It’s the morning after the night before, except its not as I’m now editing this a few days later; nothing to do with the hangover or lack of sleep following this years BSides Manchester. Following the huge fun I had at BSides London earlier in the year, I was keen not to miss BSides Manchester again. I was also keen to contribute that little bit extra too, and what else is better than doing a rookie talk. Hah – if only it was that easy.
Just over a month ago I was sitting comparing different topics on which to base my rookie talk. The answer was pretty obvious actually, the same topic I’d spent the last 7 months working on as part of my final year project/dissertation for my final year of studying – Distributed Denial of Service (DDoS).
Not knowing the audience hugely, and not wanting to bombard them with loads of technical jibber jabber; I decided on doing a high level DDoS overview, presenting some of the results of the research I had performed as part of my project.
The talk firstly looks at what DDoS attacks are; essentially a form of cyber attack against the availability of a service or resource. DDoS attacks are growing; no matter where you look you’ll see evidence of this, hence I include some charts highlighting the some of the popular attacks, with some news articles glorifying the assorted attacks on the many different targets. But as I wanted to get across in the talk, huge noisy and loud volumetric attacks are just one category, and these should be feared too.
Three categories of attack exist:
• Volumetric – Bandwidth based (ICMP Flood/Smurf/UDP Flood) • Protocol – Protocol misuse (SYN Flood/Sockstress/HTTP Flood) • Application – Application protocol misuse (Slowloris/R-U-Dead-Yet)
In the talk I discuss each of the different attack categories, explaining how they are technically performed, and show examples of the tools that can be used to perform these attacks. I also explain how some of the attacks have evolved and have been improved, allowing for them to be more effective.
Following this I wanted to provide a little background behind the motives of DDoS attacks. I found some fantastic data when performing the research for my project from the Arbor Network Worldwide Infrastructure Security Report (WSIR) 2014, which details some of the motives experienced by the participants of their yearly survey. Interestingly, it’s worth mentioning that you are statistically more likely to be the target of an attacker demonstrating the capability of a DDoS attack, rather than an attacker performing an attack for financial benefit. (Per the report)
Finally, I discuss some of the preventative measures that can be employed, and try to highlight that traditional network defences will not suffice. Following the research conducted in my project, a “defence in depth” approach is required to defend against each of the different attack categories and that understanding an attack can go a long way in helping to defend against it.
If you have any feedback regarding my talk, or any comments/questions please let me know on twitter - @MattWhatkins
For a copy of the slides, visit: http://www.slideshare.net/MattWatkins5/who-uses-loic-these-days-anyway