8/8/2019 T chi dch v

1/30

BO CO BI TP LNAN TON THNG TIN

ti: Tm hiu tn cng t chi dch v

ng Vn Thnh

Nguyn S HipNguyn Vn Ngnon Hng MinhLu Th Thu Trang

Nhm 3:

8/8/2019 T chi dch v

2/30

Ni dung chnh:

Mt s trng hp tn cng

Gii thiu v DOS

Phn tch cc loi tn cng kiuDDOS

Phn loi tn cng kiu DDOS

Cc k thut Anti-DDOS

8/8/2019 T chi dch v

3/30

Cc cuc tn cng ln:

Ngy 7/3/2000, yahoo.com phi ngng phc vhng trm triu user trn ton th gii nhiu gi lin.

Vi ngy sau,cc nn nhn mi l hng tin CNN,amazon.com, buy.com, Zdnet.com, E-trade.com,Ebay.com.

t nht 26 trang web ca Hn Quc v M, bao gmwebsite Nh Trng, b hacker tn cng t chi dch vt ngy 4/7 ko di n ngy 10/7/2009.

8/8/2019 T chi dch v

4/30

Cc cuc tn cng ln:

Ti Vit Nam,Din n bo mt ln nht VitNam v hvaonline lin tc b tn cng vo ccngy 23/7/2003,30/7 n12/8/2003,1/6/2006.

23 gi ngy 28-11-2003, cc hacker nh spwebsite Tin tc Vit Nam v h cho rng c gianln trong cuc thi Tr tu Vit Nam. n 9 gisng 29-11, Website Tin tc Vit Nam (TTVN)mi tr li hot ng bnh thng.

8/8/2019 T chi dch v

5/30

Cc cuc tn cng ln:

V gn y nht l bo VietNamNet, t 3h sng22/11/2010, trang web ca t bo ny bhacker tn cng nn ton b h thng u khng

th truy cp c. n cui gi chiu 22-11, cbn h thng ca VietNamNet truy cp cbnh thng.

Cn rt nhiu g khng l khc gc ng di

cc cuc tn cng kiu DDOS na, trong c cMicrosoft.

8/8/2019 T chi dch v

6/30

Tn cng t chi dch v l g ?

Tn cng t chi dch v l cch tncng lm cho mt h thng no b quti khng th cung cp dch v, hoc phingng hot ng.Tn cng kiu ny ch lmgin on hot ng ca h thng ch rt tc kh nng thm nhp hay chim c

thng tin d liu ca n.

8/8/2019 T chi dch v

7/30

7

8/8/2019 T chi dch v

8/30

Tn cng t chi dch v

Ty theo phng thc thc hin m n cbit di nhiu tn gi khc nhau. Li dng s yukm ca giao thc TCP thc hin tn cng tchi dch v c in DOS (Denial of Service), sau l tn cng t chi dch v phn tn DDOS(Distributed Denial of Service) v mi nht l tn

cng t chi dch v theo phng php phn xDRDoS (Distributed Reflection Denial of Service).

8/8/2019 T chi dch v

9/30

Tn cng t chi dch v

DOS(denial of service) l kiu tn cng utin v n gin nht.

Cc kiu tn cng thuc phng thc ny rt

a dng:SYN Attack : c xem l mt trong nhng

kiu tn cng DOS kinh in nht. Lidng s h ca th tc TCP khi bt tay ba

chiu,mi khi client mun thc hin ktni vi server th n thc hin vic bttay ba ln thng qua cc gi tin tncng

8/8/2019 T chi dch v

10/30

M hnh tn cng SYN Attack :

8/8/2019 T chi dch v

11/30

Tn cng t chi dch v

Flood Attack:

Mt kiu tn cng DoS na cng rt hayc dng v tnh n gin ca n v v c rtnhiu cng c sn c h tr c lc cho k tncng l Flood Attack, ch yu thng qua ccwebsite.

8/8/2019 T chi dch v

12/30

Tn cng t chi dch v

DDOS(distribute denial of service):Xut hinvo ma thu 1999, so vi tn cng DOS c in, scmnh ca DDOS cao hn gp nhiu ln. Hu ht cccuc tn cng DDOS nhm vo vic chim dng bngthng gy nghn mch h thng dn n h thng

ngng hot ng.

8/8/2019 T chi dch v

13/30

M phng 1 cuc tn cng kiu DDOS

8/8/2019 T chi dch v

14/30

Tn cng t chi dch v

Distributed Reflection Denial ofService:

Xut hin vo u nm 2002, l kiu tn cng mi nht,mnh nht trong h DOS. Nu c thc hin bi k tn cng c

tay ngh th n c th h gc bt c h thng no trn th gii trongpht chc.

Mc tiu chnh ca DRDoS l chim ot ton b bngthng ca my ch, tc l lm tc nghn hon ton ng kt ni tmy ch vo xng sng ca Internet v tiu hao ti nguyn my

ch. Trong sut qu trnh my ch b tn cng bng DrDoS, khngmt my khch no c th kt ni c vo my ch . Tt c ccdch v chy trn nn TCP/IP nh DNS, HTTP, FTP, POP3, ... ub v hiu ha.

8/8/2019 T chi dch v

15/30

8/8/2019 T chi dch v

16/30

Phn tch cc loi tn cng kiu DDOS

Cc giai on ca mt cuc tn cng kiu DDOS

Giai on chun b:

Chun b cng c quan trng ca cuc tn cng,cng c ny thng thng hot ng theo mhnh client-server

K tip, dng cc k thut hack khc nm trnquyn mt s host trn mng. tin hnh ci tcc software cn thit trn cc host ny

8/8/2019 T chi dch v

17/30

Phn tch cc loi tn cng kiu DDOS

Giai on xc nh mc tiu v thi im:

- Sau khi xc nh mc tiu ln cui, hacker s c hotng iu chnh attack-network chuyn hng tn

cng v pha mc tiu.

- Yu t thi im s quyt nh mc thit hi vtc p ng ca mc tiu i vi cuc tn cng.

8/8/2019 T chi dch v

18/30

Phn tch cc loi tn cng kiu DDOS

Pht ng tn cng v xa du vt

ng thi im nh, hacker pht ng tncng t my ca mnh, lnh tn cng ny c th i qua

nhiu cp mi n host thc s tn cng. Ton battack-network (c th ln n hng ngn my), s vtcn nng lc ca server mc tiu lin tc, ngn chnkhng cho n hot ng nh thit k.

Sau mt khong thi gian tn cng thch hp,hacker tin hnh xa mi du vt c th truy ngcn mnh

8/8/2019 T chi dch v

19/30

Phn tch cc loi tn cng kiu DDOS

Kin trc tng quan ca DDOS attack-network:

Nhn chung DDOS attack-network c haim hnh chnh:

M hnh Agent Handler

M hnh IRC Based

8/8/2019 T chi dch v

20/30

Phn tch cc loi tn cng kiu DDOS

M hnh Agent Handler:

Theo m hnh ny, attack-networkgm 3 thnh phn: Agent, Client v Handler

Client : l software c s hacker iukhin mi hot ng ca attack-network

Handler : l mt thnh phn software trunggian gia Agent v Client

Agent : l thnh phn software thc hin stn cng mc tiu, nhn iu khin t Clientthng qua cc Handler

8/8/2019 T chi dch v

21/30

Phn tch cc loi tn cng kiu DDOS

Kin trc attack-network kiu Agent Handler

8/8/2019 T chi dch v

22/30

Phn tch cc loi tn cng kiu DDOS

M hnh IRC Based:Kin trc ca IRC network bao gm nhiu IRC server

trn khp internet, giao tip vi nhau trn nhiu channel.IRC network cho php user to ba loi channel: public,private v serect.

Public channel: Cho php user ca channel thy IRCname v nhn c message ca mi user khc trn cngchannel

Private channel: c thit k giao tip vi cc i tngcho php. Khng cho php cc user khng cng channelthy IRC name v message trn channel. Tuy nhin, nuuser ngoi channel dng mt s lnh channel locator th cth bit c s tn ti ca private channel .

Secrect channel : tng t private channel nhng khng thxc nh bng channel locator.

8/8/2019 T chi dch v

23/30

Phn tch cc loi tn cng kiu DDOS

8/8/2019 T chi dch v

24/30

Phn loi tn cng DDOS

Da trn mc ch tn cng phn lm 2 loi chnhsau:

Tn cng lm cn kit bng thng ca h thng

Tn cng lm cn kit ti nguyn h thng.

8/8/2019 T chi dch v

25/30

Tn cng lm cn kit bng thng ca

mng (BandWith Depletion Attack)

BandWith Depletion Attack c thit knhm lm trng ngp mng mc tiu vi nhngtraffic khng cn thit, vi mc ch lm gim ti

thiu kh nng ca cc traffic hp l n c hthng cung cp dch v ca mc tiu.

C hai loi BandWith Depletion Attack:

Flood attackAmplification attack

8/8/2019 T chi dch v

26/30

Tn cng lm cn kit ti nguyn: (Resource

Deleption Attack)

Theo nh ngha: Resource Deleption Attackl kiu tn cng trong Attacker gi nhng

packet dng cc protocol sai chc nng thitk, hay gi nhng packet vi dng lm ttnghn ti nguyn mng lm cho cc tinguyn ny khng phc v user thng thngkhc c.

8/8/2019 T chi dch v

27/30

8/8/2019 T chi dch v

28/30

Nhn t con ngi trong Anti- DDOS

Cc yu im:

1.Thiu trch nhim vi cng ng:

Con ngi thng thng ch quan tm u t tin bc

v cng sc cho h thng thng tin ca chnh mnh. DDOSkhai thc im ny rt mnh phng thc gi mo a chv Broadcast amplification.

IP spoofing: mt cch thc n gin nhng rt hiuqu c tn dng ti a trong cc cuc tn cng DDOS

Broadcast Amplification: tng t IP spoofing, nli dng ton b mt subnet flood nn nhn. V vy, vicgim st v qun l cht ch kh nng broadcast ca mtsubnet l rt cn thit. Qun tr mng phi cu hnh ton bh thng khng nhn v forward broadcast packet.

8/8/2019 T chi dch v

29/30

Nhn t con ngi trong Anti- DDOS

2.S im lng:

Hu ht cc t chc u khng c phn nghay im lng khi h thng ca mnh b li dng tncng hay b tn cng.

3.Tm nhn hn hp

8/8/2019 T chi dch v

30/30

CM N CC BN

CH LNG NGHE