1 / 13

Adversarial challenges in Web Based Services

Adversarial challenges in Web Based Services. Denial of Service Sharmistha Roy. What is Denial of Service?. Attempts to make a Web resources unavailable to legitimate users Attacks flooding a network , creating congestion and blocking Disrupting connections between two machines

livi
Télécharger la présentation

Adversarial challenges in Web Based Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Adversarial challenges in Web Based Services Denial of Service Sharmistha Roy

  2. What is Denial of Service? • Attempts to make a Web resources unavailable to legitimate users • Attacks flooding a network , creating congestion and blocking • Disrupting connections between two machines Why are such attacks launched? • Purpose is often to knock web services off • Hacker may need to masquerade as a server or workstation and needs to remove that machine from the network

  3. A typical Website configuration Vulnerable points • The Router • The Firewall • The Load Balancer • The Webserver • The Backend Database servers

  4. Other Vulnerabilities…. • Part of system attacked—A malicious packet could disrupt functioning of CPU or network card or can overload ethernet link, based on limitation of hardware • OS or TCP/IP stack—Definite limitations of protocol can be exploited to launch attacks, example SYN attacks. • Bugs or overload—Bugs in a system make it open to attack but they can be fixed, fundamental limitations of protocols require system wide changes which are difficult to implement. • Example of Cisco 7xxx routers where a long password would lead to buffer overflow attscks

  5. DdoS Attacks • Attacker uses client • tools that controls • handlers which in • turn launch daemons. • Client tools like scan- • ners help in identifying • vulnerabilities • A script is runon a set • of vulnerable machines. • From this set of comp- • romised machines DdoS • handlers and daemons • Are created. • This script production is • automated so that it can • be produced in more • systems to compromise many • systems in short span of time

  6. Defenses against DoS and DdoS General Requirements of Defense framework: • The framework has to be general since attacks can be over multiple platforms. • Security holes should not be exploitable by DoS attacks. Instead fault tolerance and confidentiality should be built in so that an attack can be foiled.

  7. Case study of a classic DoS attack The attack on GRC.com in Jan11 2004 flooded the two T-1 trunks connecting the Verio aggregate router to the GRC internal router. Valid webservice requests were not able to reach the webserver after competing with bogus packets, so the webserver was knocked off

  8. Analysis of the DoS attack case • Most of the SYN/ACK packets had BGP address 179, and other port no.s like 23(telnet), 22(ssh), 53(dns) and 80(http).. • This showed that attacker had spoofed IP address of GRC.com and used that to bounce off several webservers , towards GRC.com • The fanning effect of malicious packets leaving the attacker m/c, reflecting from several webservers towards GRC.com flooded the network and took it off air for several hours.

  9. A comprehensive solution for a Website • Use Linux kernel 2.6 as base for all systems as backlog queue for system is 128 entries and TCP SYN cookies is enabled. • Linux Virtual Server as Load Balancer for max. performance and protection against overload • IP tables firewall—Filter incoming packets against security rules.

  10. A comprehensive solution for a Website(contd..) • Class based Queuing and Traffic Monitor— • Queues of packets are formed, each queue assigned a priority and bandwidth. • Overload conditions are detected by the Traffic Monitor and packets from a source with more load are relegated to queue of lower priority.

  11. Evaluation of Performance Tests • Webserver was attacked by 8 hosts • Attack was done by TCP SYN floods --Handled by Linux SYN cookies/backlog queue • HTTP overloading and ICMP flooding --Handled by Class Based Queuing/Traffic Monitoring

  12. References • Frank Kargl, Joern Maier, Michael Weber; Protecting web servers from Distributed Denial of Service Attacks, Proceedings of the 10th international conference on World Wide Web WWW '01 , Publisher:ACM Press • Wang, B.-T.; Schulzrinne, H.; Analysis of Denial-of-Service Attacks on Denial-of-Service Defensive Measures Global Telecommunications conference 2003,GLOBECOM ’03, IEEE, Volume 3, 1-5 Dec. 2003 Page(s):1339 - 1343 vol.3

  13. Thank You!

More Related