ddos mitigation collection
play

DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda - PowerPoint PPT Presentation

Nov 13, 2022 •185 likes •656 views

1 DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology of work DDoS tactics in-the-wild and how to improve Ready, set, FACEPALM! Q&A ~$ whoami 3 Moshe Zioni, Head of Research,

  1. 1 DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS

  2. Agenda 2  Intro  Methodology of work  DDoS tactics in-the-wild and how to improve  Ready, set, FACEPALM!  Q&A

  3. ~$ whoami 3  Moshe Zioni, Head of Research, Comsec  3 years (and counting) of designing & providing full-blown an on-demand DDoS attack service. 2 nd time at hack-in-paris, 1 st time as speaker (thanks!)   .///. END OF SHAMELESS PROMOTION SLIDE .///.

  4. Method 4

  5. DDoS for Everyone! 5

  6. Run-of-the-Mill DDoS attacks 6 nowadays  Rely heavily on bandwidth consumption  53% of attacks are < 2Gbps (SANS)  Most attacks does not require brains  Amplification and Reflection relies on 3 rd party domains (DNS, NTP etc.)

  7. Strike harder! (!=bigger) 7  There is more to a web site then a front-end (!!)  Overload the backend by making the system work for you  Keep it stealthy, they are looking for you  Generalized term for Amplification

  8. Generalized Amplification - “ 4 Pillars ” 8  Amplification factors  Network – The usual suspect  CPU – Very limited on some mediators and web application servers  Memory – Volatile, everything uses it  Storage – Can be filled up or exhausting I/O buffer

  9. Just before we start 9  NO SHAMING POLICY - Client identity will remain anonymous  Meet - “ SuperBank ”  10 common-practices and the appropriate bypass/attack

  10. Ready? 10 Set. FACEPALM!

  11. 11

  12. “ Limit the rate 12 of incoming packets ”

  13. 13  The bank has been hit by a DDoS attack that consumed ALL BANDWIDTH  To rectify the situation the ISP suggested limiting incoming packet rate to ensure availability

  14. Reflection to the rescue! 14 Send in 1Kb Consume according to file-length Consumption by reflection

  15. 15

  16. “ It ’ s OK now, 16 monitoring shows everything is back to normal ”

  17. 17  MegaCommonPractive now went on to buy a Anti-DDoS solution  A known Anti-DDoS cloud-based protection solution approached the client and offered a very solid looking solution including 24/7 third party monitoring

  18. 18 ACTUALLY TRY TO ACCESS THE WEB SITE!!!!

  19. 19

  20. “ Backend servers 20 are not important to protect against DDoS ”

  21. Mapping the backend for DDoS 21  Databases are very susceptible to DDoS attacks and provide good grounds for intra-amplification  How can we find DBs?  You can always guess, pentersters do that all the time …  Takes more time == talk more with BE !!! PROFIT!!!

  22. 22

  23. 23

  24. Really??!?! ALL OF THE DOMAINS?!? 24  What is the strategy of mitigation? Do you understand it?

  25. 25

  26. “ We don ’ t trust 26 the vendor, we don ’ t give them certificates ”

  27. Talk to me in layer 7 … 27  Defense have chosen not to monitor layer 7 – HTTPS attacks..  SSL re/negotiation  Full blown HTTPS GET/POST/ … no one can see you now

  28. 28

  29. “ We need Big 29 Data, collect all the logs ”

  30. Logs need to be handled 30  Storage Boom SILO NEEDED!  Result in a complete lock-down, including not be able to manage the overflowed device  It was the IPS, so no traffic allowed to anything

  31. 31

  32. “ We are under 32 attack – enforce the on-demand Scrubbing Service ”

  33. Learning mode – did you do it? 33  All is learned  Attack considered legitimate traffic

  34. 34

  35. “ So what CDN is 35 not dynamic? Let ’ s enable it ”

  36. NOT IN CACHE? ASK THE ORIGIN! 36

  37. 37

  38. 38

  39. How to find an ‘ invisible ’ origin? 39  Find other known subdomain -> translate to IP -> scan the /24 or /16 -> good chance it ’ s there.  AND … .. WHOIS never forgets  http://viewdns.info FTW!

  40. 40

  41. “ Block ‘ em!, now 41 them, now them, now them, now them, now them, now them, now them, now them, now them, now them, now them, now them, now them, now them, now them. “

  42. 42 Total IPs in FR: ~82 M

  43. 43 About 1,200 class B ranges

  44. Now think of a monkey 44 blocking every incoming alert. 10 MINUTES TO SELF INFLECTED DDOS

  45. Collected misconceptions 46  There is no magic pill or best cocktail mix of technologies/appliances/services, never was  DDoS is a subset of DoS, not the other way around  You can have all the toys and money in the world – you have to be prepared and have trained people in mitigation because of those reasons  If you won ’ t do that – you can be evaluated for this presentation in the future

  46. 47 Questions?

  47. 48 Thank you! Moshe Zioni zimoshe@gmail.com, @dalmoz_ corp:moshez@comsecglobal.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster synergy among stakeholders to promote advancement in DDoS defense knowledge. Independent academic R&amp;D division of Nexusguard building next

764 views • 44 slides
XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at Cloudflare London DDoS Mitigation Team Enjoy messing with networking and Linux kernel Agenda Cloudflare DDoS mitigation pipeline Iptables and

802 views • 65 slides
Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim to DDoS mitigation service SOS &quot;I am getting DoSd&quot; 2 DDoS Transport Choice SOS : Requirements Emergency signal.

247 views • 5 slides
Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to

Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to

Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to millions of users and thousands of companies around the globe. Powered by an ever-expanding global network dedicated to DDoS mitigation and multiple

576 views • 9 slides
Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation

Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation

Introduction: Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation Attacker signals slaves to launch an attack on a specific target address (victim). Slaves then respond by Comp290: Network

275 views • 9 slides
OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam

OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam

OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam Quanza Engineering C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation Introduction Distributed Denial of Service attacks Types of attacks Application

358 views • 18 slides
DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks DDoS Prevention Improving Performance Questions Glossary DDoS - Attempt to make a server or network resource unavailable to Internet

549 views • 30 slides
PennREN DDoS Mitigation Service Technical Overview Zach Bare Network Engineer Agenda Why

PennREN DDoS Mitigation Service Technical Overview Zach Bare Network Engineer Agenda Why

PennREN DDoS Mitigation Service Technical Overview Zach Bare Network Engineer Agenda Why use the DDoS Mitigation Service What the service does not do (currently) Understanding traffic flow PennREN member requirements Activating traffic

389 views • 18 slides
DDOS MITIGATION EXPERIENCE 01. About IP ServerOne Founded in 2003 About 52 Employees

DDOS MITIGATION EXPERIENCE 01. About IP ServerOne Founded in 2003 About 52 Employees

DDOS MITIGATION EXPERIENCE 01. About IP ServerOne Founded in 2003 About 52 Employees IP ServerOne Managing over 4500 physical servers Total 150 Racks in 5 data centers across Malaysia and Singapore Contributing 10% of

479 views • 35 slides
A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure

A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure

A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure Cristian Hesselman 1 , Jeroen van der Ham 2 , Roland van Rijswijk 3 , Jair Santanna 2 , Aiko Pras 2 1) SIDN Labs, 2) University of Twente, 3) SURFnet

463 views • 10 slides
.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS A)ack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos A)acks Few Qmes

150 views • 13 slides
Kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation Alexander Krizhanovsky Tempesta Technologies,

Kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation Alexander Krizhanovsky Tempesta Technologies,

Kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation Alexander Krizhanovsky Tempesta Technologies, Inc. ak@tempesta-tech.com Who am I? CEO &amp; CTO at Tempesta Technologies (Seattle, WA) Developing Tempesta FW open source Linux Application

740 views • 48 slides
Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizvry, Jan Vykopal AIMS

Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizvry, Jan Vykopal AIMS

Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizvry, Jan Vykopal AIMS 2014, Brno, July, 1st 2014 Current and Future Networking Traditional networking principles remain mostly unchanged over the past decades.

446 views • 18 slides
.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS Attack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos Attacks Few

606 views • 14 slides
DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,

DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,

NORDUnet Nordic Infrastructure for Research &amp; Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta, 27 November 2014 NORDUnet Basic Nordic infrastructure for Research &amp; Education

307 views • 16 slides
Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control

Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control

Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control Service Service for for DDoS DDoS Attack Attack Control Control Service for DDoS Attack Mitigation Mitigation Mitigation Bernhard Plattner,

474 views • 24 slides
Magnetic Fields in Evolving Spiral Galaxies and their Observation with the SKA Rainer Beck

Magnetic Fields in Evolving Spiral Galaxies and their Observation with the SKA Rainer Beck

Magnetic Fields in Evolving Spiral Galaxies and their Observation with the SKA Rainer Beck MPIfR Bonn Fundamental magnetic questions When and how were the first fields generated ? Did significant fields exist before galaxies formed ?

642 views • 47 slides
WARCIP: W : Write A Ampli lific ication Reduction b by C Clus ustering I I/O Pages Jing

WARCIP: W : Write A Ampli lific ication Reduction b by C Clus ustering I I/O Pages Jing

WARCIP: W : Write A Ampli lific ication Reduction b by C Clus ustering I I/O Pages Jing Yang , Shuyi Pei and Qing Yang Dept. of Electrical, Computer, and Biomedical Engineering, University of Rhode Island Kingston, RI, USA 02881 Shenzhen

398 views • 14 slides
Easiness Amplification and Circuit Lower Bounds Cody Murray MIT Ryan Williams MIT Motivation We

Easiness Amplification and Circuit Lower Bounds Cody Murray MIT Ryan Williams MIT Motivation We

Easiness Amplification and Circuit Lower Bounds Cody Murray MIT Ryan Williams MIT Motivation We want to show that . Problem: It is currently open even whether

222 views • 19 slides
System Resilience Amplify Failures, Detect, or Both? (A ROSS19 Invited Talk) Arnab Das, Ian

System Resilience Amplify Failures, Detect, or Both? (A ROSS19 Invited Talk) Arnab Das, Ian

System Resilience Amplify Failures, Detect, or Both? (A ROSS19 Invited Talk) Arnab Das, Ian Briggs, Mark Baranowski, Vishal Sharma Zvonimir Rakamaric, Sriram Krishnamoorthy, Ganesh Gopalakrishnan University of Utah, School of Computing

318 views • 30 slides
MEN ALSO LIKE SHOPPING REDUCING GENDER BIAS AMPLIFICATION USING CORPUS-LEVEL CONSTRAINTS Jieyu

MEN ALSO LIKE SHOPPING REDUCING GENDER BIAS AMPLIFICATION USING CORPUS-LEVEL CONSTRAINTS Jieyu

MEN ALSO LIKE SHOPPING REDUCING GENDER BIAS AMPLIFICATION USING CORPUS-LEVEL CONSTRAINTS Jieyu Zhao 1,3 , Tianlu Wang 1 , Mark Yatskar 2,4 , Vicente Ordonez 1 , Kai-Wei Chang 1,3 1 University of Virginia 2 University of Washington 3 UCLA 4 Allen

902 views • 58 slides
Modern Dataflow in Experimental Nuclear Science (and Tcl). Ron Fox, Giordano Cerizza Sean

Modern Dataflow in Experimental Nuclear Science (and Tcl). Ron Fox, Giordano Cerizza Sean

Modern Dataflow in Experimental Nuclear Science (and Tcl). Ron Fox, Giordano Cerizza Sean Liddick, Aaron Chester This material is based upon work supported by National Science Foundation. Talk Outline A bit about me and my Tcl history

859 views • 43 slides
Aggregate Demand and the Dynamics of Unemployment Edouard Schaal 1 Mathieu Taschereau-Dumouchel 2 1

Aggregate Demand and the Dynamics of Unemployment Edouard Schaal 1 Mathieu Taschereau-Dumouchel 2 1

Aggregate Demand and the Dynamics of Unemployment Edouard Schaal 1 Mathieu Taschereau-Dumouchel 2 1 New York University and CREI 2 The Wharton School of the University of Pennsylvania 1 / 34 Introduction Benchmark model of equilibrium

792 views • 63 slides
Shoaling of Solitary Waves by Harry Yeh &amp; Jeffrey Knowles School of Civil &amp; Construction

Shoaling of Solitary Waves by Harry Yeh &amp; Jeffrey Knowles School of Civil &amp; Construction

Shoaling of Solitary Waves by Harry Yeh &amp; Jeffrey Knowles School of Civil &amp; Construction Engineering Oregon State University Water Waves, ICERM, Brown U., April 2017 Motivation The 2011 Heisei Tsunami in Japan Bathymetry 200 m 1000

738 views • 60 slides

More recommend