V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks"

Transcription

1 Enabling Precise Defense against New DDoS Attacks

2 1 Key Points: DDoS attacks are more prone to targeting the application layer. Traditional attack detection and defensive measures fail to defend against these types of DDoS attacks. Executive Summary: The fast growing prosperity of cloud computing is accompanied by a surge in the provision of Internet as well as DDoS attacks and their variants. DDoS attacks are more prone to targeting the application layer especially WEB and DNS services, launched mainly out of malicious competition. Profitable online services are allegedly undergoing more and longer attacks, according to Huawei Cloud Security Center. Currently, various functional evasion techniques are used on botnets to keep them alive longer. Typical techniques used are the domain generation algorithm (DGA) and Fast-flux techniques, which quickly replace C&C server IP address. The common defensive measure of shutting down the C&C server (source of attacks) does not work effectively when dealing with DDoS attacks launched using botnets. Since traditional attack detection and defensive measures fail to defend against new types of DDoS attacks, there is rapidly growing demand for new defensive measures which provide accurate detection and correct identification of attacks.

3 Trend of DDoS Attacks 1. Application services are suffering more DDoS attacks with light traffic and low speed. Carrier networks and their basic architecture and infrastructure have historically been the target of DDoS attacks. In more recent times, internet applications and services, such as enterprise website, online shopping, streaming services, online gaming, DNS, and have increasingly become prime targets of DDoS attacks. Web-targeted DDoS attacks have accounted for over 87.11% DDoS attacks, according to the latest security report released by Huawei. Hackers have been seen to prefer more elusive attacks requiring lower bandwidth and lighter traffic because they can achieve their attack goals while maintaining low costs. By exploiting vulnerabilities of commonly-used flow detection techniques, applicationtargeted attacks that have light traffic and low bandwidth are prevailing. Packets have to be verified one by one to detect DDoS attacks at the application layer. 2. DDoS attacks are becoming increasingly complex. More simulated Http attacks: Before launching attacks, hackers usually select WEB servers and perform tests to discover their vulnerabilities. They proceed to exploit these vulnerabilities by repurposing ghost servers and resources to exhaust the system's computing resources. In the meantime of achieving attack effects, they hide the attack sources by instructing botnet computers to send normal-like requests to the WEB servers over proxy servers. Such attacks have a relatively low access rate but a sufficiently large volume of access requests will exhaust the server s computing resources, and consequently result in a denial of service. 2 Trends: 1) Application services are suffering more DDoS attacks with light traffic and low speed. 2) DoS attacks are becoming increasingly complex. Traditional defenses technologies such as source detection and proxies cannot effectively counter such attacks while a source reputation assessment system does, which is capable of handling such attacks with high efficiency and precision. Minnow-for-whale DNS Cache Miss attack: Second to WEB-targeted DDoS attacks in terms of popularity, DNS-targeted DDoS attacks are launched by sending a large volume of non-existing domain names to be queried to the DNS server aimed at increasing its workload. This prevents legitimate queries to the DNS Server from querying the cache preventing them from resolving domain names. DNS-targeted attacks are intended to hit authoritative DNS servers that are used by online services. Such attacks lead to online service failures and also bring down other Internet services that depend on domain name resolution. This form of attack encompasses the largest scope of impact, severely affecting services and infrastructure down to the most basic architecture of Internet. The Kmplayer event in 2009 is an example of typical of a DNS Cache Miss attack. To effectively defend against DNS-targeted attacks, both proactive and responsive countermeasures shall be taken such as attack detection and analysis based on source reputation, session reputation, and behavior analysis.

4 3 Insufficiency of traditional defenses technical: 1) Maintaining a good user experience while eliminating terminal misjudgment makes defense against Http attacks extremely difficult. 2) Identification of spoofing sources is hard for DNS Cache Miss attack defense. 2) Insufficient session techniques hardly detect light-traffic attacks. Insufficiency of traditional defenses against new DDoS attacks 1. Maintaining a good user experience while eliminating terminal misjudgment makes defense against Http attacks extremely difficult. Defending against Http attacks aimed at e-commerce websites must avoid terminal misjudgment while eliminating all impacts on user experience. Presently, techniques such as URL redirection and code verification are commonly used to defend against Http attacks. However, the web page displayed during verification cannot carry any information, which impacts user experience. Most importantly, many users access e-commerce systems using their smartphones as a result of their high mobility and availability. Smartphones, however, do not completely implement the HTTP application protocol stack and in most cases do not support redirection. This means that such a common defensive measure may interrupt or completely prevent the access of mobile terminal users. Being aware of such a prominent vulnerability, hackers may launch attacks by disguising themselves as mobile smart terminals with full knowledge that it would be harder to defend the DDoS attacks that target mobile web applications. To accurately identify Http attacks while maintaining a good user experience, other countermeasures like smart terminal identification, application-layer IP reputation, and session analysis must be implemented. 2. Identification of spoofing sources is hard for DNS Cache Miss attack defense. DNS querying is based on UDP protocol which is connectionless, thus presents a challenge in defending against DNS Cache Miss attacks. A common countermeasure taken to prevent DNS Cache Miss Attacks is to change UDP requests into TCP requests to verify the sources. However, as seen on live networks, most DNS clients do not support TCP, preventing this countermeasure from being physically applicable. If a hacker launches a Cache Miss attack at the DNS authorization server by simulating or using a

5 real DNS buffer server, defending against such an attack will be extremely difficult. An effective source reputation mechanism is required such that source reputation is analyzed for an ongoing session to distinguish between unauthorized and authorized accesses. 3. Insufficient session techniques hardly detect light-traffic attacks. Among botnet based DDoS attacks, light-traffic attacks are the hardest to defend against. They usually carry genuine IP addresses and exploit application access vulnerabilities (after three handshakes with the application server). Such attacks can only be detected through ongoing session monitoring and user behavior analysis. Detecting and eliminating such attacks requires more precise defenses and better performance on security devices than common attacks. At this moment, no vendor provides sufficient session monitoring techniques capable of detecting and defending against light-traffic attacks. Huawei V-ISA Reputation Mechanism, a Powerful Technique to Defend Against New DDoS Attacks 4 Based on professional software and hardware platforms with traditional competitive edges, Huawei anti-ddos solution introduces the first V-ISA reputation security system in the industry and unique anti-ddos product featuring advanced detection mechanisms all while delivering over 100 Gbit/s of performance on a single device. This solution provides a powerful tool for carriers, enterprises, and data centers to accurately defend against new DDoS attacks. 1. Working mechanism of the V-ISA In most cases, the system learns the characteristics of Layer-3, Layer-4, and Layer-7 traffic and sets up service access models of the protected IP addresses, including service access models of sources. Then the system compares traffic statistics with the service models to detect anomalies. To prevent any impact on customer experiences, the system gives top N traffic with good reputations bonus points during traffic model learning. When a security event occurs, the solution ensures that access from users with a good reputation is permitted and reputation authentication, behavior analysis, and session reputation are implemented to identify suspicious sources that exceed the source access baseline. Identifiable attacks include the botnet attacks with forged or real sources and the lowrate attacks simulating access from legitimate users. With the V-ISA reputation security mechanism, no legitimate access is blocked and no attacks are permitted. Huawei V-ISA Reputation Mechanism: 1) Multi-tenant-based anti-ddos and operation. 2) IP reputation-based defense against DDoS launched by botnets. 3) Defense against Session reputation-based low-rate attacks. 4) Defense against Behavior reputationbased application attacks.

6 2. Components of the V-ISA reputation security system In Huawei V-ISA reputation detection system V, short for Virtual, indicates that Huawei anti- DDoS system can implement security protection and operation in cloud computing multi-tenant scenario; I, short for IP, indicates that the system provides IP reputationbased botnet defense; S, short for Session, indicates that the system provides session reputation-based low-rate attack defense; A, short for Application, indicates that the system provides behavior reputation-based application attack defense. Multi-tenant-based anti-ddos and operation: The Zone concept of Huawei anti- DDoS system echoes with the tenant concept of cloud computing. The system provides customized defense policies, defense thresholds, and reports, supports the regular sending of customized reports, and provides a report self-service portal. IP reputation-based defense against DDoS launched by botnets: Based on botnet detecting technologies and anti-ddos blacklists, the system generates a "zombie" IP address database. From the active time of IP addresses, the system can tell zombie activation time. Then the system adds the active IP addresses to the address list to filter malicious traffic. This technology filters out malicious traffic without source authentication to prevent authentication impacts on legitimate services. In addition, the direct filtering technology provides a vantage point from which it is possible to defend against mobile botnets since the traditional authentication scheme is in adequate. To prevent detrimental impacts on customer experience, Huawei anti- DDoS system employs a customer reputation mechanism. Before attacks are launched, the system adds the IP addresses of customers with large volumes of traffic and legitimate behaviors to an IP reputation list to ensure that traffic generated by these customers is rapidly forwarded. If used for mobile application and e-commerce website protection in case of mobile terminal access, this technology not only improves the defense efficiency but also lowers the number of false positives to the lowest extent possible today. Defense against Session reputation-based low-rate attacks: Low-rate attacks target at TCP applications. This type of attacks are launched by a massive number of zombies, each equipped with small volume of traffic, resulting in low traffic rates which are uneasy to detected. Typical representatives include SSL-DoS/DDoS, HTTP slow headers/post attack, HTTP retransmission, and Sockstress attacks. Huawei anti-ddos system sets up a session table for all suspicious sources that pass source authentication and are excluded from forged sources, records session indicators for these sources, analyzes abnormal behavior statistics, and proceeds to block packets from these sources if their anomaly counts exceed the predefined limit. This anti-ddos system features accurate differentiation between infected traffic and legitimate traffic without returning any false positives or false negatives, unlikely to be detected by competing vendors. Huawei is one of the few vendors that provide a complete session defense mechanism capable of detecting can detect anomalies in ongoing sessions. Defense against Behavior reputation-based application attacks: This behavior-based defense technology works by analyzing and comparing patterns generated by user and zombie behaviors. The resources accessed by legitimate users have no specific order and the access frequency is random. However, zombie behaviors are designed, ordered and have specific targets. Therefore, the accessed resources and access frequency are fixed. Although the rate of a single source may be low, the QPS is high. Whitelist & blacklist First packet drop Source authentication Portion statistics Session reputation Whitelist Blacklist No match Operation by list Client AntiDDoS Client AntiDDoS 1 st SYN SYN SYN ACK 2 nd SYN wrong SEQ RST No reply Client AntiDDoS SYN/ACK/RST N link Data transfer N link Normal = N data Over high N data Client AntiDDoS TCP handshake Data transfer Session record List out of session reputation and source authentication results Drops the first SYN packet and records simple info Cookie bounce, verifying the source Statistics on the portion of packets for session to packets data trams mission Whitelist generated for Top N sessions Off previously identified attack packets Off 80% fake source attack packets Off 10% repeated fake source attack packets Off 10% true source attack packets Session credits generated High performance Avoiding full traffic bounce authentication, saving bandwidth Behavior analysis + session reputation, complete and effective

7 As long as the model is correct, the behavior analysis technology does not have any adverse impact user experience. In most cases, behavior analysis is used with session reputation and source authentication to enhance defense accuracy. For example, behavior analysis can detect attack sources that pass the transport-layer source authentication but have abnormal TCP packet rates. To protect the HTTP server on a fixed network, source behavior analysis can be configured to redirect the packets that exceed the source access baseline. Similarly, in the DNS defense scenario, behavior analysis can be configured to detect DNS servers under attack and function with source authentication on the suspicious sources to minimize impact on legitimate user accesses. In conclusion, a complete behavior analysis involves multi-dimensional analysis and usually needs to function with source authentication. Consequently, this has high requirements on device performance. Due to high costs of development and limited security capabilities, most security vendors are unable to produce anti-ddos products capable of conducting fine-tuned behavior analysis, preventing them from conducting a world class defense against attacks. Huawei anti-ddos devices, employs the industry-leading distributed multi-core architecture, integrate four high-performance CPUs on each SPU to deliver 10 Gbit/s application-layer behavior analysis capabilities, which set it in a class of its own, delivering a world class, complete anti-ddos defense suite. Conclusion Empowered by the V-ISA reputation detection system, Huawei anti-ddos solution provides powerful and intelligent defense mechanisms with seven protection layers specific to each of the seven OSI layers for a complete anti-ddos defense: deformed packet filtering, by-feature packet filtering, application-layer source authentication, source authentication, session analysis, behavior analysis, and smart rate limiting. Deformed packet filtering: filters non-standard packets. By-feature packet filtering: identifies attack traffic (by analyzing for its unique fingerprint using Huawei-proprietary fingerprint learning and comparing algorithm), and filters packets by customized attributes such as IP addresses and ports. Application-layer source authentication and source authentication: verify the source IP address and the intention of access. Session analysis and behavior analysis: check for features of DDoS attacks targeting TCP connections and applications. DDoS attacks usually have a light traffic, constant access frequency, and same destination resource. The analysis techniques effectively defend against botnet DDoS attacks that are usually undercovered by means of evasion. Smart rate limiting: limits and controls access to heavy traffic to ensure availability of servers. 5 In all, Huawei anti-ddos solution provides complete DDoS defense by cleansing traffic layer by layer while maintaining consistent quality of user access. References: 2013 Botnets and DDoS Attacks Report.pdf Huawei AntiDDoS Solution

8 Copyright Huawei Technologies Co., Ltd All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademark Notice, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd. Other trademarks, product, service and company names mentioned are the property of their respective owners. General Disclaimer The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. HUAWEI TECHNOLOGIES CO., LTD. Huawei Industrial Base Bantian Longgang Shenzhen , P.R. China Tel: Version No.: M C-1.0

AntiDDoS1000 DDoS Protection Systems

AntiDDoS1000 DDoS Protection Systems AntiDDoS1000 DDoS Protection Systems Background and Challenges With the IT and network evolution, the Distributed Denial of Service (DDoS) attack has already broken away from original hacker behaviors.

More information

Eudemon8000E Anti-DDoS SPU

Eudemon8000E Anti-DDoS SPU Today's network attack varieties and intensities grow exponentially. Distributed Denial of Service (DDoS) attacks in 2010 swallowed 100G bandwidths, experiencing a 1000% increase over 2005. The diversified

More information

DDoS Protection Technology White Paper

DDoS Protection Technology White Paper DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of

More information

Huawei Traffic Cleaning Solution

Huawei Traffic Cleaning Solution Huawei Traffic Cleaning Solution Copyright Huawei Technologies Co., Ltd. 2011. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written

More information

Acquia Cloud Edge Protect Powered by CloudFlare

Acquia Cloud Edge Protect Powered by CloudFlare Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....

More information

CloudFlare advanced DDoS protection

CloudFlare advanced DDoS protection CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com

More information

HUAWEI OceanStor 9000. Load Balancing Technical White Paper. Issue 01. Date 2014-06-20 HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI OceanStor 9000. Load Balancing Technical White Paper. Issue 01. Date 2014-06-20 HUAWEI TECHNOLOGIES CO., LTD. HUAWEI OceanStor 9000 Load Balancing Technical Issue 01 Date 2014-06-20 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2014. All rights reserved. No part of this document may be

More information

AntiDDoS8000 DDoS Protection Systems

AntiDDoS8000 DDoS Protection Systems AntiDDoS8000 DDoS Protection Systems Background and Challenges With the IT and network evolution, the Distributed Denial of Service (DDoS) attack has already broken away from original hacker behaviors.

More information

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges

More information

Big Data for Big Security

Big Data for Big Security Big Data for Big Security HUAWEI NEXT GENERATION ANTI-DDOS SOLUTION Index DDOS ATTACK AND DEFENSE INFOGRAPHIC HUAWEI 2013 SECURITY RESEARCH REPORT DDOS PREVENTION BASED ON BIG DATA HUAWEI NEXT GENERATION

More information

VALIDATING DDoS THREAT PROTECTION

VALIDATING DDoS THREAT PROTECTION VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to

More information

CS 356 Lecture 16 Denial of Service. Spring 2013

CS 356 Lecture 16 Denial of Service. Spring 2013 CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013 the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point

More information

Eudemon1000E Series Firewall HUAWEI TECHNOLOGIES CO., LTD.

Eudemon1000E Series Firewall HUAWEI TECHNOLOGIES CO., LTD. HUAWEI TECHNOLOGIES CO., LTD. Product Overview The Eudemon1000E series product (hereinafter referred to as the Eudemon1000E) is a new generation of multi-function security gateway designed by Huawei to

More information

United Security Technology White Paper

United Security Technology White Paper United Security Technology White Paper United Security Technology White Paper 1 Challenges...6 1.1 Security Problems Caused by Mobile Communication...6 1.2 Security Fragmentation Problems...8 2 United

More information

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4

More information

Denial of Service Attacks

Denial of Service Attacks 2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,

More information

ipca Quality Awareness Technology White Paper

ipca Quality Awareness Technology White Paper ipca Quality Awareness Technology White Paper ipca Quality Awareness Technology White Paper 1 IP/Ethernet Networks Cannot Measure Service Quality...2 1.1 ipca Overview...2 1.2 ipca Benefits...3 2 ipca

More information

Complete Protection against Evolving DDoS Threats

Complete Protection against Evolving DDoS Threats Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion

More information

JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME WE ARE NOT FOR EVERYONE

JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME WE ARE NOT FOR EVERYONE WE ARE NOT FOR EVERYONE JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME Don t let a DDoS attack bring your online business to a halt we can protect any server in any location DON T GET STUCK ON THE ROAD OF

More information

A Layperson s Guide To DoS Attacks

A Layperson s Guide To DoS Attacks A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4

More information

Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD.

Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD. Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD. Product Overview Faced with increasingly serious network threats and dramatically increased network traffic, carriers' backbone networks,

More information

HUAWEI TECHNOLOGIES CO., LTD. Anti-DDoS Solution

HUAWEI TECHNOLOGIES CO., LTD. Anti-DDoS Solution HUAWEI TECHNOLOGIES CO., LTD. Anti-DDoS Solution 1 Anti-DDoS Solution Dear Huawei Employees, Heartiest Congratulations to the Huawei team for the successful vision and ingenuity demonstrated in attaining

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Keyur Chauhan 1,Vivek Prasad 2 1 Student, Institute of Technology, Nirma University (India) 2 Assistant Professor,

More information

Huawei Eudemon200E-N Next-Generation Firewall

Huawei Eudemon200E-N Next-Generation Firewall Huawei 200E-N Next-Generation Firewall With the popularity of mobile working using smartphones and tablets, mobile apps, Web2.0, and social networking become integral parts of works. This change in IT

More information

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc. TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...

More information

Firewall Firewall August, 2003

Firewall Firewall August, 2003 Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also

More information

DDoS Attack and Its Defense

DDoS Attack and Its Defense DDoS Attack and Its Defense 1 DDoS attacks are weapons of mass disruption. The DDoS attack has long been a big main threat to security of the Internet. It is not expensive and easy to be used for achieving

More information

2013 Botnets and DDoS Attacks Report

2013 Botnets and DDoS Attacks Report 2013 Botnets and DDoS Attacks Report 1 Report Overview Expert Perspectives In the first half of 2013, global botnets remained small, local, and specialized in comparison to the previous year. The standard

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security

More information

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015 Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan April 23, 2015 1 / 24 Secure networks Before the advent of modern telecommunication network,

More information

NSFOCUS Web Application Firewall White Paper

NSFOCUS Web Application Firewall White Paper White Paper NSFOCUS Web Application Firewall White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect

More information

Protecting Against Application DDoS Attacks with BIG-IP ASM: A Three-Step Solution

Protecting Against Application DDoS Attacks with BIG-IP ASM: A Three-Step Solution Protecting Against Application DDoS Attacks with BIG-IP ASM: A Three-Step Solution Today s security threats increasingly involve application-layer DDoS attacks mounted by organized groups of attackers

More information

Firewall Testing Methodology W H I T E P A P E R

Firewall Testing Methodology W H I T E P A P E R Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness

More information

DoS: Attack and Defense

DoS: Attack and Defense DoS: Attack and Defense Vincent Tai Sayantan Sengupta COEN 233 Term Project Prof. M. Wang 1 Table of Contents 1. Introduction 4 1.1. Objective 1.2. Problem 1.3. Relation to the class 1.4. Other approaches

More information

WhitePaper. Mitigation and Detection with FortiDDoS Fortinet. Introduction

WhitePaper. Mitigation and Detection with FortiDDoS Fortinet. Introduction WhitePaper DDoS Attack Mitigation Technologies Demystified The evolution of protections: From inclusion on border devices to dedicated hardware+behavior-based detection. Introduction Distributed Denial

More information

Application Security Backgrounder

Application Security Backgrounder Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International

More information

Technical Series. A Prolexic White Paper. Firewalls: Limitations When Applied to DDoS Protection

Technical Series. A Prolexic White Paper. Firewalls: Limitations When Applied to DDoS Protection A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial

More information

First Line of Defense

First Line of Defense First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Powerful web-based security analytics portal with easy-to-read security dashboards Proactive

More information

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity NIP IDS Product Overview The Network Intelligent Police (NIP) Intrusion Detection System (IDS) is a new generation of session-based intelligent network IDS developed by Huaweisymantec. Deployed in key

More information

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended

More information

Radware s Attack Mitigation Solution On-line Business Protection

Radware s Attack Mitigation Solution On-line Business Protection Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...

More information

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch

More information

Combating DoS/DDoS Attacks Using Cyberoam

Combating DoS/DDoS Attacks Using Cyberoam White paper Combating DoS/DDoS Attacks Using Cyberoam Eliminating the DDoS Threat by Discouraging the Spread of Botnets www.cyberoam.com Introduction Denial of Service (DoS) and Distributed Denial of Service

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information

Stop DDoS Attacks in Minutes

Stop DDoS Attacks in Minutes PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)

More information

NSFOCUS Anti-DDoS System White Paper

NSFOCUS Anti-DDoS System White Paper White Paper NSFOCUS Anti-DDoS System White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect to

More information

Quality Certificate for Kaspersky DDoS Prevention Software

Quality Certificate for Kaspersky DDoS Prevention Software Quality Certificate for Kaspersky DDoS Prevention Software Quality Certificate for Kaspersky DDoS Prevention Software Table of Contents Definitions 3 1. Conditions of software operability 4 2. General

More information

SECURING APACHE : DOS & DDOS ATTACKS - I

SECURING APACHE : DOS & DDOS ATTACKS - I SECURING APACHE : DOS & DDOS ATTACKS - I In this part of the series, we focus on DoS/DDoS attacks, which have been among the major threats to Web servers since the beginning of the Web 2.0 era. Denial

More information

TDC s perspective on DDoS threats

TDC s perspective on DDoS threats TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)

More information

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic

More information

MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN

MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN Kanika 1, Renuka Goyal 2, Gurmeet Kaur 3 1 M.Tech Scholar, Computer Science and Technology, Central University of Punjab, Punjab, India

More information

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding? Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against

More information

Web Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module

Web Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module Web Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module While HTTP Flood and DoS attacks are spreading nowadays, there is a new attack surface reduction

More information

DDoS Protection on the Security Gateway

DDoS Protection on the Security Gateway DDoS Protection on the Security Gateway Best Practices 24 August 2014 Protected 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by

More information

Application DDoS Mitigation

Application DDoS Mitigation Application DDoS Mitigation Revision A 2014, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Volumetric vs. Application Denial of Service Attacks... 3 Volumetric DoS Mitigation...

More information

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto, Ramin Sadre Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attack Taxonomy Many different kind of

More information

Guidelines for Web applications protection with dedicated Web Application Firewall

Guidelines for Web applications protection with dedicated Web Application Firewall Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security

More information

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks Stop DDoS before they stop you! James Braunegg (Micron 21) What Is Distributed Denial of Service A Denial of Service attack (DoS)

More information

White Paper In Denial?...Follow Seven Steps for Better DoS and DDoS Protection

White Paper In Denial?...Follow Seven Steps for Better DoS and DDoS Protection RELEVANT. INTELLIGENT. SECURITY White Paper In Denial?...Follow Seven Steps for Better DoS and DDoS Protection www.solutionary.com (866) 333-2133 In Denial?...Follow Seven Steps for Better DoS and DDoS

More information

A Novel Distributed Denial of Service (DDoS) Attacks Discriminating Detection in Flash Crowds

A Novel Distributed Denial of Service (DDoS) Attacks Discriminating Detection in Flash Crowds International Journal of Research Studies in Science, Engineering and Technology Volume 1, Issue 9, December 2014, PP 139-143 ISSN 2349-4751 (Print) & ISSN 2349-476X (Online) A Novel Distributed Denial

More information

How Cisco IT Protects Against Distributed Denial of Service Attacks

How Cisco IT Protects Against Distributed Denial of Service Attacks How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN

More information

Network Bandwidth Denial of Service (DoS)

Network Bandwidth Denial of Service (DoS) Network Bandwidth Denial of Service (DoS) Angelos D. Keromytis Department of Computer Science Columbia University Synonyms Network flooding attack, packet flooding attack, network DoS Related Concepts

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks

Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks Threat Paper Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks Federal Computer Incident Response Center 7 th and D Streets S.W. Room 5060 Washington,

More information

Arbor s Solution for ISP

Arbor s Solution for ISP Arbor s Solution for ISP Recent Attack Cases DDoS is an Exploding & Evolving Trend More Attack Motivations Geopolitical Burma taken offline by DDOS attack Protests Extortion Visa, PayPal, and MasterCard

More information

Concierge SIEM Reporting Overview

Concierge SIEM Reporting Overview Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts

More information

Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering.

Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering. CSE 127 Computer Security Fall 2011 More on network security Todays outline NAT, Firewalls IDS DDoS Chris Kanich (standing in for Hovav) [some slides courtesy Dan Boneh & John Mitchell] TCP/IP Protocol

More information

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

Analysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks

Analysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks Analysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks Sau Fan LEE (ID: 3484135) Computer Science Department, University of Auckland Email: slee283@ec.auckland.ac.nz Abstract A denial-of-service

More information

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Protect your network: planning for (DDoS), Distributed Denial of Service attacks Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product

More information

First Line of Defense

First Line of Defense First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Gain comprehensive visibility into DDoS attacks and cyber-threats with easily accessible

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto (with material from Ramin Sadre) Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attacks! Many different

More information

Blocking DNS Messages is Dangerous

Blocking DNS Messages is Dangerous Blocking DNS Messages is Dangerous Florian Maury, Mathieu Feuillet October 5-6, 2013 F Maury, M Feuillet Blocking DNS Messages is Dangerous October 5-6, 2013 1/25 ANSSI Created in 2009, the ANSSI is the

More information

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Automated Mitigation of the Largest and Smartest DDoS Attacks

Automated Mitigation of the Largest and Smartest DDoS Attacks Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application

More information

Securing Your Business with DNS Servers That Protect Themselves

Securing Your Business with DNS Servers That Protect Themselves Product Summary: The Infoblox Secure DNS Solution mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate queries.

More information

Log Audit Ensuring Behavior Compliance Secoway elog System

Log Audit Ensuring Behavior Compliance Secoway elog System As organizations strengthen informatization construction, their application systems (service systems, operating systems, databases, and Web servers), security devices (firewalls and the UTM, IPS, IDS,

More information

DoS/DDoS Attacks and Protection on VoIP/UC

DoS/DDoS Attacks and Protection on VoIP/UC DoS/DDoS Attacks and Protection on VoIP/UC Presented by: Sipera Systems Agenda What are DoS and DDoS Attacks? VoIP/UC is different Impact of DoS attacks on VoIP Protection techniques 2 UC Security Requirements

More information

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide Table of Content I. Note... 1 II. Login... 1 III. Real-time, Daily and Monthly Report... 3 Part A: Real-time Report... 3 Part 1: Traffic Details... 4 Part 2: Protocol Details... 5 Part B: Daily Report...

More information

Seminar Computer Security

Seminar Computer Security Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example

More information

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad

More information

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals Denial of Service Attacks Notes derived from Michael R. Grimaila s originals Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident

More information

A Primer for Distributed Denial of Service (DDoS) Attacks

A Primer for Distributed Denial of Service (DDoS) Attacks A Primer for Distributed Denial of Service (DDoS) Attacks Hemant Jain, VP of Engineering Sichao Wang, Director of Product Management April 2012, Fortinet, Inc A Primer for Distributed Denial of Service

More information

Multimedia Communication in the Internet. SIP Security Threads. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS 1

Multimedia Communication in the Internet. SIP Security Threads. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS 1 Multimedia Communication in the Internet SIP Security Threads Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS 1 Denial of Service Prevent service availability Software vulnerabilities

More information

Modern Denial of Service Protection

Modern Denial of Service Protection Modern Denial of Service Protection What is a Denial of Service Attack? A Denial of Service (DoS) attack is generally defined as a network-based attack that disables one or more resources, such as a network

More information

DOMAIN NAME SECURITY EXTENSIONS

DOMAIN NAME SECURITY EXTENSIONS DOMAIN NAME SECURITY EXTENSIONS The aim of this paper is to provide information with regards to the current status of Domain Name System (DNS) and its evolution into Domain Name System Security Extensions

More information

DDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business.

DDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business. [ Executive Brief ] DDoS DETECTING DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. Your data isn t safe. And neither is your website or your business. Hacking has become more prevalent and more sophisticated

More information

axsguard Gatekeeper Internet Redundancy How To v1.2

axsguard Gatekeeper Internet Redundancy How To v1.2 axsguard Gatekeeper Internet Redundancy How To v1.2 axsguard Gatekeeper Internet Redundancy How To v1.2 Legal Notice VASCO Products VASCO data Security, Inc. and/or VASCO data Security International GmbH

More information

JPCERT/CC Internet Threat Monitoring Report [January 1, 2015 - March 31, 2015]

JPCERT/CC Internet Threat Monitoring Report [January 1, 2015 - March 31, 2015] JPCERT-IA-2015-02 Issued: 2015-04-27 JPCERT/CC Internet Threat Monitoring Report [January 1, 2015 - March 31, 2015] 1 Overview JPCERT/CC has placed multiple sensors across the Internet for monitoring to

More information

Surviving DNS DDoS Attacks. Introducing self-protecting servers

Surviving DNS DDoS Attacks. Introducing self-protecting servers Introducing self-protecting servers Background The current DNS environment is subject to a variety of distributed denial of service (DDoS) attacks, including reflected floods, amplification attacks, TCP

More information