Service. Let's suppose that we have a stub autonomous system whose IP prefix was Now this is a stub network that has no other networks connected to it and this is the only IP address space that this network owns. Then, the router that is immediately upstream of that internet service provider can simply drop all traffic for which the source IP address is not in the IP address range of that particular network. So this is foolproof and it works at the edges of the internet where it's very easy to determine the IP address range that's owned by a downstream stub autonomous system. Unfortunately it doesn't work well in the core, where a particular router might have a lot of difficulty determining whether packets from a particular source IP address could be allowed on a particular incoming interface. So the solution that operators try to use in the core is to use the routing tables to determine whether a packet could feasibly arrive on a particular incoming interface. So if a router had a routing table that said all packets for 10. 0.1.0/24, should be sent via interface one, and all packets destined for should be sent via interface two, then URPF says if we see a packet for/with a particular source IP address on an incoming interface that is different than where we would have sent the packet in the reverse direction, then we should go ahead and drop this packet. So the benefits of URPF is that it's automatic, but the
Image of page 278
You've reached the end of this preview.
  • Fall '08
  • Staff
  • IP address, Transmission Control Protocol

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern