Surviving DDoS. SANOG X 5 September ed.lewis@neustar.biz. 5 Sep '07, SANOG X ed.lewis@neustar.biz 1
|
|
- Drusilla Black
- 8 years ago
- Views:
Transcription
1 Surviving DDoS SANOG X 5 September 2007 ed.lewis@neustar.biz 5 Sep '07, SANOG X ed.lewis@neustar.biz 1
2 Theme How does a provider of information and services overcome Denial of Service situations? An important tradeoff to think about A simple constrained system is easy to control and make efficient A sufficiently capable and reliable system is going to have some complexities 5 Sep '07, SANOG X ed.lewis@neustar.biz 2
3 Agenda Know Your Enemy Defensive Strategy Anycast as a Building Block Effective Defense 5 Sep '07, SANOG X ed.lewis@neustar.biz 3
4 Know Your Enemy Denial of Service attack on a process DoS attack on a computer Dos attack on a network DDoS attack 5 Sep '07, SANOG X ed.lewis@neustar.biz 4
5 What is a DoS? DDos? Slowing a process Killing a process bad packets good packets Crunch Service Element (Process) Service Element (Process) 5 Sep '07, SANOG X ed.lewis@neustar.biz 5
6 Network Level DoS A Network Denial of Service ISP Router Customer Router Service Element (Process) The attack hits in the ISP, not the "victim" site. DDoS - traffic floods from different ISPs 5 Sep '07, SANOG X ed.lewis@neustar.biz 6
7 Network Level DDoS Different ISP Attack traffic mingles with legitimate cross border traffic ISP Router Customer Router Service Element (Process) Different ISP Different ISP 5 Sep '07, SANOG X ed.lewis@neustar.biz 7
8 Defensive Strategy Toss the bad packets faster than they arrive Identify the bad ones time-to-identify Dispose of them as quickly as possible time-to-dispose Give yourself more time to act time-between-arrivals 5 Sep '07, SANOG X ed.lewis@neustar.biz 8
9 Applying some math Queuing Theory "average service time must be less than the inter-arrival rate or the system is unstable" If queues always grow longer, it is bad If (time-to-identify + time-to-dispose) > (time-between-arrivals) then you have a problem 5 Sep '07, SANOG X ed.lewis@neustar.biz 9
10 Time diagram t i m e client server server Transmission time Identify Dispose Time spent on attack packet Identify Dispose 5 Sep '07, SANOG X ed.lewis@neustar.biz 10
11 Time diagram - "red" t i m e client server server Transmission time Identify Dispose Time spent on attack packet Identify Dispose Bad interarrival time What a jumbled mess! 5 Sep '07, SANOG X ed.lewis@neustar.biz 11
12 Time diagram - "green" t i m e client server server Transmission time Identify Dispose Time spent on attack packet Identify Dispose Good interarrival time Time to "breathe" between packets is good 5 Sep '07, SANOG X ed.lewis@neustar.biz 12
13 Time diagram t i m e client server server Transmission time Identify Dispose Time spent on attack packet Identify Dispose Bad interarrival time If the next packet is the red one, trouble, if it is green, you are okay. Good interarrival time 5 Sep '07, SANOG X ed.lewis@neustar.biz 13
14 What do we do? Time to identify Look for the attack's pattern Time to dispose Filter, drop fast Inter-arrival time More service points (e.g., load balancing) 5 Sep '07, SANOG X ed.lewis@neustar.biz 14
15 Looking at "Service Points" More than just "add capacity" Attacks can scale more cheaply than defenses Well placed capacity needed Important building block: Anycast 5 Sep '07, SANOG X ed.lewis@neustar.biz 15
16 Anycast Anycast basics Why it works When does it break? 5 Sep '07, SANOG X ed.lewis@neustar.biz 16
17 Single-Multihomed-Anycast Single Homed A Multi-homed A A A Anycast 5 Sep '07, SANOG X ed.lewis@neustar.biz 17
18 Anycast More instances, serving network localities Coordinated, best if servers are "stateless" DNS is ideal ecommerce not so ideal 5 Sep '07, SANOG X ed.lewis@neustar.biz 18
19 With/Without Anycast Showing request flows One unicast service point Three anycast service points A A A A Traffic increasingly isolated one ISP 5 Sep '07, SANOG X ed.lewis@neustar.biz 19
20 Anycast Tradeoffs Saves Addresses Divide and Conquer strategy to handle large audiences One large network looks like many simple Many points - higher costs of operation Must coordinate routing and application load balancing strategies 5 Sep '07, SANOG X ed.lewis@neustar.biz 20
21 Routing Magic Anycast is about routing "magic" Lets routing system determine the set of clients (the "audience") for a server To make this reliable, the routing determination must be "controlled." Otherwise, instability and unpredictability take over 5 Sep '07, SANOG X ed.lewis@neustar.biz 21
22 Effective Defense Excess Provisioning Pre-positioning Anycast is a tool of each, but more work is still needed by each defensive strategy 5 Sep '07, SANOG X ed.lewis@neustar.biz 22
23 Excess Provisioning One approach is to have more capacity than any attack Resources that can be put into service only when needed (to cut cost of always "up") Relationships to get help from the different ISPs through which all attack traffic flows. 5 Sep '07, SANOG X ed.lewis@neustar.biz 23
24 Normal and Reserve Capacity Your normal capacity Up/down Stream "Your" ISP A Filter set up via special relationships A Your reserve capacity 5 Sep '07, SANOG X ed.lewis@neustar.biz 24
25 Limits Available "excess" capacity There's a cost when unutilized Scale of (human) relationships Requesting filters is not automated Have to maintain global relations with ISPs 5 Sep '07, SANOG X ed.lewis@neustar.biz 25
26 Pre-positioning Two part strategy Put data where it needs to be ahead of time Good strategy for something like DNS Use routing to control where data is accessed Try to minimize traffic between ISPs 5 Sep '07, SANOG X ed.lewis@neustar.biz 26
27 C u s t o m e r s Routing Techniques C u s t o m e r s C u s t o m e r s ISP recursive DNS DNS C u s t o m e r s C u s t o m e r s No route (normal) Backup path when internal server fails Attack traffic from here never goes to ISP Exchange Point 5 Sep '07, SANOG X ed.lewis@neustar.biz 27 D N S
28 Advantages of Pre-positioning Puts more control in hands of ISP If attack traffic happens, it comes from within ISP, source is apparent Makes network performance more stable Better access in "non-attack" times Closer servers mean faster roundtrips 5 Sep '07, SANOG X ed.lewis@neustar.biz 28
29 Conclusion DDoS attacks are part of the Internet Defense can't count on scaling past size of attack Data servers in ISP benefits service provider, ISP, and customers And simplifies the network Needs ISP to trust service provider! 5 Sep '07, SANOG X ed.lewis@neustar.biz 29
30 The last slide Discussion? 5 Sep '07, SANOG X ed.lewis@neustar.biz 30
DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT
DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More informationStrategies to Protect Against Distributed Denial of Service (DD
Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics
More informationShould the IETF do anything about DDoS attacks? Mark Handley
Should the IETF do anything about DDoS attacks? Mark Handley The Problem The Internet architecture was designed to delivery packets to the destination efficiently. Even if the destination does not want
More informationDefending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial
Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Rocky K. C. Chang The Hong Kong Polytechnic University Presented by Scott McLaren 1 Overview DDoS overview Types of attacks
More informationCS 356 Lecture 16 Denial of Service. Spring 2013
CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationco Characterizing and Tracing Packet Floods Using Cisco R
co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationBEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE
BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE Your external DNS is a mission critical business resource. Without
More informationA Fair Service Approach to Defending Against Packet Flooding Attacks
Pioneering Technologies for a Better Internet Cs3, Inc. 5777 W. Century Blvd. Suite 1185 Los Angeles, CA 90045-5600 Phone: 310-337-3013 Fax: 310-337-3012 Email: info@cs3-inc.com A Fair Service Approach
More informationHow To Stop A Ddos Attack On A Network From Tracing To Source From A Network To A Source Address
Inter-provider Coordination for Real-Time Tracebacks Kathleen M. Moriarty 2 June 2003 This work was sponsored by the Air Force Contract number F19628-00-C-002. Opinions, interpretations, conclusions, and
More informationBest Practices in DNS Anycast Service-Provision Architecture. Version 1.1 March 2006 Bill Woodcock Gaurab Raj Upadhaya Packet Clearing House
Best Practices in DNS Service-Provision Architecture Version 1.1 March 2006 Bill Woodcock Gaurab Raj Upadhaya Packet Clearing House It s all Large ISPs have been running production anycast DNS for more
More informationDeploying IP Anycast. Core DNS Services for University of Minnesota Introduction and General discussion
Deploying IP Anycast Core DNS Services for University of Minnesota Introduction and General discussion Agenda Deploying IPv4 anycast DNS What is ANYCAST Why is ANYCAST important? Monitoring and using ANYCAST
More informationDistributed Denial of Service Attacks & Defenses
Distributed Denial of Service Attacks & Defenses Guest Lecture by: Vamsi Kambhampati Fall 2011 Distributed Denial of Service (DDoS) Exhaust resources of a target, or the resources it depends on Resources:
More informationDistributed Denial of Service Attacks
Distributed Denial of Service Attacks Steve Crocker Chair, SSAC June 25, 2007 San Juan, Puerto Rico 1 Agenda Types of Attacks DDoS attacks Amplified DDoS attacks - 2006 Estonia - May 2007 What do Do 2
More informationMitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy
Mitigating Denial of Service Attacks Why Crossing Fingers is Not a Strategy Introduction Mark Baldwin - Owner of Tectonic Security MSSP and Security Consulting Primarily Work With SMBs DDoS Mitigation
More informationHow To Protect Your Network From A Ddos Attack On A Network With Pip (Ipo) And Pipi (Ipnet) From A Network Attack On An Ip Address Or Ip Address (Ipa) On A Router Or Ipa
Defenses against Distributed Denial of Service Attacks Adrian Perrig, Dawn Song, Avi Yaar CMU Internet Threat: DDoS Attacks Denial of Service (DoS) attack: consumption (exhaustion) of resources to deny
More informationYahoo Attack. Is DDoS a Real Problem?
Is DDoS a Real Problem? Yes, attacks happen every day One study reported ~4,000 per week 1 On a wide variety of targets Tend to be highly successful There are few good existing mechanisms to stop them
More informationProvider-Based Deterministic Packet Marking against Distributed DoS Attacks
Provider-Based Deterministic Packet Marking against Distributed DoS Attacks Vasilios A. Siris and Ilias Stavrakis Institute of Computer Science, Foundation for Research and Technology - Hellas (FORTH)
More informationTHE MASTER LIST OF DNS TERMINOLOGY. v 2.0
THE MASTER LIST OF DNS TERMINOLOGY v 2.0 DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To help people
More informationKASPERSKY DDoS PROTECTION. Protecting your business against financial and reputational losses with Kaspersky DDoS Protection
KASPERSKY DDoS PROTECTION Protecting your business against financial and reputational losses A Distributed Denial of Service (DDoS) attack is one of the most popular weapons in the cybercriminals arsenal.
More informationThe Reverse Firewall: Defeating DDOS Attacks Emanating from a Local Area Network
Pioneering Technologies for a Better Internet Cs3, Inc. 5777 W. Century Blvd. Suite 1185 Los Angeles, CA 90045-5600 Phone: 310-337-3013 Fax: 310-337-3012 Email: info@cs3-inc.com The Reverse Firewall: Defeating
More informationCloudFlare advanced DDoS protection
CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationHow to launch and defend against a DDoS
How to launch and defend against a DDoS John Graham-Cumming October 9, 2013 The simplest way to a safer, faster and smarter website DDoSing web sites is... easy Motivated groups of non-technical individuals
More informationFederal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks
Threat Paper Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks Federal Computer Incident Response Center 7 th and D Streets S.W. Room 5060 Washington,
More informationThe Quality of Internet Service: AT&T s Global IP Network Performance Measurements
The Quality of Internet Service: AT&T s Global IP Network Performance Measurements In today's economy, corporations need to make the most of opportunities made possible by the Internet, while managing
More informationDDoS attacks on electronic payment systems. Sean Rijs and Joris Claassen Supervisor: Stefan Dusée
DDoS attacks on electronic payment systems Sean Rijs and Joris Claassen Supervisor: Stefan Dusée Scope High volume DDoS attacks Electronic payment systems Low bandwidth requirements: 5 from account X to
More informationDenial of Service Attacks
(DoS) What Can be DoSed? First Internet DoS Attack The TCP State Diagram SYN Flooding Anti-Spoofing Better Data Structures Attacking Compact Data Structures Generic Solution SYN Cookies It s Not Perfect
More informationSeminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
More informationChoosing a Content Delivery Method
Choosing a Content Delivery Method Executive Summary Cache-based content distribution networks (CDNs) reach very large volumes of highly dispersed end users by duplicating centrally hosted video, audio
More informationSHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper
SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch
More informationDenial of Service (DoS) Technical Primer
Denial of Service (DoS) Technical Primer Chris McNab Principal Consultant, Matta Security Limited chris.mcnab@trustmatta.com Topics Covered What is Denial of Service? Categories and types of Denial of
More informationHigh-Performance DNS Services in BIG-IP Version 11
F5 White Paper High-Performance DNS Services in BIG-IP Version 11 To provide high-quality user experiences on the Internet, networks must be designed with optimized, secure, highly available, and high-performance
More informationDDoS Overview and Incident Response Guide. July 2014
DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target
More informationDDoS attacks in CESNET2
DDoS attacks in CESNET2 Ondřej Caletka 15th March 2016 Ondřej Caletka (CESNET) DDoS attacks in CESNET2 15th March 2016 1 / 22 About CESNET association of legal entities, est. 1996 public and state universities
More informationCampus LAN at NKN Member Institutions
Campus LAN at NKN Member Institutions RS MANI rsm@nkn.in 1/7/2015 3 rd Annual workshop 1 Efficient utilization Come from: Good Campus LAN Speed Segregation of LANs QoS Resilient Access Controls ( L2 and
More informationDISTRIBUTED DENIAL OF SERVICE OBSERVATIONS
: DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s
More informationCheck Point DDoS Protector
Check Point DDoS Protector June 2012 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. Cybercrime
More informationDistributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 23. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2015 November 17, 2015 2014-2015 Paul Krzyzanowski 1 Motivation Serving web content from one location presents
More informationTelecom Business Continuity Solutions FOR INTERNAL USE ONLY
Telecom Business Continuity Solutions FOR INTERNAL USE ONLY Business continuity? Perception versus reality Perceived biggest threats in 2005* Events causing disruption in 2003-04** IT / Telecom protection
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationRID-DoS: Real-time Inter-network Defense Against Denial of Service Attacks. Kathleen M. Moriarty. MIT Lincoln Laboratory.
: Real-time Inter-network Defense Against Denial of Service Attacks Kathleen M. Moriarty 22 October 2002 This work was sponsored by the Air Force Contract number F19628-00-C-002. Opinions, interpretations,
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationSTATE OF DNS AVAILABILITY REPORT
STATE OF DNS AVAILABILITY REPORT VOLUME 1 ISSUE 1 APRIL 2011 WEB SITES AND OTHER ONLINE SERVICES ARE AMONG THE MOST IMPORTANT OPERATIONAL AND REVENUE GENERATING TOOLS FOR BUSINESSES OF ALL SIZES AND INDUSTRIES.
More informationAnnouncements. No question session this week
Announcements No question session this week Stretch break DoS attacks In Feb. 2000, Yahoo s router kept crashing - Engineers had problems with it before, but this was worse - Turned out they were being
More informationDual Mechanism to Detect DDOS Attack Priyanka Dembla, Chander Diwaker 2 1 Research Scholar, 2 Assistant Professor
International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) International Journal of Engineering, Business and Enterprise
More informationSecurity Intelligenece: tracking obfuscated and unrecognized attacks. 2014 Check Point Software Technologies Ltd.
Security Intelligenece: tracking obfuscated and unrecognized attacks 2014 Check Point Software Technologies Ltd. Security Policy Rule Types: 1 Access People, Applications, Services, Servers, Data 2 Threat
More informationDenial of Service Attacks
2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,
More informationOtas%serumquis%es%explibu%sanimet%et%aut%omnisse Otas%serumquis%es%explibu%sanimet%et%aut%omnisse%nimpore%rendae% nonecerum% NUCLEUS BVBA MATTIAS GENIAR SENIOR SYSTEM ENGINEER dolorem.% MATTIAS@NUCLEUS.BE
More informationWAN Traffic Management with PowerLink Pro100
Whitepaper WAN Traffic Management with PowerLink Pro100 Overview In today s Internet marketplace, optimizing online presence is crucial for business success. Wan/ISP link failover and traffic management
More informationISP Best Practices. Addressing a DDoS Attack on a Host. Hervey Allen Network Startup Resource Center
ISP Best Practices Addressing a DDoS Attack on a Host Hervey Allen Network Startup Resource Center June 28, 2010 PacNOG 7 Conference Pago Pago, American Samoa Distributed Denial of Service Attack Summary
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationA1.1.1.11.1.1.2 1.1.1.3S B
CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security
More informationVoIP Reliability in Managed Service Deployments
1 VoIP Reliability in Managed Service Deployments Technical White Paper Introduction This White Paper introduces the Aspen 365 family of network appliances and explains how service providers offering a
More informationAssignment #3 Routing and Network Analysis. CIS3210 Computer Networks. University of Guelph
Assignment #3 Routing and Network Analysis CIS3210 Computer Networks University of Guelph Part I Written (50%): 1. Given the network graph diagram above where the nodes represent routers and the weights
More informationA TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS
ICTACT JOURNAL ON COMMUNICATION TECHNOLOGY, JUNE 2010, ISSUE: 02 A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS S.Seetha 1 and P.Raviraj 2 Department of
More informationBuilding Nameserver Clusters with Free Software
Building Nameserver Clusters with Free Software Joe Abley, ISC NANOG 34 Seattle, WA, USA Starting Point Discrete, single-host authoritative nameservers several (two or more) several (two or more) geographically
More informationTDC s perspective on DDoS threats
TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)
More informationQueuing Theory. Long Term Averages. Assumptions. Interesting Values. Queuing Model
Queuing Theory Queuing Theory Queuing theory is the mathematics of waiting lines. It is extremely useful in predicting and evaluating system performance. Queuing theory has been used for operations research.
More informationContent Distribution Networks (CDN)
229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the
More informationMulti-layer switch hardware commutation across various layers. Mario Baldi. Politecnico di Torino. http://staff.polito.it/mario.
Multi-layer switch hardware commutation across various layers Mario Baldi Politecnico di Torino http://staff.polito.it/mario.baldi Based on chapter 10 of: M. Baldi, P. Nicoletti, Switched LAN, McGraw-Hill,
More information19. Exercise: CERT participation in incident handling related to the Article 13a obligations
CERT Exercises Handbook 223 223 19. Exercise: CERT participation in incident handling related to the Article 13a obligations Main Objective Targeted Audience Total Duration This exercise provides students
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationSecurityDAM On-demand, Cloud-based DDoS Mitigation
SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS
More informationNetwork Security in Practice
Network Security in Practice Practices of Network Security ccess control: firewalls ttacks and counter measures Security protocol case studies Kai Shen 12/8/2014 CSC 257/457 - Fall 2014 1 12/8/2014 CSC
More informationSECURITY FLAWS IN INTERNET VOTING SYSTEM
SECURITY FLAWS IN INTERNET VOTING SYSTEM Sandeep Mudana Computer Science Department University of Auckland Email: smud022@ec.auckland.ac.nz Abstract With the rapid growth in computer networks and internet,
More informationIndirection. science can be solved by adding another level of indirection" -- Butler Lampson. "Every problem in computer
Indirection Indirection: rather than reference an entity directly, reference it ( indirectly ) via another entity, which in turn can or will access the original entity A x B "Every problem in computer
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More information[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd.
[Restricted] ONLY for designated groups and individuals Contents 1 2 3 4 Industry Trends DDoS Attack Types Solutions to DDoS Attacks Summary 2 Cybercrime Landscape DNS Hijacking Malware 3% 3% Targeted
More informationSecurity of IPv6 and DNSSEC for penetration testers
Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions
More informationIP Alarm System Resiliency on Disaster Recovery and ISP changes. A better alternative to DNS-based solutions
IP Alarm System Resiliency on Disaster Recovery and ISP changes A better alternative to DNS-based solutions INDEX OVERVIEW... 2 FIRELITE IP ALARM SYSTEM DESCRIPTION... 3 AUTOMATIC DISASTER RECOVERY...
More informationHow To Protect A Dns Authority Server From A Flood Attack
the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point
More informationMaking the Internet fast, reliable and secure. DE-CIX Customer Summit - 2014. Steven Schecter <schecter@akamai.com>
Making the Internet fast, reliable and secure DE-CIX Customer Summit - 2014 Steven Schecter What is a Content Distribution Network RFCs and Internet Drafts define a CDN as: Content
More informationF root anycast: What, why and how. João Damas ISC
F root anycast: What, why and how João Damas ISC Overview What is a root server? What is F? What is anycast? F root anycast. Why? How does ISC do it? What is f.root-servers.net? One the Internet s official
More informationSECURING APACHE : DOS & DDOS ATTACKS - I
SECURING APACHE : DOS & DDOS ATTACKS - I In this part of the series, we focus on DoS/DDoS attacks, which have been among the major threats to Web servers since the beginning of the Web 2.0 era. Denial
More informationDNSSEC and DNS Proxying
DNSSEC and DNS Proxying DNS is hard at scale when you are a huge target 2 CloudFlare DNS is big 3 CloudFlare DNS is fast 4 CloudFlare DNS is always under attack 5 CloudFlare A secure reverse proxy for
More informationPlanning Networks for VOIP. An Introduction
Planning Networks for VOIP An Introduction Planning Networks for VOIP Page 2/10 Contents 1 Introduction...3 2 Voice Quality Requirements...3 3 Codecs...4 4 Network Layout...5 5 Planning Capacity...6 5.1
More information1 2014 2013 Infoblox Inc. All Rights Reserved. Talks about DNS: architectures & security
1 2014 2013 Infoblox Inc. All Rights Reserved. Talks about DNS: architectures & security Agenda Increasing DNS availability using DNS Anycast Opening the internal DNS Enhancing DNS security DNS traffic
More informationNEW TECHNIQUES FOR THE DETECTION AND TRACKING OF THE DDOS ATTACKS
NEW TECHNIQUES FOR THE DETECTION AND TRACKING OF THE DDOS ATTACKS Iustin PRIESCU, PhD Titu Maiorescu University, Bucharest Sebastian NICOLAESCU, PhD Verizon Business, New York, USA Rodica NEAGU, MBA Outpost24,
More informationComputer Networks and the Internet
? Computer the IMT2431 - Data Communication and Network Security January 7, 2008 ? Teachers are Lasse Øverlier and http://www.hig.no/~erikh Lectures and Lab in A126/A115 Course webpage http://www.hig.no/imt/in/emnesider/imt2431
More informationCS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24
Introduction to Computer Networks Lecture24 Network security (continued) Key distribution Secure Shell Overview Authentication Practical issues Firewalls Denial of Service Attacks Definition Examples Key
More informationTHE MASTER LIST OF DNS TERMINOLOGY. First Edition
THE MASTER LIST OF DNS TERMINOLOGY First Edition DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To
More informationDDoS Protection on the Security Gateway
DDoS Protection on the Security Gateway Best Practices 24 August 2014 Protected 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by
More informationBurning Bridges - Routing Your Bridged WISP Network With MikroTik
Burning Bridges - Routing Your Bridged WISP Network With MikroTik Introduce Yourself Name Company & position there About Me Steve Discher 1987 graduate of Texas A&M University, in IT for more than 20 years
More informationIntroduction to Routing
Introduction to Routing How traffic flows on the Internet Philip Smith pfs@cisco.com RIPE NCC Regional Meeting, Moscow, 16-18 18 June 2004 1 Abstract Presentation introduces some of the terminologies used,
More informationwww.prolexic.com Stop DDoS Attacks in Minutes
www.prolexic.com Stop DDoS Attacks in Minutes Prolexic gives us the strong insurance policy against DDoS attacks that we were looking for. Mark Johnson, Chief Financial Officer, RealVision You ve seen
More informationDr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu. DDoS and IP Traceback. Overview
DDoS and IP Traceback Dr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu Louisiana State University DDoS and IP Traceback - 1 Overview Distributed Denial of Service
More informationImproving Network Efficiency for SMB Through Intelligent Load Balancing
Improving Network Efficiency for SMB Through Intelligent Load Balancing White Paper Series WP100134 Mike Mo, VP of Engineering January 2005 Abstract: As reliable Internet connectivity becomes a daily business
More information1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?
Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview
More informationAvailability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
More informationCan We Beat DDoS Attacks in Clouds?
GITG342 Can We Beat DDoS Attacks in Clouds? Shui Yu, Yonghong Tian, Song Guo, Dapeng Oliver Wu IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 25, NO. 9, SEPTEMBER 2014 정보통신대학원 49기 정보보호 전공
More informationDNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008
DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008 Kim Davies Internet Assigned Numbers Authority Internet Corporation for Assigned Names & Numbers Agenda How do you
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationDDoS Attack Traceback
DDoS Attack Traceback and Beyond Yongjin Kim Outline Existing DDoS attack traceback (or commonly called IP traceback) schemes * Probabilistic packet marking Logging-based scheme ICMP-based scheme Tweaking
More informationHow To Stop A Malicious Dns Attack On A Domain Name Server (Dns) From Being Spoofed (Dnt) On A Network (Networking) On An Ip Address (Ip Address) On Your Ip Address On A Pc Or Ip Address
DNS Amplification Are YOU Part of the Problem? (RIPE66 Dublin, Ireland - May 13, 2013) Merike Kaeo Security Evangelist, Internet Identity merike@internetidentity.com INTRO Statistics on DNS Amplification
More informationProtect your network: planning for (DDoS), Distributed Denial of Service attacks
Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product
More information