Firewall on Demand Multidomain

Size: px
Start display at page:

Download "Firewall on Demand Multidomain"

Transcription

1 Firewall on Demand Multidomain S E C U R I T Y V I A B G P F L O W S P E C & A W E B P L A T F O R M Leonidas Poulopoulos GRNET NOC Wayne Routly DANTE Jeffrey Haas JUNIPER Firewall on Demand Multidomain Internet2 Global Summit, Apr

2 Firewall on Demand S E C U R I T Y V I A B G P F L O W S P E C & A W E B P L A T F O R M L e o n i d a s P o u l o p o u l o s l e o p o u n o c. g r n e t. g r G R N E T N O C e o p o u l ) Firewall on Demand Multidomain Internet2 Global Summit, Apr

3 GRNET NOC Staff: 15 Network: 120 devices (40 routers/80 switches) Juniper-based network Presence: 90 cities Clients: ~100 Upstream: GÉANT Firewall on Demand Multidomain 3 Internet2 Global Summit, Apr

4 DDoS Illustrated DDoS attack launched from compromised systems (bots) IX UPSTREAM NREN Victim DDoS attack traffic consumes network capacity DDoS attack targets applications and services Firewall on Demand Multidomain 4 Internet2 Global Summit, Apr

5 DDoS facts 400 Gbps 309 < Source: Arbor Networks Inc. & Cloudflare Firewall on Demand Multidomain 5 Internet2 Global Summit, Apr

6 Staying alive acls, firewall filters RTBH BGP flowspec Firewall on Demand Multidomain 6 Internet2 Global Summit, Apr

7 BGP FLOWSPEC IETF AND JUNIPER ROADMAP Jeffrey Haas

8 BGP FLOWSPEC BGP Flowspec was originally defined in RFC 5575 and has been part of JUNOS since version 7.3. It permits layer 4 (TCP and UDP) firewall filters to be distributed in BGP on both a intradomain and inter-domain basis. Flowspec was originally defined to assist in mitigation of DDoS attacks. Deployments may use native configuration to distribute the filters. Several DDoS mitigation environments will generate the filters in support of their detection and mitigation tools. 8 Copyright 2014 Juniper Networks, Inc.

9 CURRENT IETF WORK draft-ietf-idr-bgp-flowspec-oid Formally permits IBGP origination of BGP flowspec routes without requiring a longest-match for validation. In practice, operators have been using policy knobs to permit similar behaviors for nonebgp originated flowsec. draft-haas-idr-flowspec-redirect-rt-bis Clarifies some issues in RFC 5575 for the Redirect to VRF Route- Target. As currently documented, it s not possible to have a fully compatible BGP Flowspec implementation. 9 Copyright 2014 Juniper Networks, Inc.

10 CURRENT IETF WORK draft-ietf-idr-flowspec-redirect-ip adds some exciting features to BGP flowspec: Permit redirection of traffic to a specific IP address rather than requiring tunneling via VRF. Permit the copying of traffic in a similar fashion. Some issues with the feature encoding and precedence of rules are being worked out currently. New draft expected soon. draft-ietf-idr-flow-spec-v6 Provide for support for IPv6 in flowspec. Necessary changes include: (Limited) Support for Next Header. Flow Label support Ambiguous case of Traffic Class with regard to ECN still under debate. 10 Copyright 2014 Juniper Networks, Inc.

11 JUNIPER ROADMAP 15.1 Flowspec ISSU/NSR support, draft-oid validation rules 15.2 (tentative) Redirect-IP Future: IPv6 Flowspec support 11 Copyright 2014 Juniper Networks, Inc.

12 INTO THE REALM OF SPECULATIVE FICTION BGP Flowspec provides a convenient encoding mechanism to permit Layer3+ traffic filters be distributed. Future facing work, such as Software Defined Networking (SDN), Service Chaining/Network Function Virtualization or Interface to the Routing System (I2RS) may be able to leverage flowspec as a mechanism to distribute custom forwarding behaviors. 12 Copyright 2014 Juniper Networks, Inc.

13 BGP community flow vs. RTBH vs. ACLs ACLS Distributed across the network Closer to the source Fine-grained even on core/backbone networks Multidomain easy propagation towards the upstream via BGP Easy automation & integration BGP RTHB Flowspec: enhancement of RTBH Does not affect all traffic to victim Less coarse More actions Separate NLRI Firewall on Demand Multidomain 13 Internet2 Global Summit, Apr

14 Firewall on Demand NEED FOR BETTER TOOLS TO MITIGATE TRANSIENT ATTACKS GRANULARITY: Per-flow level ACTION: Drop, rate-limit, redirect SPEED: 1-2 orders of magnitude quicker EFFICIENCY: closer to the source, multi-domain AUTOMATION: integration with other systems MANAGEABILITY: status tracking, web interface Firewall on Demand Multidomain 14 Internet2 Global Summit, Apr

15 FoD Architecture Shibboleth Django MVC User Interface Long Polling (Gevent) Job Queue (Celery/Beanstalk) OPEN SOURCE https://code.grnet.gr/projects/flowspy https://fod.grnet.gr Caching Layer (Memcached) Network Config to XML proxy (nxpy) Python NETCONF client (ncclient) NETCONF ebgp ebgp ibgp ibgp Firewall on Demand Multidomain 15 Internet2 Global Summit, Apr

16 FoD Screenshots more during demo Firewall on Demand Multidomain 16 Internet2 Global Summit, Apr

17 How it works Single domain Customer s NOC logs in web tool (shibboleth) & describes flows and actions Destination validated against customer s IP space A dedicated router is configured (NETCONF) to advertise the route via BGP flowspec Dynamic firewall filters are implemented on all routers Attack is mitigated upon entrance End of attack: Removal via the tool, or auto-expire Firewall on Demand Multidomain 17 FoD UPSTREAM IX GRNET Client Client Web ebgp NETCONF ibgp Internet2 Global Summit, Apr

18 GRNET FoD usage examples 2.5years 20Tbytes 100rules 40users 20peers Firewall on Demand Multidomain 18 Internet2 Global Summit, Apr

19 What now? Idea! BGP is by nature MULTIDOMAIN Deploy FoD in a MULTIDOMAIN Environment GÉANT and its peering NRENs Firewall on Demand Multidomain 19 Internet2 Global Summit, Apr

20 Firewall on Demand A Multi-Domain Implementation Wayne Routly Security Manager DANTE connect communicate collaborate

21 GÉANT : Who What How Pan-European Network..Transit Network.ISP 30 Physical Pops 50,000 km network infrastructure on 44 routes 100Gb/s 100s TB of Data 15+ Million IPs 100+ Workstations Truly Global (50 million users) 10,000 institutions Interconnects European NRENs - 40 Commercial & Commodity Traffic connect communicate collaborate 21

22 Today Little bit of DDoS on the side.. NTP, DNS, SMTP. Amplification Attacks 2k DDoS Events (183 pm) 298 vs k in 2014, average 300 connect communicate collaborate 22

23 Today DDoS Events CyNet Target: The University of Cyprus (www.ucy.ac.cy) Port Ranges: 0, 2070 and 3475 Multiple Source IP s and source AS s. Attack peak: Over 13G over 1G link connect communicate collaborate 23

24 Today DDoS Events CyNet [2] Destination AS 3268 Traffic Date Seen Dst IP Addr Flows (%) Packets (%) Bytes (%) : x.x (97.2) M(99.2) G(99.5) : x.x 129( 0.1) ( 0.0) M( 0.0) : x.x 128( 0.1) ( 0.1) 12.3 M( 0.0) : x.x 114( 0.1) 57000( 0.0) 10.5 M( 0.0) : x.x 90( 0.1) ( 0.1) M( 0.1) : x.x 81( 0.1) 40500( 0.0) 8.7 M( 0.0) Destination ports for x.x Date Seen Dst Port Flows (%) Packets (%) Bytes (%) : (37.8) M(32.7) G(35.3) : (37.1) M(59.0) G(57.1) : (23.8) 31.3 M( 7.1) 39.2 G( 7.6) : ( 1.1) 4.3 M( 1.0) M( 0.0) : ( 0.1) ( 0.1) 29.0 M( 0.0) : ( 0.0) ( 0.0) 16.7 M( 0.0) : ( 0.0) ( 0.0) 6.4 M( 0.0) connect communicate collaborate 24

25 Today DDoS Events GRNET DNS Amplification Attack Target: GRNET Port Ranges: 53 (DNS) Multiple Source IP s & Source AS s. Attack peak: 20G over 10G link Date first seen Dst IP Addr Flows (%) Packets (%) Bytes (%) : x 35531( 7.8) 36.1 M(11.3) 53.5 G(11.9) : x 34632( 7.6) 35.6 M(11.1) 52.6 G(11.7) : x 34469( 7.6) 35.3 M(11.1) 52.2 G(11.6) : x 49621(11.0) 31.8 M(10.0) 44.3 G( 9.9) : x 48220(10.6) 27.1 M( 8.5) 36.7 G( 8.2) : x 39278( 8.7) 26.1 M( 8.2) 36.5 G( 8.1) connect communicate collaborate 25

26 Uhm..Now What connect communicate collaborate

27 Today Security Changes - Audits connect communicate collaborate

28 Strategy security solutions that simplify the improvement of the security status quo connect communicate collaborate 28

29 Requirements - Defining It must be easy to use It must be ENHANCE security Must deliver MEASURABLE VALUE REDUNDANCY must be incorporated into existing processes accepted by all participants. conform to BEST PRACTICES & STANDARDS Must be SCALABLE. connect communicate collaborate 29

30 GÉANT Security Complete Security Solution - NSHaRP It is a mechanism to quickly and effectively inform affected users of incidents detected transiting the GÉANT network dynamically. It adds value by serving as an extension to an NRENs CERT, by adding visibility to incidents targeting or originating from your network Innovative and Unique - Caters for different types of requirements.is a process that will enhance GÉANT backbone security and will extend the NRENs ability to protect their infrastructure. connect communicate collaborate 30

31 Firewall on Demand But Why? better tools to mitigate transitory attacks and anomalies Better in terms of Granularity: Per-flow level Source/Dest IP/Ports, protocol type, DSCP, TCP flag Action: Drop, rate-limit, redirect Speed: More responsive (Seconds / Minutes vs. Hours / Days) Efficiency: Closer to the source, Multi Domain Automation: Integration with other systems (NSHaRP) Manageability connect communicate collaborate 31

32 Firewall on Demand Tomorrow NSHaRP Customer or GN NOC logs into web tool and describes flows and actions Flow destination is validated against the customer s IP space Dedicated router is configured to advertise the route via BGP flowspec ibgp propagates the tuples to all GEANT routers. Dynamic firewall filters are implemented on all routers Attack is mitigated (dropped, rated-limited) upon entrance End of attack: Removal via the tool, or auto-expire NREN A Credit: Andreas Polyrakis, GRNET FoD LEVEL3 GEANT NREN B Customer connect communicate collaborate 32

33 Firewall on Demand Roadmap Phase 1 - Test Flow Spec on GN Athens Router - Test Propagation to GN Gateways Phase 2 - Deploy Flow Spec Server - Web Interface - Pilot Phase 2 (b) - Processes - API - Production Service Today 6 Months 12 Months connect communicate collaborate 33

34 GÉANT Tests GÉANT Flowspec CARNet Attacker Flowspec Flowspec GRNET FoD Victim Click Apply 6 seconds later Firewall on Demand Multidomain 34 Internet2 Global Summit, Apr

35 FoD multidomain principles FoD setup & deploy by every interested domain/nren Multidomain FoD deployed in GÉANT Multidomain FoD authentication: edugain Multidomain FoD authorization: peer address space GÉANT accepts BGP flowspec rules from domains Policies/filters per peering based on rule dest. addr. User belongs to a domain/institution/nren :: Peer Peer is assigned an administrative IPv4 address space Rule creation with destination address/network only inside the user s Peer assigned address space Firewall on Demand Multidomain 35 Internet2 Global Summit, Apr

36 FoD multidomain deployment scenarios Possible mitigation with RTBH, ACL ACL Flowspec RTBH GÉANT Flowspec NREN Victim Flowspec Flowspec m FoD Flowspec Flowspec FoD Legitimate Traffic Flows Malicious Traffic Flows Flow spec rule propagation BGP Peering Flow spec rules Firewall on Demand platform Flowspec NREN Flowspec Flowspec FoD Firewall on Demand Multidomain 36 Internet2 Global Summit, Apr

37 Current Status GRNET in production since end of 2011 Tests: Multihop BGP peering with PSNC Interest/Evaluation from BELNET GÉANT BGP flowspec enabled in all core devices Successful tests between GRNET and GÉANT Multiple scenarios tested Iperf between Croatia and Greece Gone in 6 seconds In production by April 2015 Firewall on Demand Multidomain 37 Internet2 Global Summit, Apr

38 Extensions FoD {single,multi}-domain interfaces to other tools/platforms REST API XMPP client/server ØMQ extensions Filter counters/graphs NETCONF Juniper UtilityMIB Ipv6 support (Whenever available) Firewall on Demand Multidomain 38 Internet2 Global Summit, Apr

39 Can I deploy/try/test it? Open source project FoD : https://code.grnet.gr/projects/flowspy Docs: https://flowspy.readthedocs.org Ask for a demo account PEER WITH US! Firewall on Demand Multidomain 39 Internet2 Global Summit, Apr

40 Demo time attaaaaack! Firewall on Demand Multidomain 40 Internet2 Global Summit, Apr

41 Questions? 42: The Answer to the Ultimate Question of Life, The Universe, and Everything. Douglas Adams, The Hitchhiker's Guide to the Galaxy Firewall on Demand Multidomain 41 Internet2 Global Summit, Apr

42 Thank you Leonidas Poulopoulos GRNET NOC Wayne Routly DANTE Jeffrey Haas JUNIPER Firewall on Demand Multidomain Internet2 Global Summit, Apr

Attacks Against the Cloud: A Mitigation Strategy. Cloud Attack Mitigation & Firewall on Demand

Attacks Against the Cloud: A Mitigation Strategy. Cloud Attack Mitigation & Firewall on Demand Attacks Against the Cloud: A Mitigation Strategy C L O U D A T T A C K M I T I G A T I O N & F I R E W A L L O N D E M A N D A l e x Z a c h a r i s a z a h a r i s @ a d m i n. g r n e t. g r G R N E

More information

Firewall-on-Demand. GRNET s approach to advanced network security services management via bgp flow-spec and NETCONF. Leonidas Poulopoulos

Firewall-on-Demand. GRNET s approach to advanced network security services management via bgp flow-spec and NETCONF. Leonidas Poulopoulos Firewall-on-Demand GRNET s approach to advanced network security services management via bgp flow-spec and NETCONF Leonidas Poulopoulos 1 leopoul@nocgrnetgr 1 NOC/Greek Research and Technology Network

More information

Traffic Diversion Techniques for DDoS Mitigation using BGP Flowspec. Leonardo Serodio leonardo.serodio@alcatel-lucent.com May 2013

Traffic Diversion Techniques for DDoS Mitigation using BGP Flowspec. Leonardo Serodio leonardo.serodio@alcatel-lucent.com May 2013 Traffic Diversion Techniques for DDoS Mitigation using BGP Flowspec Leonardo Serodio leonardo.serodio@alcatel-lucent.com May 2013 Distributed Denial of Service (DDoS) Attacks DDoS attack traffic consumes

More information

BGP Flow Specification Deployment Experience

BGP Flow Specification Deployment Experience BGP Flow Specification Deployment Experience Derek Gassen, Raul Lozano Time Warner Telecom Danny McPherson, Craig Labovitz Arbor Networks Agenda Flow Spec Overview About TWTC DDOS problem and Observations

More information

FireCircle: GRNET s approach to advanced network security services management via bgp flow-spec and NETCONF

FireCircle: GRNET s approach to advanced network security services management via bgp flow-spec and NETCONF FireCircle: GRNET s approach to advanced network security services management via bgp flow-spec and NETCONF Leonidas Poulopoulos Network Applications Developer (leopoul@noc.grnet.gr) Michalis Mamalis Network

More information

NSHaRP: Network Security Handling and Response Process

NSHaRP: Network Security Handling and Response Process NSHaRP: Network Security Handling and Response Process Wayne Routly, DANTE TF-CSIRT Technical Seminar Malahide.ie, 03 June 2011 Contents GEANT : Who What How GEANT : Security Protecting GEANT Users A Security

More information

GÉANT Perspective on DDoS DDoS Mitigation in the NREN Environment Workshop

GÉANT Perspective on DDoS DDoS Mitigation in the NREN Environment Workshop GÉANT Perspective on DDoS DDoS Mitigation in the NREN Environment Workshop GEANT Information & Infrastructure Security Team Evangelos Spatharas DDoS Mitigation Workshop Vienna, November 10 th 2015 INDEX

More information

DDoS Mitigation Techniques

DDoS Mitigation Techniques DDoS Mitigation Techniques Ron Winward, ServerCentral CHI-NOG 03 06/14/14 Consistent Bottlenecks in DDoS Attacks 1. The server that is under attack 2. The firewall in front of the network 3. The internet

More information

DDoS Mitigation. Using BGP Flowspec. Justin Ryburn Senior System Engineer. Copyright 2014 Juniper Networks, Inc.

DDoS Mitigation. Using BGP Flowspec. Justin Ryburn Senior System Engineer. Copyright 2014 Juniper Networks, Inc. DDoS Mitigation Using BGP Flowspec Justin Ryburn Senior System Engineer 1 Background Who is this guy? http://www.linkedin.com/in/justinryburn Why this topic? Experience tracking DDoS back in the day. 2

More information

F5 Silverline DDoS Protection Onboarding: Technical Note

F5 Silverline DDoS Protection Onboarding: Technical Note F5 Silverline DDoS Protection Onboarding: Technical Note F5 Silverline DDoS Protection onboarding F5 Networks is the first leading application services company to offer a single-vendor hybrid solution

More information

Firewall on Demand User Guide. February 2016

Firewall on Demand User Guide. February 2016 Firewall on Demand User Guide February 2016 Contents Introduction FoD Capabilities FoD Requirements, Constraints and Limitations Eligibility and How to Subscribe How To Use Firewall on Demand - Introduction

More information

Scalable DDoS mitigation using BGP Flowspec

Scalable DDoS mitigation using BGP Flowspec Scalable DDoS mitigation using BGP Flowspec Wei Yin TAY Consulting Systems Engineer Cisco Systems 2010 Cisco and/or its affiliates. All rights reserved. Goals of DDoS Mi,ga,on Problem descrip,on Tradi,onal

More information

IPv6 over IPv4/MPLS Networks: The 6PE approach

IPv6 over IPv4/MPLS Networks: The 6PE approach IPv6 over IPv4/MPLS Networks: The 6PE approach Athanassios Liakopoulos Network Operation & Support Manager (aliako@grnet.gr) Greek Research & Technology Network (GRNET) III Global IPv6 Summit Moscow, 25

More information

DDoS Protection Technology White Paper

DDoS Protection Technology White Paper DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of

More information

SDN CONTROLLER. Emil Gągała. PLNOG, 30.09.2013, Kraków

SDN CONTROLLER. Emil Gągała. PLNOG, 30.09.2013, Kraków SDN CONTROLLER IN VIRTUAL DATA CENTER Emil Gągała PLNOG, 30.09.2013, Kraków INSTEAD OF AGENDA 2 Copyright 2013 Juniper Networks, Inc. www.juniper.net ACKLOWLEDGEMENTS Many thanks to Bruno Rijsman for his

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

DDoS Mitigation Strategies

DDoS Mitigation Strategies DDoS Mitigation Strategies Internet2 Security Working Group 23 Feb 2016 Mark Beadles Information Security Officer mbeadles@oar.net Kevin Nastase Network Security Engineer knastase@oar.net www.oar.net Slide

More information

Cisco IOS Flexible NetFlow Technology

Cisco IOS Flexible NetFlow Technology Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application

More information

Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks

Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks Document ID: 13634 Contents Introduction Understanding the Basics of DDoS Attacks Characteristics of Common Programs Used to Facilitate

More information

Securing Networks with Mikrotik Router OS Speaker: Tom Smyth, CTO Wireless Connect Ltd. Location: Dubai Date:

Securing Networks with Mikrotik Router OS Speaker: Tom Smyth, CTO Wireless Connect Ltd. Location: Dubai Date: 1 Securing Networks with Mikrotik Router OS Speaker: Tom Smyth, CTO Wireless Connect Ltd. Location: Dubai Date: 28-08-2012 2 Wireless Connect Ltd. Irish Company Incorporated in 2006 Operate an ISP in the

More information

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 1 内 容 流 量 分 析 简 介 IPv6 下 的 新 问 题 和 挑 战 协 议 格 式 变 更 用 户 行 为 特 征 变 更 安 全 问 题 演 化 流 量 导 出 手 段 变 化 设 备 参 考 配 置 流 量 工 具 总 结 2 流 量 分 析 简 介 流 量 分 析 目 标 who, what, where,

More information

F5 BIG DDoS Umbrella. Configuration Guide

F5 BIG DDoS Umbrella. Configuration Guide F5 BIG DDoS Umbrella Configuration Guide Jeff Stathatos September 2014 Table of Contents F5 BIG DDoS Umbrella... 1 Configuration Guide... 1 1. Introduction... 3 1.1. Purpose... 3 1.2. Limitations... 3

More information

Virtual Private Network VPN, VRF, and MPLS

Virtual Private Network VPN, VRF, and MPLS CE443 Computer Networks Virtual Private Network VPN, VRF, and MPLS Behnam Momeni Computer Engineering Department Sharif University of Technology Acknowledgments: Lecture slides are from Computer networks

More information

BGP FlowSpec Route-reflector Support

BGP FlowSpec Route-reflector Support The BGP (Border Gateway Protocol) Flowspec (Flow Specification) Route Reflector feature enables service providers to control traffic flows in their network. This helps in filtering traffic and helps in

More information

Agenda. NRENs, GARR and GEANT in a nutshell SDN Activities Conclusion. Mauro Campanella Internet Festival, Pisa 9 Oct 2015 2

Agenda. NRENs, GARR and GEANT in a nutshell SDN Activities Conclusion. Mauro Campanella Internet Festival, Pisa 9 Oct 2015 2 Agenda NRENs, GARR and GEANT in a nutshell SDN Activities Conclusion 2 3 The Campus-NREN-GÉANT ecosystem CAMPUS networks NRENs GÉANT backbone. GÉANT Optical + switching platforms Multi-Domain environment

More information

Firewall Firewall August, 2003

Firewall Firewall August, 2003 Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also

More information

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe Software-Defined Networking for the Data Center Dr. Peer Hasselmeyer NEC Laboratories Europe NW Technology Can t Cope with Current Needs We still use old technology... but we just pimp it To make it suitable

More information

Service Description DDoS Mitigation Service

Service Description DDoS Mitigation Service Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Contents Contents 1 Introduction...3 2 An Overview...3

More information

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring

More information

21.4 Network Address Translation (NAT) 21.4.1 NAT concept

21.4 Network Address Translation (NAT) 21.4.1 NAT concept 21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially

More information

OpenDaylight Project Proposal Dynamic Flow Management

OpenDaylight Project Proposal Dynamic Flow Management OpenDaylight Project Proposal Dynamic Flow Management Ram (Ramki) Krishnan, Varma Bhupatiraju et al. (Brocade Communications) Sriganesh Kini et al. (Ericsson) Debo~ Dutta, Yathiraj Udupi (Cisco) 1 Table

More information

MPLS multi-domain services MD-VPN service

MPLS multi-domain services MD-VPN service MPLS multi-domain services MD-VPN service Xavier Jeannin, RENATER Tomasz Szewczyk / PSNC Training and Workshops for advancing NRENs 8-11 Sept 2014 Chisinau, Moldova MPLS brief overview Original purpose:

More information

RFC 2547bis: BGP/MPLS VPN Fundamentals

RFC 2547bis: BGP/MPLS VPN Fundamentals White Paper RFC 2547bis: BGP/MPLS VPN Fundamentals Chuck Semeria Marketing Engineer Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408 745 2001 or 888 JUNIPER www.juniper.net

More information

DDoS attacks in CESNET2

DDoS attacks in CESNET2 DDoS attacks in CESNET2 Ondřej Caletka 15th March 2016 Ondřej Caletka (CESNET) DDoS attacks in CESNET2 15th March 2016 1 / 22 About CESNET association of legal entities, est. 1996 public and state universities

More information

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

How Cisco IT Protects Against Distributed Denial of Service Attacks

How Cisco IT Protects Against Distributed Denial of Service Attacks How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN

More information

NetFlow/IPFIX Various Thoughts

NetFlow/IPFIX Various Thoughts NetFlow/IPFIX Various Thoughts Paul Aitken & Benoit Claise 3 rd NMRG Workshop on NetFlow/IPFIX Usage in Network Management, July 2010 1 B #1 Application Visibility Business Case NetFlow (L3/L4) DPI Application

More information

Cisco Configuring Commonly Used IP ACLs

Cisco Configuring Commonly Used IP ACLs Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow

More information

BGP. EE 122, Fall 2013 Sylvia Ratnasamy

BGP. EE 122, Fall 2013 Sylvia Ratnasamy BGP EE 122, Fall 2013 Sylvia Ratnasamy http://inst.eecs.berkeley.edu/~ee122/ Material thanks to Ion Stoica, Scott Shenker, Jennifer Rexford, and many other colleagues BGP: The story so far l Destinations

More information

Ten Things to Look for in an SDN Controller

Ten Things to Look for in an SDN Controller Ten Things to Look for in an SDN Controller Executive Summary Over the last six months there has been significant growth in the interest that IT organizations have shown in Software-Defined Networking

More information

DDOS in academic Networks. Herramientas para la seguridad prevención y mitigación de DDOS. CSUC. 3 de Abril 2014

DDOS in academic Networks. Herramientas para la seguridad prevención y mitigación de DDOS. CSUC. 3 de Abril 2014 DDOS in academic Networks Herramientas para la seguridad prevención y mitigación de DDOS. CSUC. 3 de Abril 2014 Academic networks? Real Target for DDOS? Lesson learned; DDOS @RedIRIS Mitigation Projects

More information

Netflow Overview. PacNOG 6 Nadi, Fiji

Netflow Overview. PacNOG 6 Nadi, Fiji Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools

More information

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006 CSE331: Introduction to Networks and Security Lecture 12 Fall 2006 Announcements Midterm I will be held Friday, Oct. 6th. True/False Multiple Choice Calculation Short answer Short essay Project 2 is on

More information

IPV6 FRAGMENTATION. The Case For Deprecation. Ron Bonica NANOG58

IPV6 FRAGMENTATION. The Case For Deprecation. Ron Bonica NANOG58 IPV6 FRAGMENTATION The Case For Deprecation Ron Bonica NANOG58 BACKGROUND 2 Copyright 2013 Juniper Networks, Inc. www.juniper.net STATUS QUO In order to send a packet larger than the PMTU, an IPv6 node

More information

Network Monitoring and Management NetFlow Overview

Network Monitoring and Management NetFlow Overview Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

More information

DREAMER and GN4-JRA2 on GTS

DREAMER and GN4-JRA2 on GTS GTS Tech+Futures Workshop (Copenhagen) GTS Tech+Futures Workshop (Copenhagen) DREAMER and GN4-JRA2 on GTS CNIT Research Unit of Rome University of Rome Tor Vergata Outline DREAMER (Distributed REsilient

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

Flow processing and the rise of the middle.

Flow processing and the rise of the middle. Flow processing and the rise of the middle. Mark Handley, UCL With acknowledgments to Michio Honda, Laurent Mathy, Costin Raiciu, Olivier Bonaventure, and Felipe Huici. Part 1 Today s Internet Protocol

More information

Virtual Private Networks: The Hot Revenue Source for Service Providers

Virtual Private Networks: The Hot Revenue Source for Service Providers Virtual Private s: The Hot Revenue Source for Service Providers December 11, 2001 presented by: Akram Ashamalla Agenda Why are we talking about VPNs? What is a VPN - Layer 2/Layer 3/IP VPN & what is the

More information

Transition to IPv6 in Service Providers

Transition to IPv6 in Service Providers Transition to IPv6 in Service Providers Jean-Marc Uzé Director Product & Technology, EMEA juze@juniper.net UKNOF14 Workshop Imperial college, London, Sept 11 th, 2009 1 Agenda Planning Transition Transition

More information

Quidway MPLS VPN Solution for Financial Networks

Quidway MPLS VPN Solution for Financial Networks Quidway MPLS VPN Solution for Financial Networks Using a uniform computer network to provide various value-added services is a new trend of the application systems of large banks. Transplanting traditional

More information

Overview. Firewall Security. Perimeter Security Devices. Routers

Overview. Firewall Security. Perimeter Security Devices. Routers Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security

More information

BGP MD5: Good, Bad, Ugly?

BGP MD5: Good, Bad, Ugly? BGP MD5: Good, Bad, Ugly? NANOG 39 February 06, 2007 Tom Scholl, AT&T Labs Feb 06, 2007 BGP MD5 Good, Bad, Ugly? Page 2 BGP MD5 What is it solving? A method to authenticate the identity of the remote BGP

More information

Ahmet Burak Can Hacettepe University. Hardware Firewalls. A firewall : Software Firewalls

Ahmet Burak Can Hacettepe University. Hardware Firewalls. A firewall : Software Firewalls Firewall, VPN, IDS/IPS Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs

More information

Reducing the impact of DoS attacks with MikroTik RouterOS

Reducing the impact of DoS attacks with MikroTik RouterOS Reducing the impact of DoS attacks with MikroTik RouterOS Alfredo Giordano Matthew Ciantar WWW.TIKTRAIN.COM 1 About Us Alfredo Giordano MikroTik Certified Trainer and Consultant Support deployment of WISP

More information

Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6?

Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6? Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6? - and many other vital questions to ask your firewall vendor Zlata Trhulj Agilent Technologies zlata_trhulj@agilent.com

More information

IP interconnect interface for SIP/SIP-I

IP interconnect interface for SIP/SIP-I Page INTERCONNECT SPECIFICATION Public 1 (7) IP interconnect interface for SIP/SIP-I 0 Document history... 2 1 Scope... 2 2 References... 2 3 Definitions/Acronyms... 3 4 IP Interconnect specification...

More information

The New Infrastructure Virtualization Paradigm, What Does it Mean for Campus?

The New Infrastructure Virtualization Paradigm, What Does it Mean for Campus? The New Infrastructure Virtualization Paradigm, What Does it Mean for Campus? Jean-Marc Uzé Juniper Networks juze@juniper.net TNC2008, Brugge, May 19 th, 2008 Copyright 2008 Juniper Networks, Inc. www.juniper.net

More information

IPv6 network management. 6DEPLOY. IPv6 Deployment and Support

IPv6 network management. 6DEPLOY. IPv6 Deployment and Support IPv6 network management 6DEPLOY. IPv6 Deployment and Support 1 Contributions Simon Muyal, RENATER Bernard Tuy, RENATER Jérôme Durand, RENATER Ralf Wolter, Cisco Patrick Grossetête, Cisco 10/28/2010 IPv6

More information

TRANSFORMING YOUR SECURITY A NEW ERA IN ENTERPRISE FIREWALLS

TRANSFORMING YOUR SECURITY A NEW ERA IN ENTERPRISE FIREWALLS TRANSFORMING YOUR SECURITY A NEW ERA IN ENTERPRISE FIREWALLS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: FIREWALL TECHNOLOGY EVOLVES WITH BORDERLESS ENTERPRISE 2 SECTION 2: ENTERPRISE

More information

IPv6 network management. Where and when?

IPv6 network management. Where and when? IPv6 network management 1 Contributions Simon Muyal, RENATER Bernard Tuy, RENATER Jérôme Durand, RENATER Ralf Wolter, Cisco Patrick Grossetête, Cisco Munechika Sumikawa, Hitachi Patrick Paul, 6WIND 2 Agenda

More information

Introduction to Cisco IOS Flexible NetFlow

Introduction to Cisco IOS Flexible NetFlow Introduction to Cisco IOS Flexible NetFlow Last updated: September 2008 The next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity

More information

DNS Best Practices. Mike Jager Network Startup Resource Center mike@nsrc.org

DNS Best Practices. Mike Jager Network Startup Resource Center mike@nsrc.org DNS Best Practices Mike Jager Network Startup Resource Center mike@nsrc.org This document is a result of work by the Network Startup Resource Center (NSRC at http://www.nsrc.org). This document may be

More information

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES APPLICATION NOTE MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2010, Juniper Networks,

More information

Juniper Networks and IPv6. Tim LeMaster Ipv6.juniper.net www.juniper.net

Juniper Networks and IPv6. Tim LeMaster Ipv6.juniper.net www.juniper.net Juniper Networks and IPv6 Tim LeMaster Ipv6.juniper.net www.juniper.net IPv6 Leadership IPv6 supported in Junos since 2001 IPv6 supported in ScreenOS since 2004 First router to be IPv6 Certified by DoD/

More information

Cisco Which VPN Solution is Right for You?

Cisco Which VPN Solution is Right for You? Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2

More information

IPv6 Value Proposition. An Industry view of IPv6 Advantages. Madrid Global IPv6 Summit May 12-14, 2003

IPv6 Value Proposition. An Industry view of IPv6 Advantages. Madrid Global IPv6 Summit May 12-14, 2003 IPv6 Value Proposition An Industry view of IPv6 Advantages Madrid Global IPv6 Summit May 12-14, 2003 Yanick Pouffary Networks Technical Director - OSSG HP Pr. Member of Technical Staff Agenda What is IPv6

More information

Internet Security Firewalls

Internet Security Firewalls Overview Internet Security Firewalls Ozalp Babaoglu! Exo-structures " Firewalls " Virtual Private Networks! Cryptography-based technologies " IPSec " Secure Socket Layer ALMA MATER STUDIORUM UNIVERSITA

More information

Carrier/WAN SDN Brocade Flow Optimizer Making SDN Consumable

Carrier/WAN SDN Brocade Flow Optimizer Making SDN Consumable Brocade Flow Optimizer Making SDN Consumable Business And IT Are Changing Like Never Before Changes in Application Type, Delivery and Consumption Public/Hybrid Cloud SaaS/PaaS Storage Users/ Machines Device

More information

Description: Objective: Upon completing this course, the learner will be able to meet these overall objectives:

Description: Objective: Upon completing this course, the learner will be able to meet these overall objectives: Course: Building Cisco Service Provider Next-Generation Networks, Part 2 Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,750.00 Learning Credits: 38 Description: The Building Cisco Service Provider

More information

Network Security: Network Flooding. Seungwon Shin GSIS, KAIST

Network Security: Network Flooding. Seungwon Shin GSIS, KAIST Network Security: Network Flooding Seungwon Shin GSIS, KAIST Detecting Network Flooding Attacks SYN-cookies Proxy based CAPCHA Ingress/Egress filtering Some examples SYN-cookies Background In a TCP 3-way

More information

MPLS VPN Security Best Practice Guidelines

MPLS VPN Security Best Practice Guidelines Security Best Practice Guidelines con 2006 May 24 2006 Monique Morrow and Michael Behringer Distinguished Consulting Engineer and Distinguished Systems Engineer Cisco Systems, Inc. mmorrow@cisco.com mbehring@cisco.com

More information

DDOS Mi'ga'on in RedIRIS. SIG- ISM. Vienna

DDOS Mi'ga'on in RedIRIS. SIG- ISM. Vienna DDOS Mi'ga'on in RedIRIS SIG- ISM. Vienna Index Evolu'on of DDOS a:acks in RedIRIS Mi'ga'on Tools Current DDOS strategy About RedIRIS Spanish Academic & research network. Universi'es, research centers,.

More information

How Routers Forward Packets

How Routers Forward Packets Autumn 2010 philip.heimer@hh.se MULTIPROTOCOL LABEL SWITCHING (MPLS) AND MPLS VPNS How Routers Forward Packets Process switching Hardly ever used today Router lookinginside the packet, at the ipaddress,

More information

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs A Silicon Valley Insider MPLS VPN Services PW, VPLS and BGP MPLS/IP VPNs Technology White Paper Serge-Paul Carrasco Abstract Organizations have been demanding virtual private networks (VPNs) instead of

More information

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date IPv4 and IPv6 Integration Formation IPv6 Workshop Location, Date Agenda Introduction Approaches to deploying IPv6 Standalone (IPv6-only) or alongside IPv4 Phased deployment plans Considerations for IPv4

More information

DDoS Overview and Incident Response Guide. July 2014

DDoS Overview and Incident Response Guide. July 2014 DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target

More information

Enabling Solutions in Cloud Infrastructure and for Network Functions Virtualization

Enabling Solutions in Cloud Infrastructure and for Network Functions Virtualization Enabling Solutions in Cloud Infrastructure and for Network Functions Virtualization Gateway Use Cases for Virtual Networks with MX Series Routers 1 Table of Contents Executive Summary... 3 Introduction...4

More information

Network Security TCP/IP Refresher

Network Security TCP/IP Refresher Network Security TCP/IP Refresher What you (at least) need to know about networking! Dr. David Barrera Network Security HS 2014 Outline Network Reference Models Local Area Networks Internet Protocol (IP)

More information

MANTICORE: Providing Users with a Logical IP Network Service

MANTICORE: Providing Users with a Logical IP Network Service MANTICORE: Providing Users with a Logical IP Network Service Victor Reijs (HEAnet) MANTICORE Partners (self funded project): Agenda MANTICORE vision MANTICORE-I implementation Infrastructure as a Service

More information

Linux MDS Firewall Supplement

Linux MDS Firewall Supplement Linux MDS Firewall Supplement Table of Contents Introduction... 1 Two Options for Building a Firewall... 2 Overview of the iptables Command-Line Utility... 2 Overview of the set_fwlevel Command... 2 File

More information

Inter-provider Coordination for Real-Time Tracebacks

Inter-provider Coordination for Real-Time Tracebacks Inter-provider Coordination for Real-Time Tracebacks Kathleen M. Moriarty 2 June 2003 This work was sponsored by the Air Force Contract number F19628-00-C-002. Opinions, interpretations, conclusions, and

More information

The Value of Flow Data for Peering Decisions

The Value of Flow Data for Peering Decisions The Value of Flow Data for Peering Decisions Hurricane Electric IPv6 Native Backbone Massive Peering! Martin J. Levy Director, IPv6 Strategy Hurricane Electric 22 nd August 2012 Introduction Goal of this

More information

Network Address Translation (NAT) Good Practice Guideline

Network Address Translation (NAT) Good Practice Guideline Programme NPFIT Document Record ID Key Sub-Prog / Project Infrastructure Security NPFIT-FNT-TO-IG-GPG-0011.06 Prog. Director Chris Wilber Status Approved Owner James Wood Version 2.0 Author Mike Farrell

More information

Bell Aliant. Business Internet Border Gateway Protocol Policy and Features Guidelines

Bell Aliant. Business Internet Border Gateway Protocol Policy and Features Guidelines Bell Aliant Business Internet Border Gateway Protocol Policy and Features Guidelines Effective 05/30/2006, Updated 1/30/2015 BGP Policy and Features Guidelines 1 Bell Aliant BGP Features Bell Aliant offers

More information

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts

More information

Building Trusted VPNs with Multi-VRF

Building Trusted VPNs with Multi-VRF Building Trusted VPNs with Introduction Virtual Private Networks (VPNs) have been a key application in networking for a long time. A slew of possible solutions have been proposed over the last several

More information

MPLS Concepts. Overview. Objectives

MPLS Concepts. Overview. Objectives MPLS Concepts Overview This module explains the features of Multi-protocol Label Switching (MPLS) compared to traditional ATM and hop-by-hop IP routing. MPLS concepts and terminology as well as MPLS label

More information

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

DDoS Attacks. An open-source recipe to improve fast detection and automate mitigation techniques

DDoS Attacks. An open-source recipe to improve fast detection and automate mitigation techniques DDoS Attacks An open-source recipe to improve fast detection and automate mitigation techniques Vicente De Luca Sr. Network Engineer vdeluca@zendesk.com AS21880 / AS61186 Introduction Tentative to solve:

More information

Simulation Real Source Address Authentication Based on NS3 Huiliang Duan

Simulation Real Source Address Authentication Based on NS3 Huiliang Duan 2016 International Conference on Information Engineering and Communications Technology (IECT 2016) ISBN: 978-1-60595-375-5 Simulation Real Source Address Authentication Based on NS3 Huiliang Duan Network

More information

BGP: Border Gateway Protocol

BGP: Border Gateway Protocol LAB 8 BGP: Border Gateway Protocol An Interdomain Routing Protocol OBJECTIVES The objective of this lab is to simulate and study the basic features of an interdomain routing protocol called Border Gateway

More information

Internet Exchange Points Workshop

Internet Exchange Points Workshop Sofía Silva Berenguer sofia @ lacnic.net Internet Exchange Points Workshop AGENDA How the Internet Works Intro to BGP IPv4 Exhaustion and IPv6 Deployment Internet Exchange Points How to request Internet

More information

Operating Systems Group Distributed Operating Systems Firewalls

Operating Systems Group Distributed Operating Systems Firewalls Operating Systems Group Distributed Operating Systems Firewalls Dresden, 2007-06-13 Agenda Introduction What to protect? Where to intercept? Firewalls: Packet filters Application firewalls Firewall practices

More information

NEC contribution to OpenDaylight: Virtual Tenant Network (VTN)

NEC contribution to OpenDaylight: Virtual Tenant Network (VTN) NEC contribution to OpenDaylight: Virtual Tenant Network (VTN) June. 2013 NEC Page 1 Agenda OpenDaylight Virtual Tenant Network - VTN Model Live Demo VTN Implementation Page 2 OpenDaylight Virtual Tenant

More information

Strategies to Protect Against Distributed Denial of Service (DD

Strategies to Protect Against Distributed Denial of Service (DD Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics

More information

Cisco Exam CCIE Service Provider Written Exam (V 4.1) Version: 13.0 [ Total Questions: 409 ]

Cisco Exam CCIE Service Provider Written Exam (V 4.1) Version: 13.0 [ Total Questions: 409 ] s@lm@n Cisco Exam 400-201 CCIE Service Provider Written Exam (V 4.1) Version: 13.0 [ Total Questions: 409 ] Cisco 400-201 : Practice Test Question No : 1 Which three statements about the secure domain

More information

Solution Brief. Combating Bots and Mitigating DDoS Attacks

Solution Brief. Combating Bots and Mitigating DDoS Attacks Solution Brief Combating Bots and Mitigating DDoS Attacks Combating Bots and Mitigating DDoS Attacks Page Many of today s distributed denial of service (DDoS) 1 attacks are carried out by organized criminals

More information