This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons
|
|
- Rodney Lucas
- 8 years ago
- Views:
Transcription
1
2 This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons Attribution-ShareAlike 4.0 International license.
3 As a provider of distributed denial of service (DDoS) mitigation services, Black Lotus is in a unique position to observe and collect real time data on the threats facing service providers and enterprises. Many zero day threats are first seen on the Black Lotus network. These threats are summarized in our quarterly report. The data contained in this report covers DDoS attack data for the period January 1, 2014 to March 31, Effective this issue Black Lotus threat reports no longer include top source network statistics as DDoS attacks are becoming increasingly distributed, diminishing the value of this type of data. Black Lotus predicts that while the NTP DrDoS threat which became prevalent in January and February 2014 have been successfully contained through the combined efforts of the security community, that new DrDoS threats will emerge resulting in attacks in excess of 800 Gbps in the next months.
4 The largest attack mitigated on the Black Lotus network during the Q reporting period, in terms of gigabits per second (bit volume) and millions of packets per second (packet volume). The average attack mitigated on the Black Lotus network during the reporting period. The number of confirmed DDoS attacks mitigated on the Black Lotus network during the reporting period. We observed the largest DDoS attacks on this date.
5 During the Q reporting period, Black Lotus observed an average distributed denial of service (DDoS) attack size of 2.7 gigabits per second (Gbps) and 1.8 millions of packets per second (Mpps). While this figure is relatively low compared to the bandwidth available to many service providers and enterprises, there are many companies which do not have the available bandwidth either due to the size of the network or prohibitively expense telecommunications services. Throughout the reporting period this average attack size has remained consistent with data from the prior quarter indicating that networks must maintain a DDoS mitigation defense capable of at least 5 Gbps to defend against the majority of attacks. Many DDoS mitigation services and DDoS protected hosting providers offer DDoS protection levels of 10 Gbps and up which is sufficient for many requirements, however there are much larger attacks which continue to proliferate. Figure 2 details the maximum attack size in terms of bit volume observed by Black Lotus during the reporting period. 462,621 attacks were observed with the largest single attack of 421 Gbps and 122 Mpps occurring on February 10, 2014, the largest DDoS attack ever recorded. This attack and a similar attack on February 9, 2014 took advantage of insecure network time protocol (NTP) daemons, a threat detailed in a Black Lotus Threat Advisory released on January 8, NTP attacks are a type of distributed reflection denial of service (DrDoS) where an attacker spoofs the target IP address and sends malicious requests for time synchronization to open NTP servers which in turn attack the spoofed target at an amplification factor of at least In order to guarantee the defense of customers on the Black Lotus network which were being indiscriminately targeted by NTP DrDoS, the company opted to provide blanket NTP protection to all customers on the network regardless of subscription level. This means that a customer with a 10 Gbps defense service was afforded protection in excess of 400 Gbps against this particular attack vector.
6 Figure 1. Visualization of NTP DrDoS attack
7 NTP attacks are particularly dangerous as it is estimated that there have been as many as 400,000 NTP servers worldwide which have been vulnerable to an exploitation of the obsolete monlist command, causing an amplification factor of several hundred times the size of the original spoofed request. Any server running ntpd 4.2.7p26 or earlier which has not been patched is likely participating in these attacks. Network operators can find out if their network is participating in these attacks by checking with the OPEN NTP Project. There are numerous options for network operators who wish to clean up their network to prevent it from being used in these attacks. Doing so is likely to improve the performance of the network by reducing malicious traffic and should result in a cost savings by reducing the company s 95 th percentile bandwidth utilization. Black Lotus recommends: Using the OPEN NTP Project to determine if any vulnerable systems are operating on the company s network Immediately upgrading any NTP daemons to the most current version Implementing BCP38 to prevent the network from participating in DrDoS attacks Using access control lists or policies to block NTP traffic at the network edge and at other layer 3 aggregation points such as core routers, requiring customers to use a company provided NTP daemon for network time synchronization Attacks which are particularly large in bit volume continue to pose a problem for even the best equipped networks. While many service providers and enterprises are beginning to invest in robust DDoS mitigation infrastructure, this equipment is inherently limited to the capabilities of the equipment and the bandwidth available to the company which in many cases is 10 Gbps or less. During 49 of the 90 days during the reporting period attacks were observed reaching over 20 Gbps and on 7 of 90 days attacks were observed exceeding 100 Gbps. Network operators must increase investment in DDoS defense or enlist the assistance of purpose built DDoS mitigation services to be able to mitigate these larger attacks without service interruption. NTP DrDoS attacks peaked in early January and again in early February 2014 resulting in record breaking bit volumes, however traditional service and application layer attacks against servers and websites, such as TCP SYN and HTTP GET floods have once again become more prevalent. Black Lotus expects that attackers will use DrDoS attacks whenever possible, resorting to non-amplification attacks when there is not a sufficient quantity of vulnerable systems to use in amplification.
8 Gigabits per second Attack Bit Volume by Date Figure 2. Maximum bit volume per attack incident during Q While DDoS attacks are frequently cited in terms of their bit volume, the packet volume of an attack can be particularly devastating. Even if an attack does not exceed the bit capacity of a network or DDoS mitigation system, it can often exceed the packet volume capabilities the targeted network. For instance one popular DDoS mitigation hardware provider frequently sells 10 Gbps DDoS mitigation systems which are only capable of mitigating 4 Mpps where the line rate capability of a 10 Gbps interface is actually ~15 Mpps. This can cause the mitigation equipment to saturate at 27% of the circuit capacity.
9 Millions of packets per second Attack Packet Volume by Date Figure 3. Maximum packet volume per attack incident during Q During the Q reporting period 90,313 (19.5%) of the 462,621 attacks observed were regarded as severe. Once awareness was spread concerning the NTP DrDoS vulnerability, service and application layer attacks once again became the vector of choice for DDoS attackers. Application layer attacks can pose a problem even for those protected by network based DDoS mitigation systems. Also known as layer 7 attacks, these exploit weaknesses in an individual server s applications in order to cause resource depletion, resulting in an outage to the server. During the reporting period, 45,440 (50.3%) of 90,313 severe attacks observed targeted individual applications, most commonly HTTP servers which host websites and domain name services (DNS) which are required to provide address resolution to customers. Attacks on either application can result in an outage to the site and are extremely difficult to mitigate without professional assistance.
10 Critical Alerts Thousands The previously rare NTP reflection attack took center stage for two periods at the beginning of January and February 2014 due to its incredibly high bit volume and damage potential, but did not yield nearly the same severe incident volume as SYN and HTTP GET floods. 50 Distribution of Severe DDoS Attacks SYN FLOOD ACK FLOOD ICMP FLOOD NTP FLOOD DNS QUERY FLOOD HTTP GET FLOOD Figure 4. Application layer attacks against websites have surpassed NTP DrDoS attacks which twice peaked in early January and early February 2014.
11 At the beginning of January 2014, attackers began leveraging NTP DrDoS attacks to launch massive, debilitating attacks against targets of all sizes with attacks peaking at 421 Gbps in February 2014, the largest attack ever recorded. The OPEN NTP Project has successfully reduced the amount of hosts complicit in these attacks through awareness campaigns, which has resulted in service and application layer attacks against websites once again becoming the dominant DDoS threat. This data indicates that attackers prefer to use DrDoS attacks to take advantage of vulnerable services which use the UDP protocol, such as DNS and NTP, but are unable to launch these attacks consistently. While DrDoS attacks are the largest, most devastating attacks currently in existence an attacker must rely on thousands of vulnerable servers to amplifying and relay the attacks. When groups like The OPEN NTP Project create awareness campaigns it serves to reduce the amount of vulnerable servers and prevents attackers from consistently launching DrDoS attacks. As a result the attackers must resort to the tried and true method of attacking web servers directly using methods such as TCP SYN and HTTP GET attacks for which many companies do not have organic filtering capabilities and can be launched by attackers without relying on vulnerable UDP services. DrDoS attacks give novice attackers the ability to bypass the DDoS defense of well-prepared companies by targeting upstream carriers directly. While many companies have DDoS mitigation systems in place, these systems cannot function when the carrier itself is fully saturated. In January 2014, Black Lotus recorded several incidents where tier 1 carriers in multiple U.S. regions were saturated due to DrDoS attacks resulting in packet loss as high as 35% to customers of those carriers which were not even targeted by the attacks. By the time attacks began exceeding 400 Gbps in the following month Black Lotus observed that the same carriers were better prepared and were able to effectively stabilize their networks with minimal interruption to downstream customers. When combined with awareness campaigns by The OPEN NTP Project this dramatically decreased the effectiveness of NTP DrDoS as an attack vector. Despite this success, Black Lotus predicts that reflection attacks against UDP services such as DNS, NTP, SNMP, and other protocols will continue to pose a tremendous threat to service providers, enterprises, and their upstream carriers.
12 While NTP DrDoS has tapered it is expected that attackers are currently seeking other UDP services which can be used as a DrDoS vector. Black Lotus expects that new amplification conditions will be discovered resulting in a potential for DDoS attacks exceeding 800 Gbps in the next months. Until attackers are able to achieve this level of volume they will continue to target servers and web applications using SYN and HTTP GET floods which remain devastating for those which do not employ effective on-site DDoS mitigation or employ the services of DDoS mitigation and web application security providers. The rapid proliferation of DrDoS attacks is one component of a more serious trend in information security which extensively impacts all networked entities but is of particular concern to service providers. Since Q service providers have been heavily impacted by security threats to include SQL injection attacks, NTP DrDoS attacks, and most recently the TLS heartbeat vulnerability ( Heartbleed ) all of which have had profound effects on the ability of service providers to safely operate. While these threats are not exclusive to service providers it should be noted that service providers carry a substantial burden to protect customers and are often ill equipped to deal with serious threats to security, especially those which require preparation and swift and effective action to prevent damage to thousands of companies. The threats which service providers have faced over the past two quarters are what many would describe as outright frightening while the threats observed in prior months and years pale in comparison. Service providers are facing a very real paradigm shift in how their businesses must operate to remain viable. In enterprises and verticals such as banking and finance it is well understood that security must form the foundation of all information projects. While service providers are not ignorant to this fact, historically they have been able to operate without providing substantial security services to customers. As threats continue to proliferate service providers must also become security providers, offering services like hosting and security services like DDoS mitigation, intrusion defense, and incident response and remediation as a fully integrated concept. Service providers will need to operate bona fide security operations centers (SOCs) and have experienced information security engineers on staff, such as those who carry the ANSI accredited CISSP certification offered by (ISC) 2 in order to effectively deliver these services.
13 To learn more about Black Lotus, DDoS attacks, and DDoS mitigation solutions, please contact: Headquarters Black Lotus Communications 1 Sansome St., Suite 1500 San Francisco, CA Emergency Response Center Black Lotus Communications 900 N. Alameda St., Suite 220 Los Angeles, CA Sales sales@blacklotus.net (866) Support support@blacklotus.net (800)
This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons
This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons Attribution-ShareAlike 4.0 International license. As a provider
More informationIntroduction to DDoS Attacks. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter
Introduction to DDoS Attacks Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News Q1 2014 DDoS Attack Trends DDoS Attack Trends Q4 2013 Mobile devices
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationCloudFlare advanced DDoS protection
CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationDISTRIBUTED DENIAL OF SERVICE OBSERVATIONS
: DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s
More informationDDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter
DDoS Threat Report Insights on Finding, Fighting, and Living with DDoS Attacks v1.1 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News - 2014 DDoS Trends
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More information/ Staminus Communications
/ Staminus Communications Global DDoS Mitigation and Technology Provider Whitepaper Series True Cost of DDoS Attacks for Hosting Companies The most advanced and experienced DDoS mitigation provider in
More informationHow To Protect A Dns Authority Server From A Flood Attack
the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point
More informationDDoS Mitigation Solutions
DDoS Mitigation Solutions The Real Cost of DDOS Attacks Hosting, including colocation at datacenters, dedicated servers, cloud hosting, shared hosting, and infrastructure as a service (IaaS) supports
More informationVALIDATING DDoS THREAT PROTECTION
VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to
More informationDRDoS Attacks: Latest Threats and Countermeasures. Larry J. Blunk Spring 2014 MJTS 4/1/2014
DRDoS Attacks: Latest Threats and Countermeasures Larry J. Blunk Spring 2014 MJTS 4/1/2014 Outline Evolution and history of DDoS attacks Overview of DRDoS attacks Ongoing DNS based attacks Recent NTP monlist
More informationHow To Mitigate A Ddos Attack
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS 4 Mitigations by Attack Size 4 Mitigations by Industry 5
More informationSSDP REFLECTION DDOS ATTACKS
TLP: AMBER GSI ID: 1079 SSDP REFLECTION DDOS ATTACKS RISK FACTOR - HIGH 1.1 OVERVIEW / PLXsert has observed the use of a new reflection and amplification distributed denial of service (DDoS) attack that
More informationDDoS Overview and Incident Response Guide. July 2014
DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target
More information2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative
2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago,
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Powerful web-based security analytics portal with easy-to-read security dashboards Proactive
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationAvailability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
More informationHow to launch and defend against a DDoS
How to launch and defend against a DDoS John Graham-Cumming October 9, 2013 The simplest way to a safer, faster and smarter website DDoSing web sites is... easy Motivated groups of non-technical individuals
More informationProtect your network: planning for (DDoS), Distributed Denial of Service attacks
Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product
More informationMitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy
Mitigating Denial of Service Attacks Why Crossing Fingers is Not a Strategy Introduction Mark Baldwin - Owner of Tectonic Security MSSP and Security Consulting Primarily Work With SMBs DDoS Mitigation
More informationStress Testing and Distributed Denial of Service Testing of Network Infrastructures
Faculty of Electrical Engineering and Communication Brno University of Technology Technická 12, CZ-616 00 Brno, Czechia http://www.six.feec.vutbr.cz Stress Testing and Distributed Denial of Service Testing
More informationDistributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment
Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Keyur Chauhan 1,Vivek Prasad 2 1 Student, Institute of Technology, Nirma University (India) 2 Assistant Professor,
More informationSHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper
SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch
More informationWhy Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation www.lumeta.
Why Leaks Matter Leak Detection and Mitigation as a Critical Element of Network Assurance A publication of Lumeta Corporation www.lumeta.com Table of Contents Executive Summary Defining a Leak How Leaks
More information2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer
2012 Infrastructure Security Report 8th Annual Edition Kleber Carriello Consulting Engineer Key Findings in the Survey* Advanced Persistent Threats (APT) a top concern for service providers and enterprises
More informationAnalysis of a DDoS Attack
Analysis of a DDoS Attack December 2014 CONFIDENTIAL CORERO INTERNAL USE ONLY Methodology around DDoS Detection & Mitigation Corero methodology for DDoS protection Initial Configuration Monitoring and
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More informationCS 356 Lecture 16 Denial of Service. Spring 2013
CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationHow To Protect Yourself From A Dos/Ddos Attack
RELEVANT. INTELLIGENT. SECURITY White Paper In Denial?...Follow Seven Steps for Better DoS and DDoS Protection www.solutionary.com (866) 333-2133 In Denial?...Follow Seven Steps for Better DoS and DDoS
More informationHow To Understand A Network Attack
Network Security Attack and Defense Techniques Anna Sperotto (with material from Ramin Sadre) Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attacks! Many different
More informationDon t get DDoSed and Confused. Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services
Don t get DDoSed and Confused Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services Agenda Intro/Data Collection DDoS Basics Trends and Statistics Adversarial Groups/Motivations Defense
More informationDenial of Service Attacks, What They are and How to Combat Them
Denial of Service Attacks, What They are and How to Combat Them John P. Pironti, CISSP Genuity, Inc. Principal Enterprise Solutions Architect Principal Security Consultant Version 1.0 November 12, 2001
More informationDDoS Attacks Can Take Down Your Online Services
DDoS Attacks Can Take Down Your Online Services Dr. Bill Highleyman Managing Editor, Availability Digest Continuity Insights New York 2014 October 8, 2014 editor@availabilitydigest.com Who Am I? Dr. Bill
More informationAKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.
CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE. Threat > The number and size of cyberattacks are increasing rapidly Website availability and rapid performance are critical factors in determining the success
More informationDDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT
DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad
More informationCharacterization and Analysis of NTP Amplification Based DDoS Attacks
Characterization and Analysis of NTP Amplification Based DDoS Attacks L. Rudman Department of Computer Science Rhodes University Grahamstown g11r0252@campus.ru.ac.za B. Irwin Department of Computer Science
More informationReducing the Impact of Amplification DDoS Attack
Reducing the Impact of Amplification DDoS Attack hello! I am Tommy Ngo I am here to present my reading: reducing the impact of amplification DDoS attack 2 1. Background Let s start with what amplification
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationWeb Application Defence. Architecture Paper
Web Application Defence Architecture Paper June 2014 Glossary BGP Botnet DDoS DMZ DoS HTTP HTTPS IDS IP IPS LOIC NFV NGFW SDN SQL SSL TCP TLS UTM WAF XSS Border Gateway Protocol A group of compromised
More informationDistributed Denial of Service Attack Tools
Distributed Denial of Service Attack Tools Introduction: Distributed Denial of Service Attack Tools Internet Security Systems (ISS) has identified a number of distributed denial of service tools readily
More informationDDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen. Eldad Chai, VP Product
DDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen Eldad Chai, VP Product Incapsula Application Delivery from the Cloud 2 DDoS 101 ISP Network Devices Web servers Applications
More informationHOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
More informationCloud Security In Your Contingency Plans
Cloud Security In Your Contingency Plans Jerry Lock Security Sales Lead, Greater China Contingency Plans Avoid data theft and downtime by extending the security perimeter outside the data-center and protect
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationHow valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks
How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks Stop DDoS before they stop you! James Braunegg (Micron 21) What Is Distributed Denial of Service A Denial of Service attack (DoS)
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationFour Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers
Four Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers Whitepaper SHARE THIS WHITEPAPER Table of Contents The Rising Threat of Cyber-Attack Downtime...3 Four Key Considerations
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationDDoS attacks in CESNET2
DDoS attacks in CESNET2 Ondřej Caletka 15th March 2016 Ondřej Caletka (CESNET) DDoS attacks in CESNET2 15th March 2016 1 / 22 About CESNET association of legal entities, est. 1996 public and state universities
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 2 2ND QUARTER 2014
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 2 2ND QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDOS TRENDS FROM THE SECOND QUARTER OF 2014 4 Attack Stats 4 Mitigations by
More informationSECURING APACHE : DOS & DDOS ATTACKS - I
SECURING APACHE : DOS & DDOS ATTACKS - I In this part of the series, we focus on DoS/DDoS attacks, which have been among the major threats to Web servers since the beginning of the Web 2.0 era. Denial
More informationThe server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015.
1 TLP: GREEN 02.11.15 GSI ID: 1086 SECURITY BULLETIN: MS SQL REFLECTION DDOS RISK FACTOR - MEDIUM 1.1 / OVERVIEW / Beginning in October 2014, PLXsert observed the use of a new type of reflection-based
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationDenial of Service Attacks
2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,
More informationThreat Advisory: Trivial File Transfer Protocol (TFTP) Reflection DDoS
Classification: TLP-GREEN RISK LEVEL: MEDIUM Threat Advisory: Trivial File Transfer Protocol (TFTP) Reflection DDoS Release Date: 6.1.16 1.0 / OVERVIEW / Akamai SIRT is investigating a new DDoS reflection
More informationArbor s Solution for ISP
Arbor s Solution for ISP Recent Attack Cases DDoS is an Exploding & Evolving Trend More Attack Motivations Geopolitical Burma taken offline by DDOS attack Protests Extortion Visa, PayPal, and MasterCard
More informationDDoS Attack Mitigation Report. Media & Entertainment Finance, Banking & Insurance. Retail
DDoS Attack Mitigation Report Media & Entertainment Finance, Banking & Insurance Retail DDoS Attack Mitigation Report Media & Entertainment Attack on Spanish-Language News Site is Abandoned When Traffic
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationProlexic Quarterly Global DDoS Attack Report Q2 2013. Q2 2013 saw significant increases in average DDoS attack bandwidth and packet-per-second rates
Prolexic Quarterly Global DDoS Attack Report Q2 2013 Q2 2013 saw significant increases in average DDoS attack bandwidth and packet-per-second rates Analysis and Emerging Trends At a Glance Compared to
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 4 4TH QUARTER 2014
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 4 4TH QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: 4 Mitigations by Attack Size 4 MITIGATIONS BY INDUSTRY VERTICAL
More informationSurviving DNS DDoS Attacks. Introducing self-protecting servers
Introducing self-protecting servers Background The current DNS environment is subject to a variety of distributed denial of service (DDoS) attacks, including reflected floods, amplification attacks, TCP
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Gain comprehensive visibility into DDoS attacks and cyber-threats with easily accessible
More informationNetwork Bandwidth Denial of Service (DoS)
Network Bandwidth Denial of Service (DoS) Angelos D. Keromytis Department of Computer Science Columbia University Synonyms Network flooding attack, packet flooding attack, network DoS Related Concepts
More informationTDC s perspective on DDoS threats
TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)
More informationLoad Balancing Security Gateways WHITE PAPER
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
More informationERT Attack Report. Attacks on Large US Bank During Operation Ababil. March 2013
Attacks on Large US Bank During Operation Ababil March 2013 Table of Contents Executive Summary... 3 Background: Operation Ababil... 3 Servers Enlisted to Launch the Attack... 3 Attack Vectors... 4 Variations
More informationCHAPTER 4 : CASE STUDY WEB APPLICATION DDOS ATTACK GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: CASE STUDY WEB APPLICATION DDOS ATTACK 1 WEB APPLICATION DDOS ATTACK CASE STUDY MORAL Ensuring you have DoS/DDoS protection in place, before you are attacked, can pay off. OVERVIEW XYZ Corp (name changed
More informationDDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business.
[ Executive Brief ] DDoS DETECTING DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. Your data isn t safe. And neither is your website or your business. Hacking has become more prevalent and more sophisticated
More informationSurvey on DDoS Attack in Cloud Environment
Available online at www.ijiere.com International Journal of Innovative and Emerging Research in Engineering e-issn: 2394-3343 p-issn: 2394-5494 Survey on DDoS in Cloud Environment Kirtesh Agrawal and Nikita
More informationAttack and Defense Techniques
Network Security Attack and Defense Techniques Anna Sperotto, Ramin Sadre Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attack Taxonomy Many different kind of
More informationWhite paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
More information[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd.
[Restricted] ONLY for designated groups and individuals Contents 1 2 3 4 Industry Trends DDoS Attack Types Solutions to DDoS Attacks Summary 2 Cybercrime Landscape DNS Hijacking Malware 3% 3% Targeted
More informationSecurityDAM On-demand, Cloud-based DDoS Mitigation
SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS
More informationSurvey on DDoS Attack Detection and Prevention in Cloud
Survey on DDoS Detection and Prevention in Cloud Patel Ankita Fenil Khatiwala Computer Department, Uka Tarsadia University, Bardoli, Surat, Gujrat Abstract: Cloud is becoming a dominant computing platform
More information1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?
Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against
More informationStop DDoS Attacks in Minutes
PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)
More informationDDoS Protection on the Security Gateway
DDoS Protection on the Security Gateway Best Practices 24 August 2014 Protected 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by
More informationJUST FOR THOSE WHO CAN T TOLERATE DOWNTIME WE ARE NOT FOR EVERYONE
WE ARE NOT FOR EVERYONE JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME Don t let a DDoS attack bring your online business to a halt we can protect any server in any location DON T GET STUCK ON THE ROAD OF
More informationFuzzy Network Profiling for Intrusion Detection
Fuzzy Network Profiling for Intrusion Detection John E. Dickerson (jedicker@iastate.edu) and Julie A. Dickerson (julied@iastate.edu) Electrical and Computer Engineering Department Iowa State University
More information[state of the internet] / DDoS Reflection Vectors. Threat Advisory: NetBIOS name server, RPC portmap and Sentinel reflection DDoS
TLP: GREEN Issue Date: 2015.10.28 Risk Factor- Medium Threat Advisory: NetBIOS name server, RPC portmap and Sentinel reflection DDoS 1.0 / OVERVIEW / In the third quarter of 2015, Akamai mitigated and
More informationNSFOCUS Web Application Firewall White Paper
White Paper NSFOCUS Web Application Firewall White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect
More informationCompany Overview. October 2014
Company Overview October 2014 Presentation Structure 1 DDoS Attacks 2 Black Lotus DDoS Defense Solution 3 About Black Lotus What Does Black Lotus Do? We are a security company that protects businesses
More informationService Description DDoS Mitigation Service
Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Contents Contents 1 Introduction...3 2 An Overview...3
More informationDistributed Denial of Service protection
Distributed Denial of Service protection The cost in terms of lost business caused by a successful DDoS attacks can be significant. Our solution recognises when a DDoS attack is happening and identifies
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview
More informationSeminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
More informationInformation Technology Solutions
THE THREAT Organizations are making large investment in cyber defense, but are still in the dark in terms of how they would fare up against one of the simplest attacks that Cyber-criminals use to take
More informationDDoS Protection Technology White Paper
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
More informationWhat to Look for When Choosing a CDN for DDoS Protection Written by Bizety
What to Look for When Choosing a CDN for DDoS Protection Written by Bizety WHITE PAPER Introduction Every online company should be familiar with Distributed Denial of Service (DDoS) attacks and the risk
More informationAn Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks
2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks Reyhaneh
More informationHow To Stop A Ddos Attack On A Website From Being Successful
White paper Combating DoS/DDoS Attacks Using Cyberoam Eliminating the DDoS Threat by Discouraging the Spread of Botnets www.cyberoam.com Introduction Denial of Service (DoS) and Distributed Denial of Service
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More information