ddos mitigation experience 01 about ip serverone
play

DDOS MITIGATION EXPERIENCE 01. About IP ServerOne Founded in 2003 - PowerPoint PPT Presentation

Feb 07, 2023 •125 likes •479 views

DDOS MITIGATION EXPERIENCE 01. About IP ServerOne Founded in 2003 About 52 Employees IP ServerOne Managing over 4500 physical servers Total 150 Racks in 5 data centers across Malaysia and Singapore Contributing 10% of

  1. DDOS MITIGATION EXPERIENCE

  2. 01. About IP ServerOne

  3. Founded in 2003 • About 52 Employees • IP ServerOne Managing over 4500 physical servers • Total 150 Racks in 5 data centers • across Malaysia and Singapore Contributing 10% of Malaysia’s • domestic traffic Approximately 6.8 Gbit/s total traffic • sending to the Internet at peak 300 Gbps DDoS mitigation capacity in • MY, SG, HK, TW

  4. 02. What is a DDoS attack?

  5. 01 We believe that everyone should be Why • more aware of DDoS attacks and their choosing possible impacts on a business this topic? 02 To share on the DDoS trend • happening in our local community To share the possible ways to detect 03 • any kind of DDoS attack , and help to blackhole the affected IP addresses automatically with opensource utility 04 Giving an idea of IPSERVERONE’s • anti-ddos system deployment in our own data centers

  6. A cyberattack carried out over networks that intentionally is done by someone In short, it’s a downtime to the provider Or a downtime to the customer

  7. What is the level of attacks we encounter? 2-5 Over Mostly range Attacks mainly attacks 100 attacks from 4.5 Gbps come from per day per month to 8.9 Gbps overseas

  8. Which types of attack we mostly get? DNS/ NTP/ HTTP/ TCP Flag SSDP/ UDP HTTPS floods CHARGEN floods flood (SYN, ACK … ) amplification attack

  9. Attacks from international link: Bandwidth level attack: Packet per second (pps) attack: International link is 16.6 Mbps, bandwidth is around 81 Gbit/s approximately 6.6 Gbps

  10. Attacks from Malaysia’s peering Bandwidth level attack: Packet per second (pps) attack: 12 Gbps from 10.6 Mbps, bandwidth single provider is approximately 4.9 Gbps

  11. DDoS activity within Malaysia

  12. A DDoS alert report sample on a local attack

  13. A new way of DDoS attack (via Direct Peering) Due to the ports being closed TCP RST flag/ ICMP send back to the victim IP ISP A 183.81.160.0/21 ISP C 45.64.168.0/22 VICTIM Server Attacker Internet 45.64.168.254 ISP B Due to the ports being closed 210.5.40.0/21 TCP RST flag/ ICMP send back to the victim IP Spoofed IP Source: 45.64.168.254:80 Destination: 210.5.40.0 – 210.5.47.254 (all ISP B IP addresses) Destination: 183.81.160.0 – 183.81.167.254 (all ISP A IP addresses) Destination Port: 80,443,22,21 … . TCP Flag: SYN

  14. • The attacker can control how to flow the The impacts attack to the victim network ; For 01 from this example: Via MyIX? Or direct peering & etc. new method • The ISP A, or ISP B think that the victim attack: 02 server is attacking all their IP address range . 03 • ISP A, or ISP B will not be able to do any blackhole as all of their IP addresses are affected. 04 • Victim ISP cannot react to it as the packet was spoofed from outside of the victim network.

  15. Solutions for these kind of attacks: Make sure you have Apply ACL, or enough bandwidth to using Flowspec take the spoofed to mitigate this packet issue

  16. To sleep better DDoS To do tcpdump / A Dedicated detection tool nfdump when you Blackhole router must be available are under-attack it’s that integrates with way too slow ExaBGP can make the NOCs’ lives easier

  17. 03. How do we detect a DDoS attack?

  18. How do we detect a DDoS attack: We use netflow to detect any kind of DDoS attack

  19. Detector deployment architecture DDoS mitigation Device Border router 1 Normal internet Myix router Core router 1 Access switch Internet Border router 2 Netflow / Sflow 1. We use out of path deployment 2. NTA will collect flow from all the border routers 3. Traffic will pass through normally from: border > core router > access > switch > server

  20. The detector will look at the netflow packet How does a and will count for the number of packet per detector seconds towards single destination IP address. work? In layman term, it will count how many: 1. SYN packet received per second for single IP 2. ACK packet received per second for single IP 3. DNS packet received per second for single IP 4. NTP packet received per second for single IP 5. UDP packet received per second for single IP 6. ..... (and many many more )

  21. Detector Threshold setting We categorize all our IP addresses into Multiple IP address groups Each IP Group would contain its own IP range and threshold setting

  22. DDoS detector also detects based on bandwidth Besides Packet Per second check, it will also check for: maximum inbound bandwidth per second for single IP

  23. Open-source utility that can do a DDoS Detection:

  24. When a DDoS is detected, what is the mitigation plan? Here are the typical mitigation methods : Method Null Route Self-Mitigate 100% Cloud Hybrid Operation impact IP got blocked Can access as Access as usual, Can access as usual but may be usual higher latency Cost to FREE Expensive Manageable Expensive implement Cost Limitation Not all IX support High cost and Latency issue Skill set and cost. Null route high technical skills Impact to the Customer may $$$ $ $$$$ provider be leaving

  25. Updates from MYIX: It may help on MyIX route server is reducing the DDoS now supporting attacks from MyIX blackhole community peering members that learned the route from MyIX route server

  26. 04. How do we Mitigate DDoS attacks at IP ServerOne?

  27. We send flows to our Network Traffic Analyzer netflow will be sending from all our border routers Cleanpipe provider Border router 1 Myix router Core router 1 Access switch Internet Border router 2 Netflow / Sflow Traffic from the internet to server Traffic from server to internet Attack traffic

  28. Time required for a DDoS Detection: It may be taking less than 90 seconds to complete the DDoS detection + mitigation

  29. At IP ServerOne, the Anti-DDoS is based on hybrid model DDoS On-Premise device + Cloud based protection Mitigation The reason why we are mitigating the attacks ourselves are: Most of the cloud 70% of our providers are bandwidth is located overseas going through MyIX Cloud providers could have false positive sometime. Troubleshooting on this is very difficult; we are using BGP communities to do traffic engineering ; so that those targetted customers will be coming through our own link rather than other cloud providers.

  30. How do we deploy the mitigation device: Normal traffic Border router Core router DDoS filter When the victim’s server IP is under attack • The detector will advertise a /32 over to all borders router , so that all traffic towards the victim • server will be next-hop to the filtering device for cleaning purpose Traffic towards other servers is not affected •

  31. What does the Anti-DDoS filter do?

  32. 05. Where to START?

  33. Where to start? To combat against a DDoS, let’s start with detection process first: Open-source solution= Commercial solution = fastnetmon you can visit our booth (we highly recommend trying this)

  34. 06. ANY QUESTIONS?

  35. Thanks OUR INFRASTRUCTURE; YOUR GROWTH E-mail: cllee@ip.my Mobile: +6 012-331 9286 IP ServerOne Solutions Sdn. Bhd. (800140-T) A-1-1 & A-1-2, Block A, Glomac Damansara, Jalan Damansara, 60000 Kuala Lumpur, Wilayah Persekutuan, Malaysia. 03 2026 1688 www.ipserverone.com ISO Certificate No: IS 651738

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster synergy among stakeholders to promote advancement in DDoS defense knowledge. Independent academic R&D division of Nexusguard building next

764 views • 44 slides
XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at Cloudflare London DDoS Mitigation Team Enjoy messing with networking and Linux kernel Agenda Cloudflare DDoS mitigation pipeline Iptables and

802 views • 65 slides
DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology

DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology

1 DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology of work DDoS tactics in-the-wild and how to improve Ready, set, FACEPALM! Q&A ~$ whoami 3 Moshe Zioni, Head of Research,

656 views • 47 slides
Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim to DDoS mitigation service SOS "I am getting DoSd" 2 DDoS Transport Choice SOS : Requirements Emergency signal.

247 views • 5 slides
Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to

Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to

Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to millions of users and thousands of companies around the globe. Powered by an ever-expanding global network dedicated to DDoS mitigation and multiple

576 views • 9 slides
Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation

Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation

Introduction: Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation Attacker signals slaves to launch an attack on a specific target address (victim). Slaves then respond by Comp290: Network

275 views • 9 slides
OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam

OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam

OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam Quanza Engineering C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation Introduction Distributed Denial of Service attacks Types of attacks Application

358 views • 18 slides
DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks DDoS Prevention Improving Performance Questions Glossary DDoS - Attempt to make a server or network resource unavailable to Internet

549 views • 30 slides
.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS A)ack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos A)acks Few Qmes

150 views • 13 slides
.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS Attack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos Attacks Few

606 views • 14 slides
PennREN DDoS Mitigation Service Technical Overview Zach Bare Network Engineer Agenda Why

PennREN DDoS Mitigation Service Technical Overview Zach Bare Network Engineer Agenda Why

PennREN DDoS Mitigation Service Technical Overview Zach Bare Network Engineer Agenda Why use the DDoS Mitigation Service What the service does not do (currently) Understanding traffic flow PennREN member requirements Activating traffic

389 views • 18 slides
A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure

A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure

A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure Cristian Hesselman 1 , Jeroen van der Ham 2 , Roland van Rijswijk 3 , Jair Santanna 2 , Aiko Pras 2 1) SIDN Labs, 2) University of Twente, 3) SURFnet

463 views • 10 slides
Kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation Alexander Krizhanovsky Tempesta Technologies,

Kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation Alexander Krizhanovsky Tempesta Technologies,

Kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation Alexander Krizhanovsky Tempesta Technologies, Inc. ak@tempesta-tech.com Who am I? CEO & CTO at Tempesta Technologies (Seattle, WA) Developing Tempesta FW open source Linux Application

740 views • 48 slides
Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizvry, Jan Vykopal AIMS

Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizvry, Jan Vykopal AIMS

Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizvry, Jan Vykopal AIMS 2014, Brno, July, 1st 2014 Current and Future Networking Traditional networking principles remain mostly unchanged over the past decades.

446 views • 18 slides
DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,

DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,

NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta, 27 November 2014 NORDUnet Basic Nordic infrastructure for Research & Education

307 views • 16 slides
Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control

Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control

Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control Service Service for for DDoS DDoS Attack Attack Control Control Service for DDoS Attack Mitigation Mitigation Mitigation Bernhard Plattner,

474 views • 24 slides
FEL 4/13, 1/09 and 1/06, Atlantic Ireland PROSPEX, London, December 2014 Ireland Atlantic

FEL 4/13, 1/09 and 1/06, Atlantic Ireland PROSPEX, London, December 2014 Ireland Atlantic

Slyne & Rockall Basin Opportunities FEL 4/13, 1/09 and 1/06, Atlantic Ireland PROSPEX, London, December 2014 Ireland Atlantic Exploration Shared geology with UK, oil, condensate, gas Vring discovery / field Faroe & Norwegian

274 views • 14 slides
How to Power Up Profits When Oil Prices Go Down Sean Brodrick Oxford Resource

How to Power Up Profits When Oil Prices Go Down Sean Brodrick Oxford Resource

How to Power Up Profits When Oil Prices Go Down Sean Brodrick Oxford Resource Explorer The $10 Trigger Alert InvestmentU.com FreeMarketCafe.com 13 Charts on Energy and 10 Picks Packed with Profit

285 views • 26 slides
1 DELTA RESOURCES LIMITED Corporate Presentation January 2020 DLTA | TSX-V Disclaimer DELTA

1 DELTA RESOURCES LIMITED Corporate Presentation January 2020 DLTA | TSX-V Disclaimer DELTA

1 DELTA RESOURCES LIMITED Corporate Presentation January 2020 DLTA | TSX-V Disclaimer DELTA RESOURCES LIMITED 2 Corporate Presentation January 2020 CAUTIONARY STATEMENT ON FORWARD- LOOKING INFORMATION Certain information contained or

526 views • 21 slides
FASTER Overview Aspa Tzeletopoulou Alexios Vlachopoulos 833507 FASTER

FASTER Overview Aspa Tzeletopoulou Alexios Vlachopoulos 833507 FASTER

FASTER Overview Aspa Tzeletopoulou Alexios Vlachopoulos 833507 FASTER H2020-SU-SEC-2018-2019-2020/H2020-SU-SEC-2018 1 Project funded by: EUROPEAN UNION - Research Executive Agency (REA) Project Information First responder Advanced

312 views • 14 slides
MARCH 3, 2016 CONFERENCE CALL PREMIUM VALUE. DEFINED GROWTH. INDEPENDENT. Slide 1 Agenda

MARCH 3, 2016 CONFERENCE CALL PREMIUM VALUE. DEFINED GROWTH. INDEPENDENT. Slide 1 Agenda

2015 Fourth Quarter & Year End March 2016 and 2016 Budget PROVEN EFFECTIVE STRATEGY MARCH 3, 2016 CONFERENCE CALL PREMIUM VALUE. DEFINED GROWTH. INDEPENDENT. Slide 1 Agenda Introduction Mark Stainthorpe Director, Treasury and

377 views • 24 slides
6. Parameter Passing Parameter Passing CS 381 Spring 2016 Example (Formal) Parameter void

6. Parameter Passing Parameter Passing CS 381 Spring 2016 Example (Formal) Parameter void

CS 381 Spring 2016 6. Parameter Passing Parameter Passing CS 381 Spring 2016 Example (Formal) Parameter void f(int x, int y) { y := x+1 }; x := 3; What is the value of z? z := 1; f(2*x,z); ... it depends on the parameter

244 views • 22 slides
Extraction of Semantic Relations between Concepts with KNN Algorithms on Wikipedia A. Panchenko 1

Extraction of Semantic Relations between Concepts with KNN Algorithms on Wikipedia A. Panchenko 1

Introduction Semantic Relation Extraction Methods Results Conclusion Extraction of Semantic Relations between Concepts with KNN Algorithms on Wikipedia A. Panchenko 1 , 2 , S. Adeykin 2 , A. Romanov 2 and P. Romanov 2 1 Universit e

410 views • 22 slides
Hollysys Automation Technologies Ltd. Investors Presentation FY2019 Q1 YOUR LOGO Safe Harbor

Hollysys Automation Technologies Ltd. Investors Presentation FY2019 Q1 YOUR LOGO Safe Harbor

Automation for Better Life Hollysys Automation Technologies Ltd. Investors Presentation FY2019 Q1 YOUR LOGO Safe Harbor This presentation may contain forward-looking statements within the meaning of the private securities litigation reform

581 views • 33 slides

More recommend