1
play

1 Connect | Communicate | Collaborate Distributed Denial of Service - PDF document

May 12, 2023 •88 likes •237 views

1 Connect | Communicate | Collaborate Distributed Denial of Service (DDoS) Effects, Mitigations & Future Tony Barber Nov 2013 TF-NOC Wayne Routly, DANTE GEANT APM, Vienna 8 October, 2013 Agenda Effects Real World Examples Mitigations

  1. 1 Connect | Communicate | Collaborate

  2. Distributed Denial of Service (DDoS) Effects, Mitigations & Future Tony Barber Nov 2013 TF-NOC Wayne Routly, DANTE GEANT APM, Vienna 8 October, 2013

  3. Agenda Effects Real World Examples Mitigations What Are We Doing Today What Are We Doing Tomorrow Future Plans Your Ideas – Lesson Learned 3 Connect | Communicate | Collaborate

  4. DDoS For DUMMIES DDoS Attack “Attackers” - Multiple Infected Machines Target Single Machine Inbound Traffic Floods Victim Problems Potentially Thousands Sources “Difficult” to stop Attack Difficult to distinguish legitimate traffic 4 Connect | Communicate | Collaborate

  5. Effects – CYNET DDoS Destination IP: The University of Cyprus (www.ucy.ac.cy) Port Ranges: 0, 2070 and 3475 Multiple Source IP’s and source AS’s . Multiple Actions Taken Attack peak: Over 13Gbps over 1Gbps link 5 Connect | Communicate | Collaborate

  6. Effects – CYNET DDoS [2] Destination AS 3268 Traffic Date first seen Dst IP Addr Flows (%) Packets (%) Bytes (%) 2013-09-02 04:58 194.42.1.1 124919(97.2) 440.6 M(99.2) 517.4 G(99.5) 2013-09-02 04:59 82.116.202.17 129( 0.1) 143000( 0.0) 154.3 M( 0.0) 2013-09-02 05:00 194.42.22.9 128( 0.1) 244000( 0.1) 12.3 M( 0.0) 2013-09-02 04:59 194.42.1.50 114( 0.1) 57000( 0.0) 10.5 M( 0.0) 2013-09-02 04:59 82.116.192.118 90( 0.1) 239500( 0.1) 311.4 M( 0.1) 2013-09-02 04:59 194.42.1.55 81( 0.1) 40500( 0.0) 8.7 M( 0.0) Destination ports for 194.42.1.1 Date first seen Dst Port Flows (%) Packets (%) Bytes (%) 2013-09-02 04:58 2070 47268(37.8) 144.2 M(32.7) 182.4 G(35.3) 2013-09-02 04:58 0 46315(37.1) 260.0 M(59.0) 295.4 G(57.1) 2013-09-02 04:58 3475 29714(23.8) 31.3 M( 7.1) 39.2 G( 7.6) 2013-09-02 04:58 771 1348( 1.1) 4.3 M( 1.0) 243.6 M( 0.0) 2013-09-02 04:58 769 145( 0.1) 516000( 0.1) 29.0 M( 0.0) 2013-09-02 04:58 2816 55( 0.0) 199500( 0.0) 16.7 M( 0.0) 2013-09-02 04:58 1024 30( 0.0) 114500( 0.0) 6.4 M( 0.0) 6 Connect | Communicate | Collaborate

  7. Effects – GRNET DDoS DNS Amplification Attack • Destination IP: GRNET • Port Ranges: 53 (DNS) • Multiple Source IP’s and source AS’s. • Multiple Actions Taken • Attack peak: 20G over 20G link Date first seen Dst IP Addr Flows (%) Packets (%) Bytes (%) 2013-03-13 09:34 194.177.211.102 35531( 7.8) 36.1 M(11.3) 53.5 G(11.9) 2013-03-13 09:34 194.177.211.100 34632( 7.6) 35.6 M(11.1) 52.6 G(11.7) 2013-03-13 09:33 194.177.211.101 34469( 7.6) 35.3 M(11.1) 52.2 G(11.6) 2013-03-13 09:33 194.63.239.233 49621(11.0) 31.8 M(10.0) 44.3 G( 9.9) 2013-03-13 09:33 194.63.239.234 48220(10.6) 27.1 M( 8.5) 36.7 G( 8.2) 2013-03-13 09:33 194.63.239.237 39278( 8.7) 26.1 M( 8.2) 36.5 G( 8.1) 7 Connect | Communicate | Collaborate

  8. Mitigations – TODAY NSHaRP Process NRENS Subscribed Anomaly Detection Notification of Events – Email , Evidence – Trouble Ticket Remediation – DANCERT / GEANT NOC Filter (Block) Rate Limit 8 Connect | Communicate | Collaborate

  9. Mitigations – TOMORROW Firewall on Demand FoD is a security provisioning service …… inject firewall-like rules at the upstream level and mitigate attacks there…using BGP FlowSpec Incorporate into NSHaRP Service Enhanced Customer Capabilities • Complete Incident Lifecycle • Time Frame Phase 1 – End 2013 • • GEANT Athens Router Phase 2 – Early 2014 • • All GEANT Routers • API 9 Connect | Communicate | Collaborate

  10. Future – FoD Implementation NSHaRP Customer or GN NOC logs into LEVEL3 web tool and describes flows and actions Flow destination is validated against the customer’s IP space Dedicated router is configured to advertise the route via BGP flowspec GEANT NREN A iBGP propagates the tuples to all GEANT routers. Dynamic firewall filters are implemented on all routers NREN B Attack is mitigated (dropped, rated-limited) FoD upon entrance End of attack: Removal via the tool, or auto-expire Customer Credit: Andreas Polyrakis, GRNET 10 Connect | Communicate | Collaborate

  11. Future – FoD Drivers …… better tools to mitigate transitory attacks and anomalies “ Better ” in terms of Granularity : Per-flow level – Source/Dest IP/Ports, protocol type, DSCP, TCP flag…… Action : – Drop, rate-limit, redirect Speed : More responsive – (Seconds / Minutes vs. Hours / Days) Efficiency : – Closer to the source, Multi Domain Automation : – Integration with other systems (IDS/IPS) Manageability Credit: Andreas Polyrakis, GRNET 11 Connect | Communicate | Collaborate

  12. Your Ideas, Your Thoughts Experience is the best teacher . . . 12 Connect | Communicate | Collaborate

  13. Thank you! Connect | Communicate | Collaborate www.geant.net www.twitter.com/GEANTnews | www.facebook.com/GEANTnetwork | www.youtube.com/GEANTtv 13 Connect | Communicate | Collaborate

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Exploring DDoS Defense Mechanisms Patrick Holl Seminar Future Internet SS14-WS14/15 Lehrstuhl

Exploring DDoS Defense Mechanisms Patrick Holl Seminar Future Internet SS14-WS14/15 Lehrstuhl

Lehrstuhl Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen Exploring DDoS Defense Mechanisms Patrick Holl Seminar Future Internet SS14-WS14/15 Lehrstuhl Netzarchitekturen und Netzdienste Fakultt

622 views • 29 slides
Distributed Denial of Service Attacks and Coutntermeasures CSE598K/CSE545 - Advanced Network

Distributed Denial of Service Attacks and Coutntermeasures CSE598K/CSE545 - Advanced Network

740 views • 26 slides
and Real-Time Detection Schemes Zhuozhao Li*, University of Chicago Tanmoy Sen and Haiying Shen,

and Real-Time Detection Schemes Zhuozhao Li*, University of Chicago Tanmoy Sen and Haiying Shen,

Impact of Memory DoS Attacks on Cloud Applications and Real-Time Detection Schemes Zhuozhao Li*, University of Chicago Tanmoy Sen and Haiying Shen, University of Virginia Mooi Choo Chuah, Lehigh University *Work done when Zhuozhao Li was at the

898 views • 24 slides
Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS

Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS

Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS attacks CS 239 Some examples Security for Networks and Proposed prevention methods System Software May 15, 2002 Lecture 12 Lecture 12

421 views • 9 slides
Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini Nagar 1 CONTENTS Security Characterizing Security General Scenario Tactics for Security A Design Checklist for Security Summary 2 01

487 views • 25 slides
A Brief History of the World 1 CEN-5079: 11.April.2019 Network Security Lecture 10 2

A Brief History of the World 1 CEN-5079: 11.April.2019 Network Security Lecture 10 2

A Brief History of the World 1 CEN-5079: 11.April.2019 Network Security Lecture 10 2 CEN-5079: 11.April.2019 Why and Who Attack Networks ? Challenge : Hackers Money : Espionage Money : Organized Crime Ideology :

728 views • 57 slides
Network Security: Network Flooding Seungwon Shin, KAIST Most slides from Dr. Dan Boneh and

Network Security: Network Flooding Seungwon Shin, KAIST Most slides from Dr. Dan Boneh and

Network Security: Network Flooding Seungwon Shin, KAIST Most slides from Dr. Dan Boneh and Darren Anstee What is a Denial of Service Attack? Goal take out a large site with little computing work Network Bandwidth Computing Power Processor

694 views • 31 slides
Availability Policies Chapter 7 Computer Security: Art and Science , 2 nd Edition Version 1.1

Availability Policies Chapter 7 Computer Security: Art and Science , 2 nd Edition Version 1.1

Availability Policies Chapter 7 Computer Security: Art and Science , 2 nd Edition Version 1.1 Slide 7-1 Outline Goals Deadlock Denial of service Constraint-based model State-based model Networks and flooding

971 views • 63 slides
Denial of Service Denial of Service An attack designed to disrupt or completely deny

Denial of Service Denial of Service An attack designed to disrupt or completely deny

1 Denial of Service Denial of Service An attack designed to disrupt or completely deny legitimate users access to network, servers, services, or other resources Two basic favors: Target resource starvation Network

430 views • 19 slides
INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is security? Why is it so hard to achieve? Administrative The security mindset Analyzing a systems security 1. Summarize the system 2.

801 views • 43 slides
DDoS Last Class Fault tolerance Concurrency Naming This Class Networking How

DDoS Last Class Fault tolerance Concurrency Naming This Class Networking How

DDoS Last Class Fault tolerance Concurrency Naming This Class Networking How DDoS works UDP Data Client Server Response TCP DDoS Distributed denial-of-service attack Attacker targets a victim from a number of

356 views • 22 slides
Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service

Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service

Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service How to mitigate attacks How to find out senders What is Denial of Service

542 views • 8 slides
Introduction to Computer Security Session 2.2 Denial of Service Prof. Nadim Kobeissi 2.2a

Introduction to Computer Security Session 2.2 Denial of Service Prof. Nadim Kobeissi 2.2a

CSCI-UA.9480 Introduction to Computer Security Session 2.2 Denial of Service Prof. Nadim Kobeissi 2.2a Defining Denial of Service 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi What is a Denial of Service attack? An

920 views • 23 slides
Mitigating IoT Device Based DDoS Attacks Using Blockchain Uzair Javaid, Ang Kiang Siang, Muhammad

Mitigating IoT Device Based DDoS Attacks Using Blockchain Uzair Javaid, Ang Kiang Siang, Muhammad

Mitigating IoT Device Based DDoS Attacks Using Blockchain Uzair Javaid, Ang Kiang Siang, Muhammad Naveed Aman, Biplab Sikdar by Uzair Javaid National University of Singapore, Singapore Cryblock , MobiSys 18, Munich, Germany Dated: June 15,

404 views • 15 slides
Class Freeware, Open Source, and Free Software There is a difference, who knew? Not otes

Class Freeware, Open Source, and Free Software There is a difference, who knew? Not otes

Class Freeware, Open Source, and Free Software There is a difference, who knew? Not otes Homework graded Im SORRY Homework 4&5: no homework this week Midterms How was it? Honestly Random, mostly unrelated

438 views • 24 slides
Citizenship in EU Closer connection to classical origins; not so (obviously) dependent on

Citizenship in EU Closer connection to classical origins; not so (obviously) dependent on

Citizenship in EU Closer connection to classical origins; not so (obviously) dependent on modern state More self-confident discourse from European institutions (especially since Maastricht -1992 and formal introduction of legal

562 views • 12 slides
T E X Live Utility Presented by : Adam R. Maxwell TUG 2014 Annual Meeting Portland, OR

T E X Live Utility Presented by : Adam R. Maxwell TUG 2014 Annual Meeting Portland, OR

T E X Live Utility Presented by : Adam R. Maxwell TUG 2014 Annual Meeting Portland, OR Outline History Goals of the software Features and description Problems Future development Architecture History

460 views • 24 slides
emigration Hilary Term 2015 Week 1 - An introduction Evelyn Ersanilli Sarah Garding 03

emigration Hilary Term 2015 Week 1 - An introduction Evelyn Ersanilli Sarah Garding 03

Citizenship in the context of immigration and emigration Hilary Term 2015 Week 1 - An introduction Evelyn Ersanilli Sarah Garding 03 January 2016 Speaker name 1 Defining citizenship .. a comprehensive account must distinguish between at

918 views • 9 slides
1.1 Why Trade Matters ECON 324 International Trade Fall 2020 Ryan Safner Assistant

1.1 Why Trade Matters ECON 324 International Trade Fall 2020 Ryan Safner Assistant

1.1 Why Trade Matters ECON 324 International Trade Fall 2020 Ryan Safner Assistant Professor of Economics safner@hood.edu ryansafner/tradeF20 tradeF20.classes.ryansafner.com Outline Why Trade Matters About This Course

656 views • 41 slides
Ontological Categories Roberto Poli Ontologys three main components Fundamental categories

Ontological Categories Roberto Poli Ontologys three main components Fundamental categories

Ontological Categories Roberto Poli Ontologys three main components Fundamental categories Levels of Structure of reality individuality (Include Special categories) Categorial Groups Three main groups of categories Those that

834 views • 27 slides
Optical Links Ba Babak Abi DAQ FD D "D "Des esig ign" " Wor orkshop 2

Optical Links Ba Babak Abi DAQ FD D "D "Des esig ign" " Wor orkshop 2

Networking 7.2.6 Optical Links Ba Babak Abi DAQ FD D "D "Des esig ign" " Wor orkshop 2 26 Ja Jan 2018 Outline: Data link Components and suggestion for current standard Costs per link and Gb/s Rough

373 views • 11 slides
Optical Networks Manya Ghobadi ghobadi@csail.mit.edu Some slides are borrowed from: Richard A.

Optical Networks Manya Ghobadi ghobadi@csail.mit.edu Some slides are borrowed from: Richard A.

Optical Networks Manya Ghobadi ghobadi@csail.mit.edu Some slides are borrowed from: Richard A. Steenbergen [NANOG17] Danyang Zhuo [SIGCOMM17] Mark Filer [OFC17] Why should we care about optics? The Internet is largely based around

903 views • 67 slides
OptFlow: A Flow-based Abstraction for Programmable Topologies Klaus-Tycho Foerster Long Luo

OptFlow: A Flow-based Abstraction for Programmable Topologies Klaus-Tycho Foerster Long Luo

OptFlow: A Flow-based Abstraction for Programmable Topologies Klaus-Tycho Foerster Long Luo Manya Ghobadi Computer Science and Artificial Faculty of Computer Science University of Electronic Science University of Vienna and Technology of

894 views • 33 slides
Core Network Connects MAN networks together Requires high bandwidth technologies with long

Core Network Connects MAN networks together Requires high bandwidth technologies with long

Lic.(Tech.) Marko Luoma (1/37) Lic.(Tech.) Marko Luoma (2/37) Core Network Connects MAN networks together Requires high bandwidth technologies with long range passive operation Transmission speed and distance without repeaters tend

613 views • 10 slides

More recommend