Denial of Service Attacks and Resilient Overlay Networks

Size: px
Start display at page:

Download "Denial of Service Attacks and Resilient Overlay Networks"

Transcription

1 Denial of Service Attacks and Resilient Overlay Networks Angelos D. Keromytis Network Security Lab Computer Science Department, Columbia University

2 Motivation: Network Service Availability

3 Motivation: Network Service Availability

4 Why Does It Matter? We are increasingly relying on Internet Services Financial services, Voice over IP (VoIP), e- Government, news, Cloud Computing,... But Internet Services are not dependable... Denial of Service attacks can disrupt online service DDoS attack on Estonia (2007) 2 Weeks, 1M computers, 5,000 clicks per second DDoS attacks against Georgia (2008) Storm Worm: 1.7M infected machines used for DDoS (typically extortion) Ease of assembling and controlling botnets means the problem will persist

5 Defenses End-users/sites: Bandwidth over-provisioning Multi-hosting/multi-homing Use of Content Delivery Networks ISPs: Blackhole routing Anomaly detection & blocking Centralized vs. distributed

6 Research Activity IP traceback (attribution) IP Pushback (reactive blocking) Collaborative filtering (reactive blocking) Router/receiver capabilities (proactive blocking) Improve host-based protection

7 Impediments to deployment Few economic incentives for deployment Most schemes require global adoption & deployment End-users lack the means to react DDoS is mostly an externality for ISPs no market opportunity for router manufacturers Cross-ISP collaboration not always feasible Competition concerns

8 Overlay Networks A different term of distributed system Collection of systems Connected over a wide-area network, such as the Internet Route traffic amongst them without considering physical topology Addressing, neighborhood, other properties may differ from those of the actual network fabric Good way of introducing new functionality into the network without changing routers/protocols (and, sometimes, end-hosts)

9 Using Overlay Networks Distribute logical function of a firewall across the Internet Allow users to contact any overlay node Any overlay node can validate a legitimate user Once admitted into overlay, user s traffic is treated preferentially Allowed to reach attacked site All other traffic dropped/rate-limited

10 Advantages of Overlay Networks Difficult to attack with a DDoS due to distributed nature Assumes large enough overlay Does not rely on ISP co-operation or goodwill Can take advantage of such, where it exists A single overlay can provide protection service to different users Commercialization model similar to CDN A large enough distributed organization can create its own overlay

11 Issues with Overlay Networks How do users discover (accessible) overlay nodes? Largely static content, users (software) can access any node Overlay network becomes obvious target of attack Dedicated nodes, easier to harden Performance issues Higher latency, lower throughput due to non-direct routing How can we tell who is a legitimate user, vs. a bot? How do we effectively discriminate overlay vs. non-overlay traffic?

12 WebSOS: Protection for Web Services

13 WebSOS: Protection for Web Services

14 WebSOS: Protection for Web Services

15 WebSOS: Protection for Web Services

16 WebSOS: Protection for Web Services Can we remove Packet Filtering?

17 Move: An End-to-End Solution for DDoS

18 Move: An End-to-End Solution for DDoS Attack

19 Move: An End-to-End Solution for DDoS

20 Move: An End-to-End Solution for DDoS

21 Prototype in Planet-Lab

22 Migration Performance Round Trip time

23 Limitations of WebSOS & MOVE Time (in seconds) Latency Overhead for various SSL Services Direct Original Request Cached Requests 1 0 Yahoo! Verisign Columbia Columbia (2nd) Latency increase by a factor of 2 when using indirection

24 Limitations of WebSOS & MOVE Time (in seconds) Latency Overhead for various SSL Services Direct Original Request Cached Requests 1 0 Yahoo! Verisign Columbia Columbia (2nd) Latency increase by a factor of 2 when using indirection Also vulnerable to some more intelligent attacks...

25 New Attack: Sweeping Attack

26 New Attack: Sweeping Attack

27 New Attack: Sweeping Attack

28 New Attack: Stalker Attack

29 New Attack: Stalker Attack

30 New Attack: Stalker Attack

31 New Attack: Stalker Attack

32 EXAMPLE: TCP assumes low-latency, stable, fixed capacity, high-quality link Resilience Results: Throughput Throughput vs Degradation Error Rate of in SACK regular with TCP PER 10 9 C7,06;6/8*+-*?-%&"'-B8/9-5!!-I6+;-#F5K RTT: 6ms RTT: 24ms RTT: 104ms Goodput (Mbps) Performance region of wired networks Performance region of MANETs!"#$%&"'( )*+,-.*+/0*1-1**234-56/7-.*+/0*1-83-/97-* 6;62/6/8*+- < < Packet Error Rate(%) %98HE=<60 '61:6+606<6+ I5#JKD-'4'4-56<6E I&!L!-)6> K

33 Fix attempt: use many entry points But this solution increases the state stored!!!

34 Ticket-based mechanism to the rescue Move state to the ticket Ticket is issued by the Overlay using a shared key Ticket becomes a contract between the user and the overlay Use of a shared key guarantees honor of the agreement

35 Key & Ticket Establishment protocol

36 Ticket Design Random spreading sequence protects against stalker attacks Packet sequence range guarantees traffic control Ticket design and issue protocol prevent replay, spoofing and computational attacks

37 Client Connection Initiation

38 Spread Spectrum Architecture - Replication Multi-Path + Spreading + Ticket allows Packet Replication

39 A2M: Access Assured Mobile Desktop Computing

40 Performance Results: Latency End-to-End Latency with Client Packet Replication nodes 16 nodes 32 nodes 76 nodes Overlay / Direct No Repl. 1.5x 2x 3x Client Packet Replication

41 Resilience Results: Throughput Throughput vs Node Failure 600 Direct No Repl. 1.5x 2x 3x KB/Sec % 3% 4% 9% 17% 21% 27% 35% 43% 46% 55% % Node Failure

42 Resilience Results: Latency (Web) End-to-End Latency vs Node Failure (Web) No Repl. 1.5x 2x 3x

43 Performance Results: Latency (Web) Web Latency vs Packet Replication Video Quality vs Packet Replication hosts 8 hosts 100% Size: 352 x hosts 8 hosts % Latency (s) Video Quality 60% 40% % 0.00 Direct 0% 50% Replication 100% 200% 0% Direct 0% 50% Replication 100% 200%

44 Ticket Generation Benchmark

45 Resilience Results: Video Streaming 100% Video Quality vs Node Failure Video Quality 80% 60% 40% 20% 0% 0% 50% 100% 200% % Node Failures

46 Resilience Results: Video Streaming Video Quality vs Node Failure for Wireless 100% 80% Video Quality 60% 40% 20% 0% 0% 50% 100% 200% % Node Failures

47 Resilience Results: Video Streaming Video Quality vs Node Failure 100% 80% Video Quality 60% 40% 20% 0% 5 clients - 0% 5 clients - 50% 5 clients - 100% 5 clients - 200% 8 clients - 0% 8 clients - 50% 8 clients - 100% 8 clients - 200% % Node Failures

48 TCP Friendliness of Approach Initial implementation non-tcp friendly provided the worst case scenario (use of non-responsive channels) Current implementation encodes path in the TCP options field for acknowledgments generating a different TCP-window for each path Works for regular TCP, UDP, and UDP-encapsulated TCP Existence of multiple paths makes attacks against TCP more difficult

49 Conclusion Recent events have demonstrated the continued and real threat of DDoS as an effectve instrument of both cyber-warfare and cyber-crime Overlay-based mechanisms can mitigate the impact of large DDoS attacks Topology- and provider-independent deployment at relatively low cost Performance impact low (< 10%), only incurred during attack periods A pan-european DDoS Protection Network? Leverage PlanetLab/GRID sites as seeds

50 What is the underlying problem? How clients connect to the overlay: Connection to a single indirection node (entry point) Client s state is stored to this entry point End-to-End connection depends on a small but static set of overlay nodes

51 What is the underlying problem (II)? How the overlay sees the client: User can establish multiple connections to an overlay node An authenticated client can inject any amount of traffic to the overlay network Even if there is access control in the entry point the user can reset that by attacking the entry point

Network Bandwidth Denial of Service (DoS)

Network Bandwidth Denial of Service (DoS) Network Bandwidth Denial of Service (DoS) Angelos D. Keromytis Department of Computer Science Columbia University Synonyms Network flooding attack, packet flooding attack, network DoS Related Concepts

More information

The Evolution of Computer Security Attacks and Defenses. Angelos D. Keromytis Columbia University angelos@cs.columbia.edu

The Evolution of Computer Security Attacks and Defenses. Angelos D. Keromytis Columbia University angelos@cs.columbia.edu The Evolution of Computer Security Attacks and Defenses Angelos D. Keromytis Columbia University angelos@cs.columbia.edu This talk A look at the evolution of: nature of attackers and their goals cyber

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

The Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet

The Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet The Coremelt Attack Ahren Studer and Adrian Perrig 1 We ve Come to Rely on the Internet Critical for businesses Up to date market information for trading Access to online stores One minute down time =

More information

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04. Data Centers Protection from DoS attacks. Trends and solutions Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.2010 Cybercrime Trends Page 2 Types of DoS attacks and classical

More information

Arbor s Solution for ISP

Arbor s Solution for ISP Arbor s Solution for ISP Recent Attack Cases DDoS is an Exploding & Evolving Trend More Attack Motivations Geopolitical Burma taken offline by DDOS attack Protests Extortion Visa, PayPal, and MasterCard

More information

Adaptive Distributed Traffic Control Service for DDoS Attack Mitigation

Adaptive Distributed Traffic Control Service for DDoS Attack Mitigation Adaptive Distributed Traffic Control Service for DDoS Attack Mitigation Bernhard Plattner, ETH ZürichZ Joint work with Matthias Bossardt and Thomas Dübendorfer TIK ETH Zürich UK ProgNet Workshop, 1st December

More information

Network Performance Monitoring at Minimal Capex

Network Performance Monitoring at Minimal Capex Network Performance Monitoring at Minimal Capex Some Cisco IOS technologies you can use to create a high performance network Don Thomas Jacob Technical Marketing Engineer About ManageEngine Network Servers

More information

Distributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015

Distributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015 Distributed Systems 23. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2015 November 17, 2015 2014-2015 Paul Krzyzanowski 1 Motivation Serving web content from one location presents

More information

Prevention, Detection, Mitigation

Prevention, Detection, Mitigation Thesis for the Degree of DOCTOR OF PHILOSOPHY Multifaceted Defense Against Distributed Denial of Service Attacks: Prevention, Detection, Mitigation Zhang Fu Division of Networks and Systems Department

More information

LIST OF FIGURES. Figure No. Caption Page No.

LIST OF FIGURES. Figure No. Caption Page No. LIST OF FIGURES Figure No. Caption Page No. Figure 1.1 A Cellular Network.. 2 Figure 1.2 A Mobile Ad hoc Network... 2 Figure 1.3 Classifications of Threats. 10 Figure 1.4 Classification of Different QoS

More information

The Requirement for a New Type of Cloud Based CDN

The Requirement for a New Type of Cloud Based CDN The Requirement for a New Type of Cloud Based CDN Executive Summary The growing use of SaaS-based applications has highlighted some of the fundamental weaknesses of the Internet that significantly impact

More information

Technical Series. A Prolexic White Paper. Firewalls: Limitations When Applied to DDoS Protection

Technical Series. A Prolexic White Paper. Firewalls: Limitations When Applied to DDoS Protection A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial

More information

CHAPTER 6. VOICE COMMUNICATION OVER HYBRID MANETs

CHAPTER 6. VOICE COMMUNICATION OVER HYBRID MANETs CHAPTER 6 VOICE COMMUNICATION OVER HYBRID MANETs Multimedia real-time session services such as voice and videoconferencing with Quality of Service support is challenging task on Mobile Ad hoc Network (MANETs).

More information

Distributed Denial of Service Attacks & Defenses

Distributed Denial of Service Attacks & Defenses Distributed Denial of Service Attacks & Defenses Guest Lecture by: Vamsi Kambhampati Fall 2011 Distributed Denial of Service (DDoS) Exhaust resources of a target, or the resources it depends on Resources:

More information

packet retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.

packet retransmitting based on dynamic route table technology, as shown in fig. 2 and 3. Implementation of an Emulation Environment for Large Scale Network Security Experiments Cui Yimin, Liu Li, Jin Qi, Kuang Xiaohui National Key Laboratory of Science and Technology on Information System

More information

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to

More information

G-Lab: A Future Generation Internet Research Platform

G-Lab: A Future Generation Internet Research Platform Institute of Computer Science Department of Distributed Systems Prof. G-Lab: A Future Generation Internet Research Platform www3.informatik.uni-wuerzburg.de Institute of Computer Science University of

More information

CS 356 Lecture 16 Denial of Service. Spring 2013

CS 356 Lecture 16 Denial of Service. Spring 2013 CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

FortiDDos Size isn t everything

FortiDDos Size isn t everything FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One

More information

Security Toolsets for ISP Defense

Security Toolsets for ISP Defense Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.

More information

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS : DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s

More information

TDC s perspective on DDoS threats

TDC s perspective on DDoS threats TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)

More information

TECHNICAL NOTE 01/2006 ENGRESS AND INGRESS FILTERING

TECHNICAL NOTE 01/2006 ENGRESS AND INGRESS FILTERING TECHNICAL NOTE 01/2006 ENGRESS AND INGRESS FILTERING 20 APRIL 2006 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation to

More information

DoS: Attack and Defense

DoS: Attack and Defense DoS: Attack and Defense Vincent Tai Sayantan Sengupta COEN 233 Term Project Prof. M. Wang 1 Table of Contents 1. Introduction 4 1.1. Objective 1.2. Problem 1.3. Relation to the class 1.4. Other approaches

More information

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013 the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point

More information

Denial of Service Attacks

Denial of Service Attacks (DoS) What Can be DoSed? First Internet DoS Attack The TCP State Diagram SYN Flooding Anti-Spoofing Better Data Structures Attacking Compact Data Structures Generic Solution SYN Cookies It s Not Perfect

More information

Prevention, Detection and Mitigation of DDoS Attacks. Randall Lewis MS Cybersecurity

Prevention, Detection and Mitigation of DDoS Attacks. Randall Lewis MS Cybersecurity Prevention, Detection and Mitigation of DDoS Attacks Randall Lewis MS Cybersecurity DDoS or Distributed Denial-of-Service Attacks happens when an attacker sends a number of packets to a target machine.

More information

Glasnost or Tyranny? You Can Have Secure and Open Networks!

Glasnost or Tyranny? You Can Have Secure and Open Networks! AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009

More information

Protecting Mobile Devices From TCP Flooding Attacks

Protecting Mobile Devices From TCP Flooding Attacks Protecting Mobile Devices From TCP Flooding Attacks Yogesh Swami % and Hannes Tschofenig* % Nokia Research Center, Palo Alto, CA, USA. * Siemens Corporate Technology, Munich, DE. 1 Motivation Anatomy of

More information

DEFENSE NETWORK FAQS DATA SHEET

DEFENSE NETWORK FAQS DATA SHEET DATA SHEET VERISIGN INTERNET DEFENSE NETWORK FAQS WHAT IS A DOS OR DDOS ATTACK? A Denial of Service attack or Distributed Denial of Service attack occurs when a single host (DoS), or multiple hosts (DDoS),

More information

Columbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems

Columbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems Columbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems Henning Schulzrinne Eilon Yardeni Somdutt Patnaik Columbia University CS Department Gaston Ormazabal Verizon

More information

CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS

CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 137 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 CONCLUSION In this thesis, efficient schemes have been designed and analyzed to control congestion and distribute the load in the routing process of

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Cyber Security Where Do I Begin?

Cyber Security Where Do I Begin? ISPE Automation Forum Cyber Security Where Do I Begin? Don Dickinson Project Engineer Phoenix Contact ..50% more infected Web pages Click in the on one last and three you months won t of notice 2008 than

More information

Design and Experiments of small DDoS Defense System using Traffic Deflecting in Autonomous System

Design and Experiments of small DDoS Defense System using Traffic Deflecting in Autonomous System Design and Experiments of small DDoS Defense System using Traffic Deflecting in Autonomous System Ho-Seok Kang and Sung-Ryul Kim Konkuk University Seoul, Republic of Korea hsriver@gmail.com and kimsr@konkuk.ac.kr

More information

Advanced Computer Networks

Advanced Computer Networks Introduction to Mobile Ad hoc Networks (MANETs) Advanced Computer Networks Outline Ad hoc networks Differences to other networks Applications Research areas Routing Other research areas Enabling Technologies

More information

Denial of Service. Tom Chen SMU tchen@engr.smu.edu

Denial of Service. Tom Chen SMU tchen@engr.smu.edu Denial of Service Tom Chen SMU tchen@engr.smu.edu Outline Introduction Basics of DoS Distributed DoS (DDoS) Defenses Tracing Attacks TC/BUPT/8704 SMU Engineering p. 2 Introduction What is DoS? 4 types

More information

Denial of Service (DoS) Technical Primer

Denial of Service (DoS) Technical Primer Denial of Service (DoS) Technical Primer Chris McNab Principal Consultant, Matta Security Limited chris.mcnab@trustmatta.com Topics Covered What is Denial of Service? Categories and types of Denial of

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

Seminar Computer Security

Seminar Computer Security Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example

More information

Availability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013

Availability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013 the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered

More information

Virtual Privacy vs. Real Security

Virtual Privacy vs. Real Security Virtual Privacy vs. Real Security Certes Networks at a glance Leader in Multi-Layer Encryption Offices throughout North America, Asia and Europe Growing installed based with customers in 37 countries Developing

More information

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges

More information

DDoS Basics. internet: unique numbers that identify areas and unique machines on the network.

DDoS Basics. internet: unique numbers that identify areas and unique machines on the network. DDoS Basics Introduction Distributed Denial of Service (DDoS) attacks are designed to prevent or degrade services provided by a computer at a given Internet Protocol 1 (IP) address. This paper will explain,

More information

Network Simulation Traffic, Paths and Impairment

Network Simulation Traffic, Paths and Impairment Network Simulation Traffic, Paths and Impairment Summary Network simulation software and hardware appliances can emulate networks and network hardware. Wide Area Network (WAN) emulation, by simulating

More information

Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc

Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc (International Journal of Computer Science & Management Studies) Vol. 17, Issue 01 Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc Dr. Khalid Hamid Bilal Khartoum, Sudan dr.khalidbilal@hotmail.com

More information

Safeguards Against Denial of Service Attacks for IP Phones

Safeguards Against Denial of Service Attacks for IP Phones W H I T E P A P E R Denial of Service (DoS) attacks on computers and infrastructure communications systems have been reported for a number of years, but the accelerated deployment of Voice over IP (VoIP)

More information

Restorable Logical Topology using Cross-Layer Optimization

Restorable Logical Topology using Cross-Layer Optimization פרויקטים בתקשורת מחשבים - 236340 - סמסטר אביב 2016 Restorable Logical Topology using Cross-Layer Optimization Abstract: Today s communication networks consist of routers and optical switches in a logical

More information

Radware s Behavioral Server Cracking Protection

Radware s Behavioral Server Cracking Protection Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information

More information

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS) SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS) Neha Maurya, ASM S IBMR ABSTRACT: Mobile Ad hoc networks (MANETs) are a new paradigm of wireless network, offering unrestricted mobility without any underlying

More information

TalkShow Advanced Network Tips

TalkShow Advanced Network Tips TalkShow Advanced Network Tips NewTek Workflow Team TalkShow is a powerful tool to expand a live production. While connecting in a TalkShow unit is as simple as plugging in a network cord and an SDI cable,

More information

Distributed Systems. 25. Content Delivery Networks (CDN) 2014 Paul Krzyzanowski. Rutgers University. Fall 2014

Distributed Systems. 25. Content Delivery Networks (CDN) 2014 Paul Krzyzanowski. Rutgers University. Fall 2014 Distributed Systems 25. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2014 November 16, 2014 2014 Paul Krzyzanowski 1 Motivation Serving web content from one location presents

More information

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers

More information

WAN Performance Analysis A Study on the Impact of Windows 7

WAN Performance Analysis A Study on the Impact of Windows 7 A Talari Networks White Paper WAN Performance Analysis A Study on the Impact of Windows 7 Test results demonstrating WAN performance changes due to upgrading to Windows 7 and the network architecture and

More information

DDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter

DDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS Threat Report Insights on Finding, Fighting, and Living with DDoS Attacks v1.1 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News - 2014 DDoS Trends

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Endpoint Based Policy Management: The Road Ahead

Endpoint Based Policy Management: The Road Ahead Endpoint Based Policy Management: The Road Ahead Introduction In a rapidly growing and crowded security solutions market, organizations need to deploy the most effective technologies taking into consideration

More information

Octoshape s Multicast Technology Suite:

Octoshape s Multicast Technology Suite: : The Next-Gen CDN Alternative for Large-Scale, Cost-Optimized, Global HD Streaming HQ: +45 8833 4680 USA: +1 770 578 1686 Asia: +65 81125330 www.octoshape.com Table of Contents Core Transport...4 Making

More information

Intrusion Detection for Mobile Ad Hoc Networks

Intrusion Detection for Mobile Ad Hoc Networks Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems

More information

VoIP Over the Internet: Is Toll Quality Achievable?

VoIP Over the Internet: Is Toll Quality Achievable? VoIP Over the Internet: Is Toll Quality Achievable? Mansour Karam, Technical Lead SCV Communications Society May 12, 2004 1 Agenda Introduction VoIP versus VoIP over the Internet Challenges for VoIP over

More information

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest

More information

Complete Protection against Evolving DDoS Threats

Complete Protection against Evolving DDoS Threats Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion

More information

Network Virtualization

Network Virtualization Network Virtualization Jennifer Rexford Advanced Computer Networks http://www.cs.princeton.edu/courses/archive/fall08/cos561/ Tuesdays/Thursdays 1:30pm-2:50pm Introduction Motivation for network virtualization

More information

Huawei One Net Campus Network Solution

Huawei One Net Campus Network Solution Huawei One Net Campus Network Solution 2 引 言 3 园 区 网 面 临 的 挑 战 4 华 为 园 区 网 解 决 方 案 介 绍 6 华 为 园 区 网 解 决 方 案 对 应 产 品 组 合 6 结 束 语 Introduction campus network is an internal network of an enterprise or organization,

More information

Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System

Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System Shams Fathima M.Tech,Department of Computer Science Kakatiya Institute of Technology & Science, Warangal,India

More information

Content Distribution Networks (CDNs)

Content Distribution Networks (CDNs) 229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the

More information

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview

More information

Quality Certificate for Kaspersky DDoS Prevention Software

Quality Certificate for Kaspersky DDoS Prevention Software Quality Certificate for Kaspersky DDoS Prevention Software Quality Certificate for Kaspersky DDoS Prevention Software Table of Contents Definitions 3 1. Conditions of software operability 4 2. General

More information

Defenses against Distributed Denial of Service Attacks. Internet Threat: DDoS Attacks

Defenses against Distributed Denial of Service Attacks. Internet Threat: DDoS Attacks Defenses against Distributed Denial of Service Attacks Adrian Perrig, Dawn Song, Avi Yaar CMU Internet Threat: DDoS Attacks Denial of Service (DoS) attack: consumption (exhaustion) of resources to deny

More information

An Overlay Architecture for End-to-End Service Availability. Angelos Stavrou

An Overlay Architecture for End-to-End Service Availability. Angelos Stavrou An Overlay Architecture for End-to-End Service Availability Angelos Stavrou Submitted in partial fulfillment of the Requirements for the degree of Doctor of Philosophy in the Graduate School of Arts and

More information

Multifaceted Approach to Understanding the Botnet Phenomenon

Multifaceted Approach to Understanding the Botnet Phenomenon Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic

More information

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding? Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against

More information

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS 2002 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor

More information

DDoS Protection Technology White Paper

DDoS Protection Technology White Paper DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

LARGE-SCALE INTERNET MEASUREMENTS FOR DIAGNOSTICS AND PUBLIC POLICY. Henning Schulzrinne (+ Walter Johnston & James Miller) FCC & Columbia University

LARGE-SCALE INTERNET MEASUREMENTS FOR DIAGNOSTICS AND PUBLIC POLICY. Henning Schulzrinne (+ Walter Johnston & James Miller) FCC & Columbia University 1 LARGE-SCALE INTERNET MEASUREMENTS FOR DIAGNOSTICS AND PUBLIC POLICY Henning Schulzrinne (+ Walter Johnston & James Miller) FCC & Columbia University 2 Overview Quick overview What does MBA measure? Can

More information

BlackRidge Technology Transport Access Control: Overview

BlackRidge Technology Transport Access Control: Overview 2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service

More information

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service

More information

Cisco Network Foundation Protection Overview

Cisco Network Foundation Protection Overview Cisco Network Foundation Protection Overview June 2005 1 Security is about the ability to control the risk incurred from an interconnected global network. Cisco NFP provides the tools, technologies, and

More information

TCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) Internet Protocol (IP)

TCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) Internet Protocol (IP) TCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) *Slides adapted from a talk given by Nitin Vaidya. Wireless Computing and Network Systems Page

More information

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK AN OVERVIEW OF MOBILE ADHOC NETWORK: INTRUSION DETECTION, TYPES OF ATTACKS AND

More information

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter

More information

Content Distribution over IP: Developments and Challenges

Content Distribution over IP: Developments and Challenges Content Distribution over IP: Developments and Challenges Adrian Popescu, Blekinge Inst of Technology, Sweden Markus Fiedler, Blekinge Inst of Technology, Sweden Demetres D. Kouvatsos, University of Bradford,

More information

IP Telephony Management

IP Telephony Management IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient

More information

VALIDATING DDoS THREAT PROTECTION

VALIDATING DDoS THREAT PROTECTION VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to

More information

MPLS: Key Factors to Consider When Selecting Your MPLS Provider

MPLS: Key Factors to Consider When Selecting Your MPLS Provider White paper MPLS: Key Factors to Consider When Selecting Your MPLS Provider New Edge Networks June 2008 New Edge Networks 3000 Columbia House Blvd. Vancouver, WA 98661 360-693-9009 1-866-636-EDGE www.newedgenetworks.com

More information

Disaster-Resilient Backbone and Access Networks

Disaster-Resilient Backbone and Access Networks The Workshop on Establishing Resilient Life-Space in the Cyber-Physical Integrated Society, March. 17, 2015, Sendai, Japan Disaster-Resilient Backbone and Access Networks Shigeki Yamada (shigeki@nii.ac.jp)

More information

TECHNICAL NOTE 10/03 DEPLOYMENT GUIDANCE FOR INTRUSION DETECTION SYSTEMS

TECHNICAL NOTE 10/03 DEPLOYMENT GUIDANCE FOR INTRUSION DETECTION SYSTEMS TECHNICAL NOTE 10/03 DEPLOYMENT GUIDANCE FOR INTRUSION DETECTION SYSTEMS 19 NOVEMBER 2003 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor

More information

DETECTING AND PREVENTING THE PACKET FOR TRACE BACK DDOS ATTACK IN MOBILE AD-HOC NETWORK

DETECTING AND PREVENTING THE PACKET FOR TRACE BACK DDOS ATTACK IN MOBILE AD-HOC NETWORK DETECTING AND PREVENTING THE PACKET FOR TRACE BACK DDOS ATTACK IN MOBILE AD-HOC NETWORK M.Yasodha 1, S.Umarani 2, D.Sharmila 3 1 PG Scholar, Maharaja Engineering College, Avinashi, India. 2 Assistant Professor,

More information

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques

More information

Wireless Sensor Networks Chapter 14: Security in WSNs

Wireless Sensor Networks Chapter 14: Security in WSNs Wireless Sensor Networks Chapter 14: Security in WSNs António Grilo Courtesy: see reading list Goals of this chapter To give an understanding of the security vulnerabilities of Wireless Sensor Networks

More information

Distributed Denial of Service (DDoS)

Distributed Denial of Service (DDoS) Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by

More information

ΕΠΛ 674: Εργαστήριο 5 Firewalls

ΕΠΛ 674: Εργαστήριο 5 Firewalls ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized

More information

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking ProCurve Networking by HP Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking Introduction... 2 Today s Network Security Landscape... 2 Accessibility...

More information

The server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015.

The server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015. 1 TLP: GREEN 02.11.15 GSI ID: 1086 SECURITY BULLETIN: MS SQL REFLECTION DDOS RISK FACTOR - MEDIUM 1.1 / OVERVIEW / Beginning in October 2014, PLXsert observed the use of a new type of reflection-based

More information

Technology Blueprint. Defend Against Denial of Service Attacks. Protect each IT service layer against exploitation and abuse

Technology Blueprint. Defend Against Denial of Service Attacks. Protect each IT service layer against exploitation and abuse Technology Blueprint Defend Against Denial of Service (DOS and DDOS) Attacks Protect each IT service layer against exploitation and abuse LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL

More information

White Paper. Requirements of Network Virtualization

White Paper. Requirements of Network Virtualization White Paper on Requirements of Network Virtualization INDEX 1. Introduction 2. Architecture of Network Virtualization 3. Requirements for Network virtualization 3.1. Isolation 3.2. Network abstraction

More information