Unformatted text preview:

Foundations of Computer SecurityLecture 72: Availability IIDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 72: 1 Availability IIBlocking Flooding AttacksA filter or packet sniffer can detect patterns of identifiers in therequest stream and block messages in that pattern. Ingressfiltering means sniffing incoming packets and discarding those withsource IP addresses outside a given range (e.g., those known to bereachable via that interface).It is a very hard problem to be able to discriminate patterns ofattack from patterns of standard usage.An overly aggressive filter also gives a type of denial of service bydiscarding too many legitimate requests.Lecture 72: 2 Availability IIProtection from DoS AttacksA good firewall can help by filtering out illegal requests. However,a typical DoS flooding attack may comprise only legal requests.An intrusion detection system (IDS) can analyze traffic patternsand react to anomalous patterns. However, often there is nothingapparently wrong but the volume of requests. An IDS reacts afterthe attack has begun.An intrusion prevention system (IPS) attempts to preventintrusions by more aggressively blocking attempted attacks. Thisassumes that the attacking traffic can be identified.IDS/IPS are useful for confidentiality and integrity attacks, notjust DoS attacks.Lecture 72: 3 Availability IIPotential DDoS SolutionsA DDos attack comes when an attacker takes over a number ofnodes in a network and uses them as bots to launch a coordinatedproducer attack. How might you counter them?1over-provisioning the network—have too many servers to beoverwhelmed (expensive and unworkable);2filtering attack packets—somehow distinguish the attackpackets from regular packets (may not be possible);3slow down processing—disadvantages all requestors, butperhaps disproportionately disadvantages attackers;4“Speak-up” solution (Mike Walfish)—request additionaltraffic from all requestors.Walfish’s solution assumes that the attacker’s bots are alreadymaxed out. So this solution raises the proportion of valid to invalidrequests.Lecture 72: 4 Availability IILessonsAvailability attacks are difficult to counter because it is veryhard to distinguish legitimate from illegitimate traffic.Various solutions attempt to block incoming traffic or todetect anomolous activity.Next lecture: Intrusion DetectionLecture 72: 5 Availability


View Full Document

UT CS 361 - Lecture 72- Availability II

Documents in this Course
Load more
Download Lecture 72- Availability II
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture 72- Availability II and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 72- Availability II 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?