Content

Basic concepts and terminology related to Denial Of Service.

Network based DOS:

ICMP flood,
TCP SYN Spoof
Reflection and amplification
DDOS

Non-network based DOS:

decompression bombs
loops
bugs.

The live lecture will consist of two parts. In the first part you will be divided in groups and you will discuss about one problem and few questions (from previous exams) related to Denial of Services. At the end of the first part someone can present a solution and we will discuss about alternatives. In the second part we will answer questions regarding DOS.

Please, watch the videos and try to solve the previous-exam exercise before the live lecture.

Previous exam problem and questions

Describe a DOS attack (including the mechanism used by the attacker, the resources of the victim that are exhausted and possible countermeasures) that does not require to exhaust network resources of the victim.
Usually, an attacker that performs a TCP-SYN spoof attack also uses IP spoofing. Why?

True/False questions:

Ingress filtering consists of the router closest to the victim dropping all packets coming from spoofed IPs
A DOS can be performed by exploiting bugs of a remote program and crafting a specific input that leads the victim program to fail.
In a TCP/IP SYN spoof attack, the attacker primarily exhausts the network bandwidth of the victim.

Lab Exercise

Exercise: Denial of Service

Reading

Anderson Chapter 21 in Anderson (2008).

Slides

Slides

Additional resources

recursive zip file r.zip

Videos

DOS via SW bugs