Don t get DDoSed and Confused. Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Don t get DDoSed and Confused. Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services"

Transcription

1 Don t get DDoSed and Confused Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services

2 Agenda Intro/Data Collection DDoS Basics Trends and Statistics Adversarial Groups/Motivations Defense

3 Akamai has unique insight into Web/DDoS Traffic 1 Akamai s Edge carries ~ 20Tbps of Web Traffic at steady state with bursts to 30+Tbps 2 FAST DNS Authoritative DNS Solution DNS servers Edge servers FAST DNS Akamai Web Platform WAF Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Prolexic Scrubbing centers 3 Prolexic BGP-Based DDoS Mitigation 4 Akamai Customer Base. 98 of top 100 Commerce Sites All Braches of US Military All Agencies of the US Gov t 10 of top 10 Banks 30 of top 30 Media Sites 10 of top 10 Asset Managers 10 of top 10 P&C Companies 8 of top 10 Auto Manufacturers

4 Cloud Security Intelligence Visibility Grow revenue opportunities with fast, personalized web 15 to experiences 30 percent of and global manage Web traffic complexity from peak New demand, in Q mobile devices and data collection. Akamai Security Center Data 20 TB of daily attack data; 4 PB / 45 days stored

5 Agenda Intro/Data Collection DDoS Basics Trends and Statistics Adversarial Groups/Motivations Defense

6 CISSP Refresher What: Data Breach, Session Hijacking, Account Hijacking How: Injection, Social Engineering, Brute force login checking What: Site Defacement, Hosting Malware, DNS Zone Hijacking How: Injection, Social Engineering Availability What: Site Unavailable, Unresponsive, Unresolvable How: DDoS (Packet flooding, HTTP request flooding)

7 How most people think of DDoS

8 How we/attackers think of DDoS Users (good/bad) Public Internet ISP xcons IPS/ IDS LB www www DMZ = VPN Concentrator www www Name Servers Relational Database Remote Offices

9 DDoS Techniques Protocol Level Flooding Reflection/Amplification Attacks Dominate these type of attacks Web Application(Layer 7) More Subtle Targeting more fragile Web/Database resources

10 Transport Layer Protocol Abuse: Fun with TCP There are many variations of TCP Handshake Abuse. SYN SYN X 100 SYN-ACK ACK SYN-ACK X 100 SYN?????

11 Network Layer Attacks: Reflection + Amplification Attacks CHARGEN Attack Script a.b.c.d(address doesn t matter. This is UDP. He will spoof it.) Vulnerable Server 1Mbps of Character Gen requests Mbps of this=>

12 Case Study: NTP Reflection Attacks Attack Vector Request with spoofed source IP of target server sent to a vulnerable NTP server that allows the monlist function. NTP server replies back to the target IP, direct to origin, at massive scale. Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. 500X RETURN RATE IN TRAFFIC >100GBPS ATTACK TRAFFIC AGAINST ORIGIN 1,000+ INCREASE IN HITS PER SECOND AGAINST ORIGIN

13 NTP Reflection used in attack: (Source/Target in Asia) Day campaign against single customer 39 distinct attacks targeting applications and DNS infrastructure Eight attacks >100 Gbps including record 320 Gbps attack Start Infrastructure (Gbps) Web (Gbps) authdns (Mpps) DNS Reflection (Mpps) End

14 SSDP aka upnp (Universal Plug and Play)

15 So many Amplification vectors for an attacker to choose from.. Most select several. Source:US-Cert.gov

16 DDoS: Attackers find various bottlenecks to target Capacity declines as you move to deeper towards the DB Internet Pipe Load Firewall IPS Application Database Balancer

17 Slow Layer-7 Resource Exhaustion Attacks

18 Attackers are leveraging common IT Mega-Trends IoT Mobile We have detected refrigerators participating in DDoS Attacks BotNets frequently own Mobile Devices Cloud Sourced DDoS Attacks Challenge Legacy Defenses

19 DDoS as a Counter to Tight Security Controls Akamai Advisory

20 DNS Hijacks Attacks: Common Tactic for Middle Eastern Attackers Best Practice DNS Locks Client DNS Locks clientupdateprohibited clienttransferprohibited clientdeleteprohibited US DoD s DNS Hijacked Registrar locks serverupdateprohibited servertransferprohibited serverdeleteprohibited

21 China s Great Cannon DDoS Tool

22 DDoS Attack Trends Facts and Figures from Q2 2015

23 In Q2 2015, DDoS attacks were less powerful.. but longer and more frequent Traditional DDoS attacks harness the scale of global botnets Newer attacks target protocol vulnerabilities to amplify size SNMP (6x) DNS (28x-54x) CHARGEN (358x) NTP (556x) Gbps Mpps Q Q2 2015

24 DDoS Attack Instances, Q Q The number of DDoS attacks has more than doubled compared with Q2 2014, though with slightly smaller attack sizes

25 Compared to Q % Total DDoS attacks 11% Average peak bandwidth 77% Average peak volume 122% Application layer DDoS attacks 134% Infrastructure layer attacks 19% Average attack duration 100% Total attacks > 100 Gbps Q2 set a record for the number of DDoS attacks observed over the Akamai Prolexic Routed network, more than doubling the number of attacks observed in Q

26 Types of DDoS Attacks & Relative Distribution in Q2 2015

27 Mega Attacks > 100 Gbps in Q Twelve megaattacks in Q vs. six in Q Most targeted Internet/Telecom. Two targeted Gaming.

28 Mega Attacks > 50 Mpps in Q A 214 million packets per second (Mpps) DDoS attack was among the highest ever recorded. Such attacks can take out tier 1 routers, such as used by Internet service providers (ISPs).

29 Most Commonly Attacked Verticals Q Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.

30 Top 10 Source Countries for DDoS Attacks in Q Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.

31 Agenda Intro/Data Collection DDoS Basics Trends and Statistics Adversarial Groups/Motivations Defense

32 Attacker Motivation

33 Attacking for the Lulz!

34 Extortion DDoS for BitCoin Campaign: DD4BC

35 DD4BC WHAT TO EXPECT 1. Initial small attack 2. ransom demand Payment in bitcoin Increasing ransom over time 3. Claims of capability 400 Gbps attack sizes Bypass DDoS defenses 4. Continued threats Increasing ransom for countermeasures

36 DD4BC Ransom Note

37 DDoS as a Distraction

38 DDoS as a Distraction Multi-Vector Attacks: 2014 Sochi Olympics 3.5 Tbps event 50% Growth in Average User Connection Speed Compared to More than a Million Malicious Requests Blocked Multi-Vector Attacks Detected Again in 2014 Application DDoS RFI Command Injection Requests from Anonymous Proxy Attacks Again Spiked During Major Events Opening Ceremonies Hockey Semi-Final(US v. Canada)

39 Public Sector/Education DDoS Attacks

40 Large March 2014 Attack: Target was European Media Company Blended Attack, Significant NTP Traffic DDoS Start :: 8MAR14 13:52:00 UTC DDoS Stop :: 9MAR14 02:00:00 UTC Peak Bps :: 200+Gbps Peak Pps :: 65Mpps 2 hosts targeted on Random UDP/TCP/ICMP ports

41 QCF Attacks

42 BroBot: Advanced Attacker Evades Common DDoS Services Attack IP s Changing every ~ 10 minutes Banking site real-time Kona security dashboard view Blocking ~18M HTTPS attacks per minute Attacker requesting URL s with heavy compute burden(search, login, ATM locator) Source IP s are frequently Cloud servers Commandeered using vulnerabilities in well known CMS s

43 QCF Later Stages of Campaign: Targeting small regional banks and Credit Unions

44 Case Study: Augusta County Public Schools Augusta County s Education IT team Mission: Provide IT support for 20+ schools and manage Devices Challenge: Persistent DDoS Attacks impact ability to deliver uninterrupted access to Government Mandated SOL testing SOL testing impacts grades and graduation eligibility for students. Solution: Akamai s Prolexic Routed Cloud-based DDoS Protection

45 Georgia High School Case Study: Sept 2015 School system experiences daily DDoS Attacks disrupting confidence in students/parents in the school s ability to deliver IT Services SOL Systems are at risk, which is a huge concern for School Administrators Akamai Enterprise Security Architect goes on site to speak with school IT Team UDP Flood on port 80 is observed Akamai ESA directs customer to review web-logs and students were observed visiting DDoSas-a-Service Sites kicking off attacks Logs identified which students were logged onto machines at the time of visits to Stressor websites

46 Agenda Intro/Data Collection DDoS Basics Trends and Statistics Adversarial Groups/Motivations Defense

47 How do you defend from these attacks? Architecture Knowledge of Attack Trends A Plan

48 Potential Architectures for Defending from DDoS ISP Data center Transit Network ISP ISP

49 Potential Architectures for Defending from DDoS ISP Data center Transit Network ISP ISP

50 Cloud Security Architecture ISP Data center Transit Network ISP ISP

51 DDoS Mitigation Success: 5 Points To Take Away 1. You Need Data To derive intelligence on current & evolving threats. Avoid data theft and downtime by extending the 2. Scale, Availability & Resilience security perimeter outside the data-center and To be high performing, take the punches, & stay online. protect from increasing frequency, scale and 3. sophistication A Plan of web attacks. To understand how to respond to bad day scenarios. 4. Control & Flexibility To adapt your defenses dynamically. 5. People & Experience To execute every time you come under attack AKAMAI FASTER FORWARD TM

52 Stress Test your Plan

53

2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative

2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative 2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago,

More information

Cloud Security In Your Contingency Plans

Cloud Security In Your Contingency Plans Cloud Security In Your Contingency Plans Jerry Lock Security Sales Lead, Greater China Contingency Plans Avoid data theft and downtime by extending the security perimeter outside the data-center and protect

More information

Introduction to DDoS Attacks. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter

Introduction to DDoS Attacks. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter Introduction to DDoS Attacks Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News Q1 2014 DDoS Attack Trends DDoS Attack Trends Q4 2013 Mobile devices

More information

DDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter

DDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS Threat Report Insights on Finding, Fighting, and Living with DDoS Attacks v1.1 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News - 2014 DDoS Trends

More information

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE. CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE. Threat > The number and size of cyberattacks are increasing rapidly Website availability and rapid performance are critical factors in determining the success

More information

Beyond DDoS: Case Studies on Attack Mitigation for Financial Services. Mike Kun and Patrick Laverty, Akamai CSIRT

Beyond DDoS: Case Studies on Attack Mitigation for Financial Services. Mike Kun and Patrick Laverty, Akamai CSIRT Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT Akamai CSIRT: What We Do Akamai Customer Security Incident Response Team: Incident Response

More information

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons Attribution-ShareAlike 4.0 International license. As a provider

More information

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS : DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s

More information

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer 2012 Infrastructure Security Report 8th Annual Edition Kleber Carriello Consulting Engineer Key Findings in the Survey* Advanced Persistent Threats (APT) a top concern for service providers and enterprises

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014 VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS 4 Mitigations by Attack Size 4 Mitigations by Industry 5

More information

Acquia Cloud Edge Protect Powered by CloudFlare

Acquia Cloud Edge Protect Powered by CloudFlare Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....

More information

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons Attribution-ShareAlike 4.0 International license. As a provider

More information

Technical Series. A Prolexic White Paper. Firewalls: Limitations When Applied to DDoS Protection

Technical Series. A Prolexic White Paper. Firewalls: Limitations When Applied to DDoS Protection A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial

More information

How to launch and defend against a DDoS

How to launch and defend against a DDoS How to launch and defend against a DDoS John Graham-Cumming October 9, 2013 The simplest way to a safer, faster and smarter website DDoSing web sites is... easy Motivated groups of non-technical individuals

More information

Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014

Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014 SESSION ID: SPO2-W04 Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014 John Summers VP, Security Products Akamai #RSAC The Akamai Intelligent Platform The Platform 167,000+ Servers 2,300+

More information

CloudFlare advanced DDoS protection

CloudFlare advanced DDoS protection CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com

More information

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Protect your network: planning for (DDoS), Distributed Denial of Service attacks Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product

More information

DEFENDING AGAINST LOW-BANDWIDTH, ASYMMETRIC DENIAL-OF-SERVICE ATTACKS

DEFENDING AGAINST LOW-BANDWIDTH, ASYMMETRIC DENIAL-OF-SERVICE ATTACKS DEFENDING AGAINST LOW-BANDWIDTH, ASYMMETRIC DENIAL-OF-SERVICE ATTACKS David W. Holmes (@dholmesf5) F5 Networks Session ID: HT-R02 Session Classification: Intermediate AGENDA Introduction Why does this

More information

SSDP REFLECTION DDOS ATTACKS

SSDP REFLECTION DDOS ATTACKS TLP: AMBER GSI ID: 1079 SSDP REFLECTION DDOS ATTACKS RISK FACTOR - HIGH 1.1 OVERVIEW / PLXsert has observed the use of a new reflection and amplification distributed denial of service (DDoS) attack that

More information

First Line of Defense

First Line of Defense First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Gain comprehensive visibility into DDoS attacks and cyber-threats with easily accessible

More information

Security Solutions for the New Threads

Security Solutions for the New Threads Security Solutions for the New Threads We see things others can t Pablo Grande Sales Director, SOLA pgrande@arbor.net What a CISO Is Looking For Show Progress on Response Time Measurably improve our incident

More information

Mitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy

Mitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy Mitigating Denial of Service Attacks Why Crossing Fingers is Not a Strategy Introduction Mark Baldwin - Owner of Tectonic Security MSSP and Security Consulting Primarily Work With SMBs DDoS Mitigation

More information

Akamai Cloud Security Solutions:

Akamai Cloud Security Solutions: AKAMAI WHITE PAPER Akamai Cloud Security Solutions: Comparing Approaches for Web, DNS, and Infrastructure Security TABLE OF CONTENTS INTRODUCTION 1 THE CHANGING THREAT LANDSCAPE 1 Denial-of-service attacks

More information

Cyber Warfare: Identifying Attackers Hiding Amongst the Flock

Cyber Warfare: Identifying Attackers Hiding Amongst the Flock Cyber Warfare: Identifying Attackers Hiding Amongst the Flock Anthony Lauro Sr. Enterprise Security Architect Akamai Technologies, Inc October 3 rd, 2015 Who am I? (unphilosophically speaking) About me:

More information

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service

More information

FortiDDos Size isn t everything

FortiDDos Size isn t everything FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One

More information

Corero Network Security First Line of Defense Executive Overview

Corero Network Security First Line of Defense Executive Overview FIRST LINE OF DEFENSE Corero Network Security First Line of Defense Executive Overview Products and Services that Protect Against DDoS Attacks and Cyber Threats EXECUTIVE SUMMARY Any organization conducting

More information

DDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business.

DDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business. [ Executive Brief ] DDoS DETECTING DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. Your data isn t safe. And neither is your website or your business. Hacking has become more prevalent and more sophisticated

More information

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch

More information

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security

More information

[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd.

[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals Contents 1 2 3 4 Industry Trends DDoS Attack Types Solutions to DDoS Attacks Summary 2 Cybercrime Landscape DNS Hijacking Malware 3% 3% Targeted

More information

VALIDATING DDoS THREAT PROTECTION

VALIDATING DDoS THREAT PROTECTION VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to

More information

DDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen. Eldad Chai, VP Product

DDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen. Eldad Chai, VP Product DDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen Eldad Chai, VP Product Incapsula Application Delivery from the Cloud 2 DDoS 101 ISP Network Devices Web servers Applications

More information

First Line of Defense

First Line of Defense First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Powerful web-based security analytics portal with easy-to-read security dashboards Proactive

More information

Stop DDoS Attacks in Minutes

Stop DDoS Attacks in Minutes PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 3, ISSUE 2 2ND QUARTER 2016 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q2 2016 4 DDoS Attacks Become More Sophisticated

More information

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic

More information

Real Life DoS/DDOS Threats and Benefits of Deep DDOS Inspection. Oğuz YILMAZ CTO Labris Networks

Real Life DoS/DDOS Threats and Benefits of Deep DDOS Inspection. Oğuz YILMAZ CTO Labris Networks Real Life DoS/DDOS Threats and Benefits of Deep DDOS Inspection Oğuz YILMAZ CTO Labris Networks 1 Today Labris Networks L7 Attacks L7 HTTP DDoS Detection Problems Case Study: Deep DDOS Inspection (DDI

More information

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...

More information

Web Application Defence. Architecture Paper

Web Application Defence. Architecture Paper Web Application Defence Architecture Paper June 2014 Glossary BGP Botnet DDoS DMZ DoS HTTP HTTPS IDS IP IPS LOIC NFV NGFW SDN SQL SSL TCP TLS UTM WAF XSS Border Gateway Protocol A group of compromised

More information

Arbor s Solution for ISP

Arbor s Solution for ISP Arbor s Solution for ISP Recent Attack Cases DDoS is an Exploding & Evolving Trend More Attack Motivations Geopolitical Burma taken offline by DDOS attack Protests Extortion Visa, PayPal, and MasterCard

More information

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks Stop DDoS before they stop you! James Braunegg (Micron 21) What Is Distributed Denial of Service A Denial of Service attack (DoS)

More information

TDC s perspective on DDoS threats

TDC s perspective on DDoS threats TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)

More information

DDoS Mitigation Solutions

DDoS Mitigation Solutions DDoS Mitigation Solutions The Real Cost of DDOS Attacks Hosting, including colocation at datacenters, dedicated servers, cloud hosting, shared hosting, and infrastructure as a service (IaaS) supports

More information

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business

More information

Analysis of a DDoS Attack

Analysis of a DDoS Attack Analysis of a DDoS Attack December 2014 CONFIDENTIAL CORERO INTERNAL USE ONLY Methodology around DDoS Detection & Mitigation Corero methodology for DDoS protection Initial Configuration Monitoring and

More information

The server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015.

The server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015. 1 TLP: GREEN 02.11.15 GSI ID: 1086 SECURITY BULLETIN: MS SQL REFLECTION DDOS RISK FACTOR - MEDIUM 1.1 / OVERVIEW / Beginning in October 2014, PLXsert observed the use of a new type of reflection-based

More information

Distributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks.

Distributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks. Distributed Denial of Service (DDoS) attacks Imminent danger for financial systems Presented by Tata Communications Arbor Networks 1 Agenda Importance of DDoS for BFSI DDoS Industry Trends DDoS Technology

More information

Protecting Websites from Attack with Secure Delivery Networks

Protecting Websites from Attack with Secure Delivery Networks COVER FEATURE CYBERSECURITY Protecting Websites from Attack with Secure Delivery Networks David Gillman, New College of Florida and Akamai Technologies Yin Lin, VMware Bruce Maggs, Duke University and

More information

Automated Mitigation of the Largest and Smartest DDoS Attacks

Automated Mitigation of the Largest and Smartest DDoS Attacks Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application

More information

/ Staminus Communications

/ Staminus Communications / Staminus Communications Global DDoS Mitigation and Technology Provider Whitepaper Series True Cost of DDoS Attacks for Hosting Companies The most advanced and experienced DDoS mitigation provider in

More information

Protect Against the Full Spectrum of Modern DDoS Attacks. F5 EMEA Webinar January 2015

Protect Against the Full Spectrum of Modern DDoS Attacks. F5 EMEA Webinar January 2015 Protect Against the Full Spectrum of Modern DDoS Attacks F5 EMEA Webinar January 2015 The Evolution of Attackers September 1996 First high profile DDoS attack. NY ISP Panix.com that was nearly put out

More information

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013 the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point

More information

Ihr Standort bleibt erreichbar. Ihre Applikationen bleiben erreichbar!

Ihr Standort bleibt erreichbar. Ihre Applikationen bleiben erreichbar! Ihr Standort bleibt erreichbar. Ihre Applikationen bleiben erreichbar! Die hybride DDoS Protection und Application Security Lösung von F5 Networks Arrow Sommerforum München am 16. Juli 2015 e.kampmann@f5.com

More information

Denial of Service Attacks

Denial of Service Attacks 2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 2 2ND QUARTER 2014

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 2 2ND QUARTER 2014 VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 2 2ND QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDOS TRENDS FROM THE SECOND QUARTER OF 2014 4 Attack Stats 4 Mitigations by

More information

DDoS attacks in CESNET2

DDoS attacks in CESNET2 DDoS attacks in CESNET2 Ondřej Caletka 15th March 2016 Ondřej Caletka (CESNET) DDoS attacks in CESNET2 15th March 2016 1 / 22 About CESNET association of legal entities, est. 1996 public and state universities

More information

Securing Your Business with DNS Servers That Protect Themselves

Securing Your Business with DNS Servers That Protect Themselves Product Summary: The Infoblox Secure DNS Solution mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate queries.

More information

DRDoS Attacks: Latest Threats and Countermeasures. Larry J. Blunk Spring 2014 MJTS 4/1/2014

DRDoS Attacks: Latest Threats and Countermeasures. Larry J. Blunk Spring 2014 MJTS 4/1/2014 DRDoS Attacks: Latest Threats and Countermeasures Larry J. Blunk Spring 2014 MJTS 4/1/2014 Outline Evolution and history of DDoS attacks Overview of DRDoS attacks Ongoing DNS based attacks Recent NTP monlist

More information

DDoS Attacks & Mitigation

DDoS Attacks & Mitigation DDoS Attacks & Mitigation Sang Young Security Consultant ws.young@stshk.com 1 DoS Attack DoS & DDoS an attack render a target unusable by legitimate users DDoS Attack launch the DoS attacks from various

More information

DDoS Attacks Can Take Down Your Online Services

DDoS Attacks Can Take Down Your Online Services DDoS Attacks Can Take Down Your Online Services Dr. Bill Highleyman Managing Editor, Availability Digest Continuity Insights New York 2014 October 8, 2014 editor@availabilitydigest.com Who Am I? Dr. Bill

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

First Line of Defense to Protect Critical Infrastructure

First Line of Defense to Protect Critical Infrastructure RFI SUBMISSION First Line of Defense to Protect Critical Infrastructure Developing a Framework to Improve Critical Infrastructure Cybersecurity Response to NIST Docket # 130208119-3119-01 Document # 2013-044B

More information

Securing data centres: How we are positioned as your ISP provider to prevent online attacks.

Securing data centres: How we are positioned as your ISP provider to prevent online attacks. Securing data centres: How we are positioned as your ISP provider to prevent online attacks. Executive Summary In today s technologically-demanding world, an organisation that experiences any internet

More information

DENIAL-OF-SERVICE ATTACKS

DENIAL-OF-SERVICE ATTACKS DENIAL-OF-SERVICE ATTACKS 40 years old & more present then ever Robert Dürr, Brühl, 16./17.09.2015 Axians Networks & Solutions GmbH email: robert.duerr@axians.de 1 WHO IS AXIANS?! Axians is the new brand

More information

Prolexic Quarterly Global DDoS Attack Report Q4 2012

Prolexic Quarterly Global DDoS Attack Report Q4 2012 Prolexic Quarterly Global DDoS Attack Report Q4 2012 Q4 2012 was defined by the increasing scale and diversity of DDoS attacks as well as the enduring nature of botnets. Analysis and emerging trends At

More information

DDoS Attack Types: Glossary of Terms

DDoS Attack Types: Glossary of Terms DDoS Attack Types: Glossary of Terms This Distributed Denial of Service (DDoS) attack glossary is intended to provide a high level overview of the various DDoS attack types and typical DDoS attack characteristics.

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto (with material from Ramin Sadre) Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attacks! Many different

More information

SecurityDAM On-demand, Cloud-based DDoS Mitigation

SecurityDAM On-demand, Cloud-based DDoS Mitigation SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS

More information

What to Look for When Choosing a CDN for DDoS Protection Written by Bizety

What to Look for When Choosing a CDN for DDoS Protection Written by Bizety What to Look for When Choosing a CDN for DDoS Protection Written by Bizety WHITE PAPER Introduction Every online company should be familiar with Distributed Denial of Service (DDoS) attacks and the risk

More information

Business Case for a DDoS Consolidated Solution

Business Case for a DDoS Consolidated Solution Business Case for a DDoS Consolidated Solution Executive Summary Distributed denial-of-service (DDoS) attacks are becoming more serious and sophisticated. Attack motivations are increasingly financial

More information

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business

More information

DDoS Protection on the Security Gateway

DDoS Protection on the Security Gateway DDoS Protection on the Security Gateway Best Practices 24 August 2014 Protected 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by

More information

DDoS Attacks in the United Kingdom

DDoS Attacks in the United Kingdom Neustar Insights DDoS Attacks in the United Kingdom 2012 Annual Trends and Impact Survey Contents Survey Findings, 2012 2011 Survey Methodology 3 Frequency of Attacks 3 Introduction In both 2011 and 2012,

More information

Mitigating the DoS/DDoS Threat. Why You Need On-Premises Security Solution in Conjunction with Anti-DoS Managed Service - Whitepaper

Mitigating the DoS/DDoS Threat. Why You Need On-Premises Security Solution in Conjunction with Anti-DoS Managed Service - Whitepaper Mitigating the DoS/DDoS Threat Why You Need On-Premises Security Solution in Conjunction with Anti-DoS Managed Service - Whitepaper Table of Contents Abstract...3 DDoS is Growing and Evolving...3 DDoS

More information

Akamai Security Products

Akamai Security Products Akamai Security Products Key Areas of Cloud Security for Akamai Protect Web Availability Internet Infrastructure Security Remove Credit Cards Payment Tokenization Web Application Firewall Application Security

More information

DDoS Attack Mitigation Report. Media & Entertainment Finance, Banking & Insurance. Retail

DDoS Attack Mitigation Report. Media & Entertainment Finance, Banking & Insurance. Retail DDoS Attack Mitigation Report Media & Entertainment Finance, Banking & Insurance Retail DDoS Attack Mitigation Report Media & Entertainment Attack on Spanish-Language News Site is Abandoned When Traffic

More information

Reducing the Impact of Amplification DDoS Attack

Reducing the Impact of Amplification DDoS Attack Reducing the Impact of Amplification DDoS Attack hello! I am Tommy Ngo I am here to present my reading: reducing the impact of amplification DDoS attack 2 1. Background Let s start with what amplification

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

How Effective CSOs Prepare for DDoS Attacks. Rob Kraus & Jeremy Scott Solutionary SERT

How Effective CSOs Prepare for DDoS Attacks. Rob Kraus & Jeremy Scott Solutionary SERT How Effective CSOs Prepare for DDoS Attacks Rob Kraus & Jeremy Scott Solutionary SERT 2013 Solutionary, Inc. ActiveGuard U.S. Patent Nos 6,988,208; 7,168,093; 7,370,359; 7,424,743; 7,673,049: 7,954,159;

More information

Check Point DDoS Protector

Check Point DDoS Protector Check Point DDoS Protector June 2012 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. Cybercrime

More information

Introducing Radware Attack Mitigation System. Presenter: Werner Thalmeier September 2013

Introducing Radware Attack Mitigation System. Presenter: Werner Thalmeier September 2013 Introducing Radware Attack Mitigation System Presenter: Werner Thalmeier September 2013 Agenda Introducing Radware (quick) Current Attacks Landscape Quick Outlook on Radware Attack Mitigation System (AMS)

More information

Four Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers

Four Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers Four Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers Whitepaper SHARE THIS WHITEPAPER Table of Contents The Rising Threat of Cyber-Attack Downtime...3 Four Key Considerations

More information

2012 AKAMAI FASTER FORWARDTM

2012 AKAMAI FASTER FORWARDTM 2012 AKAMAI FASTER FORWARDTM Extending Your Perimeter of Defense and Visibility Patrick Sullivan, CISSP, GSLC Jonathan Anderson, CISSP, GCED What We ve Seen 2012 YTD 170 DDoS or Malicious Attacks on Akamai

More information

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015 Arrow ECS University 2015 Radware Hybrid Cloud WAF Service 9 Ottobre 2015 Get to Know Radware 2 Our Track Record Company Growth Over 10,000 Customers USD Millions 200.00 150.00 32% 144.1 16% 167.0 15%

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 4 4TH QUARTER 2014

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 4 4TH QUARTER 2014 VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 4 4TH QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: 4 Mitigations by Attack Size 4 MITIGATIONS BY INDUSTRY VERTICAL

More information

Practical Advice for Small and Medium Environment DDoS Survival

Practical Advice for Small and Medium Environment DDoS Survival Practical Advice for Small and Medium Environment DDoS Survival Chris "Mac" McEniry Sony Network Entertainment @macmceniry November 8 13, 2015 Washington, D.C. www.usenix.org/lisa15 #lisa15 1 Practical

More information

THE DANGER DEEPENS. Neustar Annual United Kingdom DDoS Attacks & Impact Report

THE DANGER DEEPENS. Neustar Annual United Kingdom DDoS Attacks & Impact Report THE DANGER DEEPENS Neustar Annual United Kingdom DDoS Attacks & Impact Report 2014 Welcome to the 2014 UK DDoS Attacks and Impact Report For the second consecutive year, Neustar surveyed hundreds of companies

More information

Q1 [2015 Report] Volume 2 Number 1. akamai s [state of the internet] / security

Q1 [2015 Report] Volume 2 Number 1. akamai s [state of the internet] / security Q1 [2015 Report] Volume 2 Number 1 akamai s [state of the internet] / security FASTER FORWARD TO THE LATEST GLOBAL BROADBAND TRENDS Download Akamai s [state of the internet] report Join us at stateoftheinternet.com

More information