![Page 1: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/1.jpg)
CSCI-UA.9480Introduction to Computer Security
Session 2.2
Denial of Service
Prof. Nadim Kobeissi
![Page 2: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/2.jpg)
Defining Denial of Service
2CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
2.2a
![Page 3: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/3.jpg)
What is a Denial of Service attack?
An attack “where the perpetrator seeks to make
a machine or network resource unavailable to
its intended users by temporarily or indefinitely
disrupting services of a host connected to the
Internet.”
3CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 4: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/4.jpg)
What is a Denial of Service attack?
Some resource is being starved by an
adversary:
⚫ Network overload?
⚫ CPU overload?
⚫ Memory overload?
4CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 5: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/5.jpg)
What is a Denial of Service attack?
Some resource is being starved by an
adversary:
⚫ Network overload: send too many packets.
⚫ CPU/memory overload: force the server to
carry out too many password stretching
instances.
⚫ Application overload: send too many
database/API requests.
5CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 6: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/6.jpg)
Examples of Denial of Service vectors.
UDP flood: unlike TCP, UDP has no flow control
built in.
⚫ Fork bombs: :(){ :|: & };:
⚫ SYN flood: Initiate several TCP connections but
never complete (ACK) them.
⚫ LAND attack: Craft a TCP packet where the
source and destination IP addresses are both
equal to the victim’s IP.
⚫ Malformed packets: exploit parsing errors.
6CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 7: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/7.jpg)
Test your knowledge!
7CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Can you figure out why the following Bash
command would be a “fork bomb”?
:(){ :|: & };:
![Page 8: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/8.jpg)
Test your knowledge!
8CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
Can you figure out why the following Bash
command would be a “fork bomb”?
:(){ :|: & };:Define a function called “:” Run “:”, pipe output to “:” executed in
the background.Run “;” for the first time.
![Page 9: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/9.jpg)
DDoS: Distributed Denial of Service.
Example: Mirai botnet (600,000+ victims):
⚫ Caused serious damage to many leading
hosting providers (e.g. OVH, Dyn...)
⚫ Among the highest ever recorded throughput
for DoS attacks.
9CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 10: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/10.jpg)
DDoS: Distributed Denial of Service.
Example: Mirai botnet (600,000+ victims):
⚫ Caused serious damage to many leading
hosting providers (e.g. OVH, Dyn...)
⚫ Among the highest ever recorded throughput
for DoS attacks.
10CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 11: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/11.jpg)
DDoS: Distributed Denial of Service.
Example: Mirai botnet (600,000+ victims):
⚫ Caused serious damage to many leading
hosting providers (e.g. OVH, Dyn...)
⚫ Among the highest ever recorded throughput
for DoS attacks.
11CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 12: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/12.jpg)
DDoS: Distributed Denial of Service.
Example: Mirai botnet (600,000+ victims):
⚫ Caused serious damage to many leading
hosting providers (e.g. OVH, Dyn...)
⚫ Among the highest ever recorded throughput
for DoS attacks.
12CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 13: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/13.jpg)
DDoS: Mirai botnet device composition.
13CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 14: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/14.jpg)
DDoS: Mirai botnet device composition.
14CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 15: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/15.jpg)
DDoS: Mirai botnet victims.
15CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 16: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/16.jpg)
Examples of other botnets.
⚫ Srizbi botnet: responsible for most of the
spam in the world at some point.
⚫ Carna botnet: used for estimating the size of
the Internet.
16CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 17: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/17.jpg)
Another example: “Project Chanology”
Instead of a slide, at this point in the class we will watch this short
documentary on Project Chanology:
https://www.youtube.com/watch?v=vRb6L7SCSro
17CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 18: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/18.jpg)
Mitigating Denial of
Service Attacks
18CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
2.2b
![Page 19: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/19.jpg)
Basic defenses against Denial of Service.
Firewalls, switches, and routers at ingress points of
a network that use packet filtering.
⚫ Build models of normal and abnormal behavior
and flag abnormal behavior.
⚫ Intrusion detection systems that look for attack
signatures or abnormally high rates of traffic or
both.
⚫ CAPTCHAs to ensure that a human and not a
bot is carrying out the request.
19CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 20: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/20.jpg)
Basic defenses against Denial of Service.
CAPTCHAs to ensure that a human and not a
bot is carrying out the request.
⚫ Proof of work: request hashes, etc.
20CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 21: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/21.jpg)
Content Delivery Networks: CloudFlare.
21CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 22: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/22.jpg)
Content Delivery Networks (CDNs).
Akamai, CloudFlare, Amazon CloudFront,
Microsoft Azure…
⚫ Concerns regarding centralizing of Internet
traffic (i.e. man-in-the-middle capabilities).
⚫ Questions w.r.t. freedom of expression
online:
22CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
![Page 23: CSCI-UA.9480 Introduction to Computer Security · ⚫ Srizbi botnet: responsible for most of the spam in the world at some point. ⚫ Carna botnet: used for estimating the size of](https://reader034.vdocuments.net/reader034/viewer/2022042515/5f4f08b3ec270a77940dd8b0/html5/thumbnails/23.jpg)
Next time:Designing
Secure Network Systems
23CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi
2.3