19. DDoS Mechanisms ENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park

Size: px
Start display at page:

Download "19. DDoS Mechanisms ENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park"

Transcription

1 19. DDoS Mechanisms ENEE 757 CMSC 818V Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park Today s Lecture Where we ve been AuthenCcaCon and access control Network security Exploits Worms Where we re going today Denial of service Where we re going next More denial of service 2 1

2 Network Denial of Service (DoS) Goal: take out a large site with limle compucng work DoS can happen at any layer Link TCP/UDP ApplicaCon DoS solucons for one layer cannot always be replicated at other layers This means that DoS cannot be solved with end- to- end solucons Need cooperacon from the network Sad truth: Current Internet not designed to handle DDoS amacks 3 Types of DoS AOacks We ve seen TCP SYN Floods TCP Con Floods DoS by conneccon reset UDP flood DNS amplificacon Some common pamerns DoS by sending junk packets Hide amacker locacon by spoofing IP addresses Use a botnet to conduct Distributed Denial of Service (DDoS) Take advantage of protocols that reflect and amplify traffic (e.g. DNS, NTP) 4 2

3 Largest Recorded DoS AOack [Czyz, Kallitsis, Gharaibeh, Papadopoulos, Bailey, Karir, 2014] NTP: up to x1,000,000 amplificaxon monlist: Give me the addresses of the last 600 machines you talked to Spoofed SrcIP: DoS target 600 addresses DoS Source NTP (Network Time Protocol) server DoS Target 10 Feb 2014: 325 Gbps amack against French target hmp:// amacks- welcome- to- the- hockey- scck- era/ Several similar amacks between Dec 2013 Feb 2014 Exceeded previous peak throughputs by 200% NTP monlist amplifier populacon dropped by 93% between Jan Apr 2014 Likely a result of nocficacon campaign by researchers 5 TradiXonal DDoS Trade- Off DDoS AMacks are either Persistent or Scalable to N Servers N x traffic to 1 server => high- intensity traffic triggers network deteccon deteccon not triggered => low- intensity traffic is insufficient for N servers 6 3

4 Example: DDoS AOack on Spamhaus (2013) Adversary: DDoS - > 1 Spamhaus Server (3/16 3/18) persistent: ~ Gpbs Spamhaus - > CloudFlare (3/19 3/22) non- scalable: - > Gbps traffic is diffused over N > 20 servers in 4 hours Adversary K open DNS resolvers AOack traffic ` Anycast 7 7 Spamhaus AOack Second Stage Adversary - 100K open DNS resolvers Adversary: DDoS - > 4 IXPs (3/23) scalable: regionally degraded conneccvity some disconneccon - non- persistent: amack detected, pushed back & legicmate traffic re- routed in ~ hours... AOack traffic IXP Anycast 8 8 4

5 Persistent and Scalable DDoS Through Link Flooding We ve seen: opcmiscc acknowledgment amack AMacker can saturate the return paths from legicmate servers In theory, can cause Internet- wide congescon collapse Coordinated link- flooding amacks can degrade conneccvity of N- server areas persistently N = small (e.g servers) N = medium (e.g. all servers in Maryland) N = large (e.g. the West Coast of the US) " out" exp( ) * x ** ( ) " out" exp( ) * x ** ( ) Power Laws of Internet Topology [Faloutsos 3, On Power- Law RelaConships of the Internet Topology ] Power law: y(x) = ax k % of routes traverse 20% of routers " out" exp( ) * x ** ( ) 10 Leverage this empirical observacon to implement 1 persistent and scalable link- flooding amacks AMack traffic is indiscnguishable from legicmate at target router AMack is moving target for same N- server area Changes target links before triggering alarms Count "routes.out" exp( ) * x ** ( ) Router out- degree 10 5

6 The Coremelt AOack [Studer and Perrig, 2009] N bots and O(N 2 ) legi(mate flows flood core routers 10 Mbps Core Flooding Ex. N = 10 4 => 10 8 flows x 10 Kbps / flow => exhausts 100 x 10 Gbps links 11 Crossfire AOack [Kang, Lee & Gligor, 2013] N bots 1 Mbps Link Flooding M chosen IP addresses NxM legi(mate- looking flows Ex. N = 10 4, M = 100 => 10 6 flows x 10Kbps/flow => exhausts a 10 Gbps link 12 6

7 1- Link Crossfire AOack Flows => IndisXnguishable from LegiXmate low- rate flows 40 Gbps Bots (4 Kbps x 10K bots x 1K decoys) Decoy Servers Use same links as real DDoS target Link Crossfire AOack Flows => IndisXnguishable from LegiXmate changing sets of flows Bots Decoy Servers 14 7

8 1- Link Crossfire AOack Flows => Alarms Not Triggered suspend flows in t < T det sec & resume later Bots Decoy Servers link- failure deteccon latency, T det IGP routers: 217 sec/80 Gbps 608 sec/60 Gbps BGP routers: 1,076 sec/80gbps 11,119 sec/60 Gbps t = sec => Alarms are Not Triggered 15 n- Link Crossfire n links traversed by a large number of persistent paths to a target area. small n; e.g., 5-15 Narrow Path Waist (observed power law for Internet route paths) N servers RelaXvely Alternate Good good target link set moving targets, same N servers = suspend- resume flooding of different link sets 16 8

9 11/19/14 AOack Step 1: Link- Map ConstrucXon trace results traceroute routers persistent vs. transient links Internet servers target area Only persistent links are targeted 17 AOack Step 2: Target- Link SelecXon Select n Target Links Goal: Find n links whose failure maximizes degradacon raco (DR) Internet servers => maximum coverage problem target area 18 9

10 11/19/14 AOack Step 3: Bot CoordinaXon Commands AOack Flows Low send/receive rates ~ 1 Mbps Internet decoy server servers target area 19 Degradation Ratio Degraded ConnecXvity DegradaCon Degradation Ratio raco Number of target links n target links Number of target links DR = # degraded bot- to- target area paths / # all bot- to- target area Flooding a few target links causes high degradacon (DR) 10 links => DR: 74 90% for Univ1 and Univ2 15 links => DR: 53% (33%) for Virginia (West Coast) Univ1 Univ2 New York Pennsylvania Massachusetts MassachuseMs Virginia East Coast (US) West Coast (US) Univ1 Univ2 New York Pennsylvania Massachusetts Virginia East Coast (US) West Coast (US) 20 10

11 EffecXve Independence of Bot DistribuXon Se ng: Experiments using 6 different bot distribucons < Bot distribucon on the map > Result: No significant difference in amack performance DegradaCon raco Univ1 Pennsylvania East Cost (US) Baseline Distr1 Distr2 Distr3 Distr4 Distr5 Distr6 n target links 21 Fundamental Causes of DoS AOacks Asymmetric state allocacon Receiver must do more work than sender (e.g. TCP SYN flood) Persistent rate gap Max network line rate >> max server rate This gap has not changed much over Cme Allows an army of bots to flood public servers with junk traffic Power laws of the Internet topology Result in a narrow path waist to any potencal target Enables crossfire amack 22 11

12 Sources Various slides from Vitaly ShmaCkov and Virgil Gligor 23 Review of Lecture What did we learn? Trade- offs and causes of DDoS amacks The coremelt amack The crossfire amack Paper discussion: Inferring Internet Denial- of- Service AcCvity Discussion lead: Ahmed Scribe: Wei What s next? More DDoS 24 12

Characterization and Analysis of NTP Amplification Based DDoS Attacks

Characterization and Analysis of NTP Amplification Based DDoS Attacks Characterization and Analysis of NTP Amplification Based DDoS Attacks L. Rudman Department of Computer Science Rhodes University Grahamstown g11r0252@campus.ru.ac.za B. Irwin Department of Computer Science

More information

How to launch and defend against a DDoS

How to launch and defend against a DDoS How to launch and defend against a DDoS John Graham-Cumming October 9, 2013 The simplest way to a safer, faster and smarter website DDoSing web sites is... easy Motivated groups of non-technical individuals

More information

The Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet

The Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet The Coremelt Attack Ahren Studer and Adrian Perrig 1 We ve Come to Rely on the Internet Critical for businesses Up to date market information for trading Access to online stores One minute down time =

More information

Acquia Cloud Edge Protect Powered by CloudFlare

Acquia Cloud Edge Protect Powered by CloudFlare Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....

More information

CloudFlare advanced DDoS protection

CloudFlare advanced DDoS protection CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com

More information

How To Protect A Dns Authority Server From A Flood Attack

How To Protect A Dns Authority Server From A Flood Attack the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point

More information

DRDoS Attacks: Latest Threats and Countermeasures. Larry J. Blunk Spring 2014 MJTS 4/1/2014

DRDoS Attacks: Latest Threats and Countermeasures. Larry J. Blunk Spring 2014 MJTS 4/1/2014 DRDoS Attacks: Latest Threats and Countermeasures Larry J. Blunk Spring 2014 MJTS 4/1/2014 Outline Evolution and history of DDoS attacks Overview of DRDoS attacks Ongoing DNS based attacks Recent NTP monlist

More information

How To Attack Isc.Org.Org With A Dnet On A Network With A Pnet On The Same Day As A Dbus On A Pc Or Ipnet On An Ipnet.Org On A 2.5Th Gen.Net

How To Attack Isc.Org.Org With A Dnet On A Network With A Pnet On The Same Day As A Dbus On A Pc Or Ipnet On An Ipnet.Org On A 2.5Th Gen.Net Surviving a DDoS Attack: What every host needs to know Maria Karaivanova, Business Development David Koston, Platform www.cloudflare.com DDoS Attacks are becoming massive, and easier to initiate!2 Major

More information

DDoS attacks on electronic payment systems. Sean Rijs and Joris Claassen Supervisor: Stefan Dusée

DDoS attacks on electronic payment systems. Sean Rijs and Joris Claassen Supervisor: Stefan Dusée DDoS attacks on electronic payment systems Sean Rijs and Joris Claassen Supervisor: Stefan Dusée Scope High volume DDoS attacks Electronic payment systems Low bandwidth requirements: 5 from account X to

More information

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons Attribution-ShareAlike 4.0 International license. As a provider

More information

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security

More information

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS : DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s

More information

/ Staminus Communications

/ Staminus Communications / Staminus Communications Global DDoS Mitigation and Technology Provider Whitepaper Series True Cost of DDoS Attacks for Hosting Companies The most advanced and experienced DDoS mitigation provider in

More information

DDoS Mitigation Solutions

DDoS Mitigation Solutions DDoS Mitigation Solutions The Real Cost of DDOS Attacks Hosting, including colocation at datacenters, dedicated servers, cloud hosting, shared hosting, and infrastructure as a service (IaaS) supports

More information

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic

More information

CS 356 Lecture 16 Denial of Service. Spring 2013

CS 356 Lecture 16 Denial of Service. Spring 2013 CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

Denial of Service Attacks

Denial of Service Attacks 2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,

More information

DDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen. Eldad Chai, VP Product

DDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen. Eldad Chai, VP Product DDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen Eldad Chai, VP Product Incapsula Application Delivery from the Cloud 2 DDoS 101 ISP Network Devices Web servers Applications

More information

DDoS attacks in CESNET2

DDoS attacks in CESNET2 DDoS attacks in CESNET2 Ondřej Caletka 15th March 2016 Ondřej Caletka (CESNET) DDoS attacks in CESNET2 15th March 2016 1 / 22 About CESNET association of legal entities, est. 1996 public and state universities

More information

TDC s perspective on DDoS threats

TDC s perspective on DDoS threats TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)

More information

ENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park

ENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park 21. Botnets ENEE 757 CMSC 818V Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park http://ter.ps/757 https://www.facebook.com/sdsatumd Today s Lecture Where we ve been AuthenDcaDon

More information

ENSC 427 Communications Network Spring 2015 Group 8 http://www.sfu.ca/~spc12/ Samuel Chow <spc12 at sfu.ca> Tenzin Sherpa <tserpa at sfu.

ENSC 427 Communications Network Spring 2015 Group 8 http://www.sfu.ca/~spc12/ Samuel Chow <spc12 at sfu.ca> Tenzin Sherpa <tserpa at sfu. Performance analysis of a system during a DDoS attack ENSC 427 Communications Network Spring 2015 Group 8 http://www.sfu.ca/~spc12/ Samuel Chow Tenzin Sherpa Sam Hoque

More information

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons Attribution-ShareAlike 4.0 International license. As a provider

More information

Availability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013

Availability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013 the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered

More information

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Protect your network: planning for (DDoS), Distributed Denial of Service attacks Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product

More information

Check Point DDoS Protector

Check Point DDoS Protector Check Point DDoS Protector June 2012 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. Cybercrime

More information

Introduction to DDoS Attacks. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter

Introduction to DDoS Attacks. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter Introduction to DDoS Attacks Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News Q1 2014 DDoS Attack Trends DDoS Attack Trends Q4 2013 Mobile devices

More information

DDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter

DDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS Threat Report Insights on Finding, Fighting, and Living with DDoS Attacks v1.1 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News - 2014 DDoS Trends

More information

Data Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE

Data Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE Data Sheet V-Net Link 700 C Series Link Load Balancer V-NetLink:Link Load Balancing Solution from VIAEDGE V-NetLink : Link Load Balancer As the use of the Internet to deliver organizations applications

More information

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015 Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan April 23, 2015 1 / 24 Secure networks Before the advent of modern telecommunication network,

More information

[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd.

[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals Contents 1 2 3 4 Industry Trends DDoS Attack Types Solutions to DDoS Attacks Summary 2 Cybercrime Landscape DNS Hijacking Malware 3% 3% Targeted

More information

Distributed Denial of Service Attack Tools

Distributed Denial of Service Attack Tools Distributed Denial of Service Attack Tools Introduction: Distributed Denial of Service Attack Tools Internet Security Systems (ISS) has identified a number of distributed denial of service tools readily

More information

Distributed Denial of Service Attacks & Defenses

Distributed Denial of Service Attacks & Defenses Distributed Denial of Service Attacks & Defenses Guest Lecture by: Vamsi Kambhampati Fall 2011 Distributed Denial of Service (DDoS) Exhaust resources of a target, or the resources it depends on Resources:

More information

CHARACTERIZATION AND ANALYSIS OF NTP AMPLIFIER TRAFFIC

CHARACTERIZATION AND ANALYSIS OF NTP AMPLIFIER TRAFFIC 54 CHARACTERIZATION AND ANALYSIS OF NTP AMPLIFIER TRAFFIC L. Rudman and B. Irwin Security and Networks Research Group, Dept. of Computer Science, Rhodes University, Grahamstown 6139, South Africa E-mail:

More information

Restorable Logical Topology using Cross-Layer Optimization

Restorable Logical Topology using Cross-Layer Optimization פרויקטים בתקשורת מחשבים - 236340 - סמסטר אביב 2016 Restorable Logical Topology using Cross-Layer Optimization Abstract: Today s communication networks consist of routers and optical switches in a logical

More information

Denial of Service Attacks and Resilient Overlay Networks

Denial of Service Attacks and Resilient Overlay Networks Denial of Service Attacks and Resilient Overlay Networks Angelos D. Keromytis Network Security Lab Computer Science Department, Columbia University Motivation: Network Service Availability Motivation:

More information

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks Stop DDoS before they stop you! James Braunegg (Micron 21) What Is Distributed Denial of Service A Denial of Service attack (DoS)

More information

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide Table of Content I. Note... 1 II. Login... 1 III. Real-time, Daily and Monthly Report... 3 Part A: Real-time Report... 3 Part 1: Traffic Details... 4 Part 2: Protocol Details... 5 Part B: Daily Report...

More information

Mitigating DDoS Attacks at Layer 7

Mitigating DDoS Attacks at Layer 7 Mitigating DDoS Attacks at Layer 7 Detect, Localize and Mitigate using DNS GSLB Allan Jude ScaleEngine Inc. Introductions Allan Jude 12 Years as FreeBSD Server Admin Architect of the ScaleEngine CDN (HTTP

More information

SECURING APACHE : DOS & DDOS ATTACKS - I

SECURING APACHE : DOS & DDOS ATTACKS - I SECURING APACHE : DOS & DDOS ATTACKS - I In this part of the series, we focus on DoS/DDoS attacks, which have been among the major threats to Web servers since the beginning of the Web 2.0 era. Denial

More information

DoS/DDoS Attacks and Protection on VoIP/UC

DoS/DDoS Attacks and Protection on VoIP/UC DoS/DDoS Attacks and Protection on VoIP/UC Presented by: Sipera Systems Agenda What are DoS and DDoS Attacks? VoIP/UC is different Impact of DoS attacks on VoIP Protection techniques 2 UC Security Requirements

More information

SANE: A Protection Architecture For Enterprise Networks

SANE: A Protection Architecture For Enterprise Networks Fakultät IV Elektrotechnik und Informatik Intelligent Networks and Management of Distributed Systems Research Group Prof. Anja Feldmann, Ph.D. SANE: A Protection Architecture For Enterprise Networks WS

More information

NETNOD Autumn 2014 October 2, 2014

NETNOD Autumn 2014 October 2, 2014 Surviving a DDoS Attack: Securing CDN traffic at CloudFlare NETNOD Autumn 2014 October 2, 2014 Martin J. Levy, Network Strategy www.cloudflare.com DDoS Attacks are becoming massive, and easier to initiate

More information

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Keyur Chauhan 1,Vivek Prasad 2 1 Student, Institute of Technology, Nirma University (India) 2 Assistant Professor,

More information

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding? Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against

More information

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service

More information

Defending Computer Networks Lecture 10: Firewalls. Stuart Staniford Adjunct Professor of Computer Science

Defending Computer Networks Lecture 10: Firewalls. Stuart Staniford Adjunct Professor of Computer Science Defending Computer Networks Lecture 10: Firewalls Stuart Staniford Adjunct Professor of Computer Science Main Goals for Today Firewalls. Maybe start Distributed Denial of Service. Establish Central

More information

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno CSE 490K Lecture 14 Botnets and Spam Tadayoshi Kohno Some slides based on Vitaly Shmatikov s Botnets! Botnet = network of autonomous programs capable of acting on instructions Typically a large (up to

More information

VALIDATING DDoS THREAT PROTECTION

VALIDATING DDoS THREAT PROTECTION VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to

More information

DDoS Overview and Incident Response Guide. July 2014

DDoS Overview and Incident Response Guide. July 2014 DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target

More information

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad

More information

Network attack and defense

Network attack and defense Network attack and defense CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration 2007, 2008 Robert H. Sloan 1 Outline 1. Overview

More information

Surviving DNS DDoS Attacks. Introducing self-protecting servers

Surviving DNS DDoS Attacks. Introducing self-protecting servers Introducing self-protecting servers Background The current DNS environment is subject to a variety of distributed denial of service (DDoS) attacks, including reflected floods, amplification attacks, TCP

More information

Reducing the impact of DoS attacks with MikroTik RouterOS

Reducing the impact of DoS attacks with MikroTik RouterOS Reducing the impact of DoS attacks with MikroTik RouterOS Alfredo Giordano Matthew Ciantar WWW.TIKTRAIN.COM 1 About Us Alfredo Giordano MikroTik Certified Trainer and Consultant Support deployment of WISP

More information

How To Protect Your Network From A Ddos Attack On A Network With Pip (Ipo) And Pipi (Ipnet) From A Network Attack On An Ip Address Or Ip Address (Ipa) On A Router Or Ipa

How To Protect Your Network From A Ddos Attack On A Network With Pip (Ipo) And Pipi (Ipnet) From A Network Attack On An Ip Address Or Ip Address (Ipa) On A Router Or Ipa Defenses against Distributed Denial of Service Attacks Adrian Perrig, Dawn Song, Avi Yaar CMU Internet Threat: DDoS Attacks Denial of Service (DoS) attack: consumption (exhaustion) of resources to deny

More information

WAN OPTIMIZATION. Srinivasan Padmanabhan (Padhu) Network Architect Texas Instruments, Inc.

WAN OPTIMIZATION. Srinivasan Padmanabhan (Padhu) Network Architect Texas Instruments, Inc. WAN OPTIMIZATION Srinivasan Padmanabhan (Padhu) Network Architect Texas Instruments, Inc. Disclaimer Please be aware that the concepts and opinions expressed in the following presentation are those of

More information

2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative

2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative 2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago,

More information

Kick starting science...

Kick starting science... Computer ing (TDDD63): Part 1 Kick starting science... Niklas Carlsson, Associate Professor http://www.ida.liu.se/~nikca/ What do you have in the future? What do you have in the future? How does it keep

More information

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer 2012 Infrastructure Security Report 8th Annual Edition Kleber Carriello Consulting Engineer Key Findings in the Survey* Advanced Persistent Threats (APT) a top concern for service providers and enterprises

More information

Effect of anycast on K-root

Effect of anycast on K-root Effect of anycast on K-root Some early results 1 K root anycast deployment 3 global nodes (BGP transit) LINX... 5459 25152 25152 i AMS-IX... 25152 25152 25152 i Tokyo (since 5/2005)... 25152 25152 25152

More information

Deploying IP Anycast. Core DNS Services for University of Minnesota Introduction and General discussion

Deploying IP Anycast. Core DNS Services for University of Minnesota Introduction and General discussion Deploying IP Anycast Core DNS Services for University of Minnesota Introduction and General discussion Agenda Deploying IPv4 anycast DNS What is ANYCAST Why is ANYCAST important? Monitoring and using ANYCAST

More information

Automated Mitigation of the Largest and Smartest DDoS Attacks

Automated Mitigation of the Largest and Smartest DDoS Attacks Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

Don t get DDoSed and Confused. Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services

Don t get DDoSed and Confused. Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services Don t get DDoSed and Confused Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services Agenda Intro/Data Collection DDoS Basics Trends and Statistics Adversarial Groups/Motivations Defense

More information

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Introduction about DDoS. Security Functional Requirements

Introduction about DDoS. Security Functional Requirements S W G IT P Security Functional Requirements for Anti-DDoS Products Jun Woo Park (junusee@tta.or.kr) TTA, Korea Global Leader of ICT Standardization & Certification Ⅰ Introduction about DDoS Ⅱ Security

More information

DNS, DNSSEC and DDOS. Geoff Huston APNIC February 2014

DNS, DNSSEC and DDOS. Geoff Huston APNIC February 2014 DNS, DNSSEC and DDOS Geoff Huston APNIC February 2014 The Evolu3on of Evil It used to be that they sent evil packets to their chosen vic3m but this exposed the abacker, and limited the damage they could

More information

Denial of Service. Tom Chen SMU tchen@engr.smu.edu

Denial of Service. Tom Chen SMU tchen@engr.smu.edu Denial of Service Tom Chen SMU tchen@engr.smu.edu Outline Introduction Basics of DoS Distributed DoS (DDoS) Defenses Tracing Attacks TC/BUPT/8704 SMU Engineering p. 2 Introduction What is DoS? 4 types

More information

Quality Certificate for Kaspersky DDoS Prevention Software

Quality Certificate for Kaspersky DDoS Prevention Software Quality Certificate for Kaspersky DDoS Prevention Software Quality Certificate for Kaspersky DDoS Prevention Software Table of Contents Definitions 3 1. Conditions of software operability 4 2. General

More information

Radware s Attack Mitigation Solution On-line Business Protection

Radware s Attack Mitigation Solution On-line Business Protection Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...

More information

PROFESSIONAL SECURITY SYSTEMS

PROFESSIONAL SECURITY SYSTEMS PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security

More information

Firewalls and Network Defence

Firewalls and Network Defence Firewalls and Network Defence Harjinder Singh Lallie (September 12) 1 Lecture Goals Learn about traditional perimeter protection Understand the way in which firewalls are used to protect networks Understand

More information

Denial of Service and Anomaly Detection

Denial of Service and Anomaly Detection Denial of Service and Anomaly Detection Vasilios A. Siris Institute of Computer Science (ICS) FORTH, Crete, Greece vsiris@ics.forth.gr SCAMPI BoF, Zagreb, May 21 2002 Overview! What the problem is and

More information

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with

More information

Mitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy

Mitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy Mitigating Denial of Service Attacks Why Crossing Fingers is Not a Strategy Introduction Mark Baldwin - Owner of Tectonic Security MSSP and Security Consulting Primarily Work With SMBs DDoS Mitigation

More information

Real Life DoS/DDOS Threats and Benefits of Deep DDOS Inspection. Oğuz YILMAZ CTO Labris Networks

Real Life DoS/DDOS Threats and Benefits of Deep DDOS Inspection. Oğuz YILMAZ CTO Labris Networks Real Life DoS/DDOS Threats and Benefits of Deep DDOS Inspection Oğuz YILMAZ CTO Labris Networks 1 Today Labris Networks L7 Attacks L7 HTTP DDoS Detection Problems Case Study: Deep DDOS Inspection (DDI

More information

TCP/IP Protocol Suite. Marshal Miller Chris Chase

TCP/IP Protocol Suite. Marshal Miller Chris Chase TCP/IP Protocol Suite Marshal Miller Chris Chase Robert W. Taylor (Director of Information Processing Techniques Office at ARPA 1965-1969) "For each of these three terminals, I had three different sets

More information

Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks

Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks Threat Paper Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks Federal Computer Incident Response Center 7 th and D Streets S.W. Room 5060 Washington,

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

A Primer for Distributed Denial of Service (DDoS) Attacks

A Primer for Distributed Denial of Service (DDoS) Attacks A Primer for Distributed Denial of Service (DDoS) Attacks Hemant Jain, VP of Engineering Sichao Wang, Director of Product Management April 2012, Fortinet, Inc A Primer for Distributed Denial of Service

More information

Prolexic Quarterly Global DDoS Attack Report Q4 2012

Prolexic Quarterly Global DDoS Attack Report Q4 2012 Prolexic Quarterly Global DDoS Attack Report Q4 2012 Q4 2012 was defined by the increasing scale and diversity of DDoS attacks as well as the enduring nature of botnets. Analysis and emerging trends At

More information

Distributed Denial of Service

Distributed Denial of Service Distributed Denial of Service Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@Csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc7502_04/ Louisiana

More information

Network Measurement. Why Measure the Network? Types of Measurement. Traffic Measurement. Packet Monitoring. Monitoring a LAN Link. ScienLfic discovery

Network Measurement. Why Measure the Network? Types of Measurement. Traffic Measurement. Packet Monitoring. Monitoring a LAN Link. ScienLfic discovery Why Measure the Network? Network Measurement Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 ScienLfic discovery Characterizing traffic, topology, performance Understanding

More information

DDoS Protection on the Security Gateway

DDoS Protection on the Security Gateway DDoS Protection on the Security Gateway Best Practices 24 August 2014 Protected 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by

More information

How To Understand A Network Attack

How To Understand A Network Attack Network Security Attack and Defense Techniques Anna Sperotto (with material from Ramin Sadre) Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attacks! Many different

More information

How To Mitigate A Ddos Attack

How To Mitigate A Ddos Attack VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS 4 Mitigations by Attack Size 4 Mitigations by Industry 5

More information

Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6?

Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6? Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6? - and many other vital questions to ask your firewall vendor Zlata Trhulj Agilent Technologies zlata_trhulj@agilent.com

More information

Security Toolsets for ISP Defense

Security Toolsets for ISP Defense Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.

More information

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Rocky K. C. Chang The Hong Kong Polytechnic University Presented by Scott McLaren 1 Overview DDoS overview Types of attacks

More information

How Cisco IT Protects Against Distributed Denial of Service Attacks

How Cisco IT Protects Against Distributed Denial of Service Attacks How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN

More information

Kaspersky Lab. Contents

Kaspersky Lab. Contents KASPERSKY DDOS INTELLIGENCE REPORT Q3 2015 Contents Contents... 1 Q3 events... 2 Attacks on financial organizations... 2 Unusual attack scenario... 2 XOR DDoS bot activity... 2 DDoS availability... 3 Statistics

More information

SURE 5 Zone DDoS PROTECTION SERVICE

SURE 5 Zone DDoS PROTECTION SERVICE SURE 5 Zone DDoS PROTECTION SERVICE Sure 5 Zone DDoS Protection ( the Service ) provides a solution to protect our customer s sites against Distributed Denial of Service (DDoS) attacks by analysing incoming

More information

Web Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module

Web Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module Web Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module While HTTP Flood and DoS attacks are spreading nowadays, there is a new attack surface reduction

More information

Arbor s Solution for ISP

Arbor s Solution for ISP Arbor s Solution for ISP Recent Attack Cases DDoS is an Exploding & Evolving Trend More Attack Motivations Geopolitical Burma taken offline by DDOS attack Protests Extortion Visa, PayPal, and MasterCard

More information

FortiDDos Size isn t everything

FortiDDos Size isn t everything FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One

More information

DNS amplification attacks

DNS amplification attacks amplification attacks Matsuzaki Yoshinobu 2006/04/25 Copyright (C) 2006 Internet Initiative Japan Inc. 1 amplification attacks Attacks using IP spoofed dns query generating a traffic overload

More information

Survey on DDoS Attack in Cloud Environment

Survey on DDoS Attack in Cloud Environment Available online at www.ijiere.com International Journal of Innovative and Emerging Research in Engineering e-issn: 2394-3343 p-issn: 2394-5494 Survey on DDoS in Cloud Environment Kirtesh Agrawal and Nikita

More information

The XenoService A Distributed Defeat for Distributed Denial of Service

The XenoService A Distributed Defeat for Distributed Denial of Service The XenoService A Distributed Defeat for Distributed Denial of Service Jianxin Yan, Stephen Early, Ross Anderson Computer Laboratory, Cambridge University Distributed Denial of Service Exploits a number

More information