a proactive and collaborative ddos mitigation strategy
play

A proactive and collaborative DDoS mitigation strategy for the Dutch - PowerPoint PPT Presentation

Aug 25, 2023 •354 likes •463 views

A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure Cristian Hesselman 1 , Jeroen van der Ham 2 , Roland van Rijswijk 3 , Jair Santanna 2 , Aiko Pras 2 1) SIDN Labs, 2) University of Twente, 3) SURFnet

  1. A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure Cristian Hesselman 1 , Jeroen van der Ham 2 , Roland van Rijswijk 3 , Jair Santanna 2 , Aiko Pras 2 1) SIDN Labs, 2) University of Twente, 3) SURFnet ccNSO Members Day #2 | ICANN62, Panama City | Jun 27, 2018

  2. DDoS attacks (on the DNS) D1 D2 DNS server HN1 D3 ISP3 HN2 D4 swarm of globally distributed ISP1 compromised IoT devices ISP4 D5 HN3 D6 D7 ISP2 D9 HN4 Booter Control commands D8 DDoS flow HN = Home Network Other targets: OVH (hosting D = IoT device provider), Krebs On Security (website), Deutsche Telecom (ISP) https:/ / en.wikipedia.org/ wiki/ 2016_Dyn_cyberattack https:/ / www.zdnet.com/ article/ mirai-botnet-attack-briefly-knocked-an-entire-country-offline/

  3. DDoS trends • Volume at 1+ Tbps, likely going up (Dyn @ 1.2 Tbps, GitHub @ 1.3 Tbps) • Many widely distributed DDoS sources (Mirai: 600K, bots all over the world) • IoT bots mutating and spreading quickly (Mirai: 75-minute doubling time) • Easier to launch through booters/ stressers (Mirai) • Combination of direct and reflection attacks (Mirai) • DNS increasingly a high-profile target (DNS root 2015, Dyn 2016)

  4. The Netherlands • DDoS attacks on Dutch critical infrastructure operators (Jan 2018) • Estimated 40 Gbps attacks resulted in service outages at several operators • Reactive and individual DDoS mitigation strategy • (Commercial) DDoS protection services per critical service provider • Person-to-person incident response communications during attacks

  5. A proactive and collaborative strategy • Improve information position of Dutch critical service providers by continually and autom atically sharing fingerprints of actual and potential DDoS sources • Widens view of critical service providers, enabling them to proactively prepare for attacks that have not hit them yet • Information provisioning layer that extends existing DDoS protection services that Dutch critical service providers use and does not replace them • Improve attribution of perpetrators and booter operators, allowing for better prosecution and increased deterrent effects • Onboard all critical providers in NL (Internet, financial, energy, water, etc.)

  6. DDoS radar (IoT example) DPS1 IoT-powered Create fingerprint(A) DDoS attack A (rerouted to DPS1) Share fingerprint(A) CSP1 • IoT honeypots • Booter locators DDoS DDoS sensors radar Public Other Internet fingerprints CSP4 CSP3 Globally distributed CSP2 Use fingerprint(A) “swarm” of • DNS anycast adaptation compromised IoT • Update traffic filters devices • Adapt rules for DPS invocation DPS4 DPS3 DPS2 CSP = Critical Service Provider (e.g., a bank, ISP, or a registry) DPS = DDoS Protection Service (e.g., Nawas or commercial such as Arbor)

  7. Fingerprint • Summary of DDoS traffic • Domain names used • Source IP addresses • Protocol • Packet length • Created from traffic capture files like PCAPs • Victim IP addresses not part of fingerprint • Challenge: creation at high speed (10s of Gbps)

  8. Status and next steps • DDoS radar embraced by broad coalition of 25 players from industry (ISPs, xSPs, IXPs, banks, not-for-profit DPS) and gov’t (ministries and agencies) • Dutch Continuity Board (DCB) acts as springboard, supported by Dutch National Cyber Security Center (NCSC-NL) • Develop DDoS radar based on existing components, such as • DDoS-DB of the University of Twente (ddosdb.org) • NaWas’ DDoS pattern recognition system (ddos-patterns.net) • Working groups: (1) clearing house, (2) cross-industry information sharing, (3) outreach, (4) ground rules and incident response, and (5) exercises

  9. Longer-term • Pilot part of an EU cybersecurity research project (under review) + development of a blueprint “business plan” to sustainably run (national) DDoS radars • Envisioned growth path: (1) Netherlands  Europe  global and (2) extend to “non-critical” service providers

  10. Q&A Cristian Hesselm an Head of SIDN Labs +31 6 25 07 87 33 cristian.hesselman@sidn.nl @hesselma Blog: https:/ / www.sidnlabs.nl/ a/ news/ a-proactive-and- collaborative-ddos-mitigation-strategy-for-the-dutch-critical- infrastructure?language_id=2

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster synergy among stakeholders to promote advancement in DDoS defense knowledge. Independent academic R&D division of Nexusguard building next

764 views • 44 slides
XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at Cloudflare London DDoS Mitigation Team Enjoy messing with networking and Linux kernel Agenda Cloudflare DDoS mitigation pipeline Iptables and

802 views • 65 slides
DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology

DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology

1 DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology of work DDoS tactics in-the-wild and how to improve Ready, set, FACEPALM! Q&A ~$ whoami 3 Moshe Zioni, Head of Research,

656 views • 47 slides
Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim to DDoS mitigation service SOS "I am getting DoSd" 2 DDoS Transport Choice SOS : Requirements Emergency signal.

247 views • 5 slides
Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to

Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to

Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to millions of users and thousands of companies around the globe. Powered by an ever-expanding global network dedicated to DDoS mitigation and multiple

576 views • 9 slides
Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation

Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation

Introduction: Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation Attacker signals slaves to launch an attack on a specific target address (victim). Slaves then respond by Comp290: Network

275 views • 9 slides
OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam

OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam

OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam Quanza Engineering C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation Introduction Distributed Denial of Service attacks Types of attacks Application

358 views • 18 slides
DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks DDoS Prevention Improving Performance Questions Glossary DDoS - Attempt to make a server or network resource unavailable to Internet

549 views • 30 slides
PennREN DDoS Mitigation Service Technical Overview Zach Bare Network Engineer Agenda Why

PennREN DDoS Mitigation Service Technical Overview Zach Bare Network Engineer Agenda Why

PennREN DDoS Mitigation Service Technical Overview Zach Bare Network Engineer Agenda Why use the DDoS Mitigation Service What the service does not do (currently) Understanding traffic flow PennREN member requirements Activating traffic

389 views • 18 slides
DDOS MITIGATION EXPERIENCE 01. About IP ServerOne Founded in 2003 About 52 Employees

DDOS MITIGATION EXPERIENCE 01. About IP ServerOne Founded in 2003 About 52 Employees

DDOS MITIGATION EXPERIENCE 01. About IP ServerOne Founded in 2003 About 52 Employees IP ServerOne Managing over 4500 physical servers Total 150 Racks in 5 data centers across Malaysia and Singapore Contributing 10% of

479 views • 35 slides
COLOSSAL DDoS ATTACKS ARE THE NEW REALITY Defeating DDoS Needs a Precision Strategy Your Secure

COLOSSAL DDoS ATTACKS ARE THE NEW REALITY Defeating DDoS Needs a Precision Strategy Your Secure

COLOSSAL DDoS ATTACKS ARE THE NEW REALITY Defeating DDoS Needs a Precision Strategy Your Secure Application Services CONFIDENTIAL | DO NOT DISTRIBUTE Company 1. CONFIDENTIAL | DO NOT DISTRIBUTE Attack Tools over Time - Evolved Binary

385 views • 12 slides
Exploiting Network Structure for Proactive Spam Mitigation Shobha Venkataraman, Subhabrata Sen,

Exploiting Network Structure for Proactive Spam Mitigation Shobha Venkataraman, Subhabrata Sen,

Exploiting Network Structure for Proactive Spam Mitigation Shobha Venkataraman, Subhabrata Sen, Oliver Spatscheck, Patrick Haffner, Dawn Song Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks Bryan Parno, Dan Wendlandt,

774 views • 40 slides
.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS A)ack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos A)acks Few Qmes

150 views • 13 slides
Kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation Alexander Krizhanovsky Tempesta Technologies,

Kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation Alexander Krizhanovsky Tempesta Technologies,

Kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation Alexander Krizhanovsky Tempesta Technologies, Inc. ak@tempesta-tech.com Who am I? CEO & CTO at Tempesta Technologies (Seattle, WA) Developing Tempesta FW open source Linux Application

740 views • 48 slides
Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizvry, Jan Vykopal AIMS

Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizvry, Jan Vykopal AIMS

Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizvry, Jan Vykopal AIMS 2014, Brno, July, 1st 2014 Current and Future Networking Traditional networking principles remain mostly unchanged over the past decades.

446 views • 18 slides
.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS Attack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos Attacks Few

606 views • 14 slides
Completing the Form 912 Package Presentation for SBA Lenders SBA Form 1919 When is it necessary

Completing the Form 912 Package Presentation for SBA Lenders SBA Form 1919 When is it necessary

Completing the Form 912 Package Presentation for SBA Lenders SBA Form 1919 When is it necessary to complete the Form 912 package? When is it necessary for a lender to submit the 912 package to the SBA? When is it appropriate for a

161 views • 15 slides
Ea Early Warning Zones Pr Prof. Raul Sanchez-Re Reillo (o (on behalf alf of f Dr. Peter Wa

Ea Early Warning Zones Pr Prof. Raul Sanchez-Re Reillo (o (on behalf alf of f Dr. Peter Wa

Ea Early Warning Zones Pr Prof. Raul Sanchez-Re Reillo (o (on behalf alf of f Dr. Peter Wa Waggett) 1 EARLY WARNING ZONES (3RD ERNCIP WORKSHOP) 22/11/2019 Gr Group O up Obj bjec ectiv ives es To Define Challenges Faced by

205 views • 16 slides
How to Evaluate Accuracy of Biometric Systems Peter Vojtek peter.vojtek@innovatrics.com Intro

How to Evaluate Accuracy of Biometric Systems Peter Vojtek peter.vojtek@innovatrics.com Intro

How to Evaluate Accuracy of Biometric Systems Peter Vojtek peter.vojtek@innovatrics.com Intro PeWe member 2006 - 2010 Innovatrics fingerprint-based biometrics SDKs large-scale fingerprint matching (AFIS)

567 views • 25 slides
Recognition System BY MEET HARIA UNDER THE GUIDANCE OF PROF. VIKRAM M. GADRE Touchless

Recognition System BY MEET HARIA UNDER THE GUIDANCE OF PROF. VIKRAM M. GADRE Touchless

Touchless Fingerprint Recognition System BY MEET HARIA UNDER THE GUIDANCE OF PROF. VIKRAM M. GADRE Touchless Fingerprint Recognition System Fingerprint Recogntion 1. Pre-processing 2. Feature Extraction (Minutiae Extraction) 3. Matching

545 views • 31 slides
2 5 / 0 6 / 2 0 1 4 Ana Herrera de la Casa European Com m ission Directorate-General HOME

2 5 / 0 6 / 2 0 1 4 Ana Herrera de la Casa European Com m ission Directorate-General HOME

Regional Sem inar on MRTDs and Traveller I dentification Managem ent Madrid, Spain, 2 5 to 2 7 June 2 0 1 4 Sm artBorders EES & RTP 2 5 / 0 6 / 2 0 1 4 Ana Herrera de la Casa European Com m ission Directorate-General HOME Unit C3

447 views • 18 slides
Zwipe Making Convenience Secure EIC Conference Oslo, 5 June 2019 Andr Lvestam, CEO This is

Zwipe Making Convenience Secure EIC Conference Oslo, 5 June 2019 Andr Lvestam, CEO This is

Zwipe Making Convenience Secure EIC Conference Oslo, 5 June 2019 Andr Lvestam, CEO This is how it works - everywhere Dubliner Pub, Oslo 10 October 2018 2 Zwipe is on a mission: Making Convenience Secure Launched worlds first

346 views • 10 slides
SurroundSense: Mobile Phone Localization via Ambience Fingerprinting and Romit Roy

SurroundSense: Mobile Phone Localization via Ambience Fingerprinting and Romit Roy

Based on a paper: SurroundSense: Mobile Phone Localization via Ambience Fingerprinting and Romit Roy Choudhurys presentation: http://people.ee.duke.edu/~romit/courses/s10/mat erial/surroundsense.ppt Takes advantage of phones

613 views • 39 slides
SAFE HARBOR STATEMENT This presentation may contain projections or other forward-looking

SAFE HARBOR STATEMENT This presentation may contain projections or other forward-looking

SAFE HARBOR STATEMENT This presentation may contain projections or other forward-looking statements within the meaning Section 27A of the Private Securities Litigation Reform Act. Words such as anticipate, believe, estimate,

626 views • 36 slides

More recommend