Reducing the Impact of Amplification DDoS Attack
|
|
- Victoria Bishop
- 8 years ago
- Views:
Transcription
1 Reducing the Impact of Amplification DDoS Attack
2 hello! I am Tommy Ngo I am here to present my reading: reducing the impact of amplification DDoS attack 2
3 1. Background Let s start with what amplification DDoS attack is 3
4 Amplification DDoS Attack Attackers abused UDP-based network protocols to launch DDoS attacks that exceed hundreds of Gbps in traffic volume. Achieved via reflective attack. Attackers choose reflectors that send back responses that are significantly larger than the requests, leading to an increased (amplified) attack volume. Called amplifier. 4
5 2. Motivation Let s talk about the motivation behind reducing the impact of amplification DDoS attack 5
6 Motivation Limited knowledge This paper will address this problem by: Understand the nature of amplifiers and determine which kinds of systems are vulnerable. reduce the number of vulnerable systems on the Internet. An analysis of potential attack vectors that adversaries could abuse in the future. Analysed the root cause behind amplification attacks 6
7 3. Nature of Amplifier & Vulnerable Systems Let s see who the target amplifiers and what the target systems are 7
8 Nature of Amplifier & Vulnerable Systems Typically, connectionless protocols in which she can send relatively small requests that result in significantly larger responses. Developed an efficient scanner Vulnerable protocols: DNS, SNMP, SSDP, CharGen, QOTD, NTP, and NetBIOS. Each protocol, sent request that can be used to amplify traffic. NTP version requests SNMP v2 GetBulk requests DNS A lookups NetBIOS default name lookup The amplification vulnerabilities of these seven protocols can be abused by attackers to launch severe amplification attacks. 8
9 Nature of Amplifier & Vulnerable Systems (cont) 9
10 Amplifier Classification Generated device fingerprints by inspecting the replies from the amplifiers during UDP scan Analyse the responses of each host and protocol to classify system in three categories: The underlying hardware The system architecture The operating system 10
11 Amplifier Classification 11
12 Amplifier Churn 12
13 4. Case Studies NTP and TCP Amplification 13
14 NTP Amplification NTP is a promising amplification vector for an attacker for three reasons NTP server implementations allow for amplification factors of up to 4,670 NTP servers have minimal IP address churn NTP offers even further amplification vectors NTP servers can be configured such that the monlist requests are disabled for unauthorized users 14
15 NTP Amplifier Notification Datasets: NTPver: all NTP servers reply to version request NTPmon: a subset of NTPver, contains NTP servers that also support the monlist request Campaign: Collaborated with security organisation to create technical advisories such as CERT-CC, MITRE and Cisco s PSIRT Distributed lists of IP addresses of the systems in the NTPmon among trusted institutions. 15
16 Result 16
17 TCP-based Amplification Attacks TCP is a connection-oriented protocol in early on (i.e., during the handshake) the IP addresses of both communication parties are implicitly verified via initially-random TCP sequence numbers Abusing TCP bring multiple benefits: providers cannot easily block or filter TCP traffic related to well-known protocols It is hard to distinguish attacks from normal traffic in a stream of TCP control segments there are millions of potential TCP amplifiers out there and fixing them seems like an infeasible operation. 17
18 TCP Amplification Background 18
19 5. Spoofer Identification 19
20 Spoofer Identification IP address spoofing is the root cause for amplification attacks. Spoofed traffic should be blocked at the network edge However, spoofing still possible. Scanned the internet to see if Autonomous Systems allows spoofing More than 2000 networks allow spoofing. 20
21 6. Criticisms 21
22 Criticisms Only scan IPv4 address space. Only NTPmon was addressed. Of the 41.9% decrease after 13 weeks, many systems presumable disappeared because of our NTP amplifier notification campaign and not because of IP churn. Only limited number of protocols were scanned and analysed. Did not give a solution for ASes that do not use egress filtering. 22
23 thanks! Any questions? 23
24 Measuring TCP Amplification 24
25 Credits Special thanks to all the people who made and released these awesome resources for free: Presentation template by SlidesCarnival Photographs by Unsplash 25
26 SlidesCarnival icons are editable shapes. This means that you can: Resize them without losing quality. Change fill color and opacity. Isn t that nice? :) Examples: 26
27 Extra graphics 27
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz, Ruhr-University Bochum https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/kuhrer
More informationDRDoS Attacks: Latest Threats and Countermeasures. Larry J. Blunk Spring 2014 MJTS 4/1/2014
DRDoS Attacks: Latest Threats and Countermeasures Larry J. Blunk Spring 2014 MJTS 4/1/2014 Outline Evolution and history of DDoS attacks Overview of DRDoS attacks Ongoing DNS based attacks Recent NTP monlist
More informationDenial of Service Attacks
2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,
More informationDDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter
DDoS Threat Report Insights on Finding, Fighting, and Living with DDoS Attacks v1.1 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News - 2014 DDoS Trends
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationCharacterization and Analysis of NTP Amplification Based DDoS Attacks
Characterization and Analysis of NTP Amplification Based DDoS Attacks L. Rudman Department of Computer Science Rhodes University Grahamstown g11r0252@campus.ru.ac.za B. Irwin Department of Computer Science
More informationThis document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons
This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons Attribution-ShareAlike 4.0 International license. As a provider
More informationNetwork Security of Internet Services: Eliminate DDoS Reflection Amplification Attacks
: Eliminate DDoS Reflection Amplification Attacks Todd Booth 1 and Karl Andersson 2 Division of Computer Science, Luleå University of Technology, Sweden 1 Information Systems 2 Pervasive and Mobile Computing
More informationStrategies to Protect Against Distributed Denial of Service (DD
Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics
More informationThis document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons
This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons Attribution-ShareAlike 4.0 International license. As a provider
More informationAmplification Hell: Revisiting Network Protocols for DDoS Abuse
Amplification Hell: Revisiting Network Protocols for DDoS Abuse Christian Rossow VU University Amsterdam, The Netherlands Horst Görtz Institute for IT-Security, Ruhr University Bochum, Germany {firstname.lastname}@rub.de
More informationHell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks
Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz Horst Görtz Institute for IT-Security, Ruhr-University Bochum,
More informationHow to launch and defend against a DDoS
How to launch and defend against a DDoS John Graham-Cumming October 9, 2013 The simplest way to a safer, faster and smarter website DDoSing web sites is... easy Motivated groups of non-technical individuals
More informationDISTRIBUTED DENIAL OF SERVICE OBSERVATIONS
: DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s
More informationHow To Mitigate A Ddos Attack
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS 4 Mitigations by Attack Size 4 Mitigations by Industry 5
More informationThreat Advisory: Trivial File Transfer Protocol (TFTP) Reflection DDoS
Classification: TLP-GREEN RISK LEVEL: MEDIUM Threat Advisory: Trivial File Transfer Protocol (TFTP) Reflection DDoS Release Date: 6.1.16 1.0 / OVERVIEW / Akamai SIRT is investigating a new DDoS reflection
More informationAmpPot: Monitoring and Defending Against Amplification DDoS Attacks
AmpPot: Monitoring and Defending Against Amplification DDoS Attacks Lukas Krämer, Johannes Krupp, Daisuke Makita, Tomomi Nishizoe, Takashi Koide, Katsunari Yoshioka, Christian Rossow( ) CISPA, Saarland
More informationHow To Understand A Network Attack
Network Security Attack and Defense Techniques Anna Sperotto (with material from Ramin Sadre) Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attacks! Many different
More informationNTP Reflection DDoS Attack Explanatory Document
NTP Reflection DDoS Attack Explanatory Document 3/13/2015 Edition 1 JANOG NTP Information Exchange WG ntp-talk-wg@janog.gr.jp Translation Contributed by SEIKO Solutions Inc. 1 2 Table of Contents 1. Overview...
More informationIntroduction to DDoS Attacks. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter
Introduction to DDoS Attacks Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News Q1 2014 DDoS Attack Trends DDoS Attack Trends Q4 2013 Mobile devices
More informationLooking for Trouble: ICMP and IP Statistics to Watch
Looking for Trouble: ICMP and IP Statistics to Watch Laura Chappell, Senior Protocol Analyst Protocol Analysis Institute [lchappell@packet-level.com] www.packet-level.com www.podbooks.com HTCIA Member,
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationCloudFlare advanced DDoS protection
CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Powerful web-based security analytics portal with easy-to-read security dashboards Proactive
More informationSSDP REFLECTION DDOS ATTACKS
TLP: AMBER GSI ID: 1079 SSDP REFLECTION DDOS ATTACKS RISK FACTOR - HIGH 1.1 OVERVIEW / PLXsert has observed the use of a new reflection and amplification distributed denial of service (DDoS) attack that
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationDon t get DDoSed and Confused. Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services
Don t get DDoSed and Confused Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services Agenda Intro/Data Collection DDoS Basics Trends and Statistics Adversarial Groups/Motivations Defense
More informationAnalysis of a DDoS Attack
Analysis of a DDoS Attack December 2014 CONFIDENTIAL CORERO INTERNAL USE ONLY Methodology around DDoS Detection & Mitigation Corero methodology for DDoS protection Initial Configuration Monitoring and
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationStrategies to Protect Against Distributed Denial of Service (DDoS) Attacks
Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks Document ID: 13634 Contents Introduction Understanding the Basics of DDoS Attacks Characteristics of Common Programs Used to Facilitate
More informationLab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace
Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:
More informationThe server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015.
1 TLP: GREEN 02.11.15 GSI ID: 1086 SECURITY BULLETIN: MS SQL REFLECTION DDOS RISK FACTOR - MEDIUM 1.1 / OVERVIEW / Beginning in October 2014, PLXsert observed the use of a new type of reflection-based
More informationHow To Stop A Malicious Dns Attack On A Domain Name Server (Dns) From Being Spoofed (Dnt) On A Network (Networking) On An Ip Address (Ip Address) On Your Ip Address On A Pc Or Ip Address
DNS Amplification Are YOU Part of the Problem? (RIPE66 Dublin, Ireland - May 13, 2013) Merike Kaeo Security Evangelist, Internet Identity merike@internetidentity.com INTRO Statistics on DNS Amplification
More informationFirewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT
Network Security s Access lists Ingress filtering s Egress filtering NAT 2 Drivers of Performance RequirementsTraffic Volume and Complexity of Static IP Packet Filter Corporate Network The Complexity of
More informationDDoS attacks in CESNET2
DDoS attacks in CESNET2 Ondřej Caletka 15th March 2016 Ondřej Caletka (CESNET) DDoS attacks in CESNET2 15th March 2016 1 / 22 About CESNET association of legal entities, est. 1996 public and state universities
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More information[state of the internet] / DDoS Reflection Vectors. Threat Advisory: NetBIOS name server, RPC portmap and Sentinel reflection DDoS
TLP: GREEN Issue Date: 2015.10.28 Risk Factor- Medium Threat Advisory: NetBIOS name server, RPC portmap and Sentinel reflection DDoS 1.0 / OVERVIEW / In the third quarter of 2015, Akamai mitigated and
More informationLab 8.3.2 Conducting a Network Capture with Wireshark
Lab 8.3.2 Conducting a Network Capture with Wireshark Objectives Perform a network traffic capture with Wireshark to become familiar with the Wireshark interface and environment. Analyze traffic to a web
More informationCyber Essentials. Test Specification
Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationCSE331: Introduction to Networks and Security. Lecture 12 Fall 2006
CSE331: Introduction to Networks and Security Lecture 12 Fall 2006 Announcements Midterm I will be held Friday, Oct. 6th. True/False Multiple Choice Calculation Short answer Short essay Project 2 is on
More informationFederal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks
Threat Paper Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks Federal Computer Incident Response Center 7 th and D Streets S.W. Room 5060 Washington,
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationVirtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN
Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts
More informationHOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
More informationWHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems
WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Gain comprehensive visibility into DDoS attacks and cyber-threats with easily accessible
More informationV-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks
Enabling Precise Defense against New DDoS Attacks 1 Key Points: DDoS attacks are more prone to targeting the application layer. Traditional attack detection and defensive measures fail to defend against
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationDos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)
Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Signature based IDS systems use these fingerprints to verify that an attack is taking place. The problem with this method
More informationDenial Of Service. Types of attacks
Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service
More informationCorero Network Security
1 st Slovenian Network Operators Group Corero Network Security Peter Cutler, Systems Engineer EMEA Hello Peter Cutler, Corero Systems Engineer BEng (Hons) Skype: petercutler_s peter.cutler@corero.com +44
More informationAntiDDoS8000 DDoS Protection Systems
AntiDDoS8000 DDoS Protection Systems Background and Challenges With the IT and network evolution, the Distributed Denial of Service (DDoS) attack has already broken away from original hacker behaviors.
More informationFirewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)
s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware
More informationStateful Firewalls. Hank and Foo
Stateful Firewalls Hank and Foo 1 Types of firewalls Packet filter (stateless) Proxy firewalls Stateful inspection Deep packet inspection 2 Packet filter (Access Control Lists) Treats each packet in isolation
More informationFirewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
More informationHow To Attack Isc.Org.Org With A Dnet On A Network With A Pnet On The Same Day As A Dbus On A Pc Or Ipnet On An Ipnet.Org On A 2.5Th Gen.Net
Surviving a DDoS Attack: What every host needs to know Maria Karaivanova, Business Development David Koston, Platform www.cloudflare.com DDoS Attacks are becoming massive, and easier to initiate!2 Major
More informationPort Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology
Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance
More informationInternet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering
Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch
More informationThis chapter covers the following topics:
This chapter covers the following topics: Components of SAFE Small Network Design Corporate Internet Module Campus Module Branch Versus Headend/Standalone Considerations for Small Networks C H A P T E
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationNetwork Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)
Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Agenda A couple of examples of network protocols that
More informationBEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE
BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE Your external DNS is a mission critical business resource. Without
More information/ Staminus Communications
/ Staminus Communications Global DDoS Mitigation and Technology Provider Whitepaper Series True Cost of DDoS Attacks for Hosting Companies The most advanced and experienced DDoS mitigation provider in
More informationDenial of Service attacks: analysis and countermeasures. Marek Ostaszewski
Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended
More informationDNS amplification attacks
amplification attacks Matsuzaki Yoshinobu 2006/04/25 Copyright (C) 2006 Internet Initiative Japan Inc. 1 amplification attacks Attacks using IP spoofed dns query generating a traffic overload
More informationFirewall Design Principles
Firewall Design Principles Software Engineering 4C03 Dr. Krishnan Stephen Woodall, April 6 th, 2004 Firewall Design Principles Stephen Woodall Introduction A network security domain is a contiguous region
More informationVALIDATING DDoS THREAT PROTECTION
VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to
More informationFIREWALLS IN NETWORK SECURITY
FIREWALLS IN NETWORK SECURITY A firewall in an information security program is similar to a building s firewall in that it prevents specific types of information from moving between the outside world,
More informationCS 356 Lecture 16 Denial of Service. Spring 2013
CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationNetwork Bandwidth Denial of Service (DoS)
Network Bandwidth Denial of Service (DoS) Angelos D. Keromytis Department of Computer Science Columbia University Synonyms Network flooding attack, packet flooding attack, network DoS Related Concepts
More informationThe Continuing Denial of Service Threat Posed by DNS Recursion (v2.0)
The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0) US-CERT Summary US-CERT has been alerted to an increase in distributed denial of service (DDoS) attacks using spoofed recursive DNS
More informationClassification of Firewalls and Proxies
Classification of Firewalls and Proxies By Dhiraj Bhagchandka Advisor: Mohamed G. Gouda (gouda@cs.utexas.edu) Department of Computer Sciences The University of Texas at Austin Computer Science Research
More informationGaurav Gupta CMSC 681
Gaurav Gupta CMSC 681 Abstract A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing Denial of Service for users of the
More informationIntro to Firewalls. Summary
Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationThe Nexpose Expert System
Technical Paper The Nexpose Expert System Using an Expert System for Deeper Vulnerability Scanning Executive Summary This paper explains how Rapid7 Nexpose uses an expert system to achieve better results
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More information7. Firewall - Concept
7. - Concept ค อ อ ปกรณ Hardware หร อ Software ซ งถ กต ดต ง เพ อ อน ญาต (permit), ปฏ เสธ(deny) หร อ เป นต วแทน(proxy data) ให ผ านไปย งเคร อข ายท ม ระด บความเช อถ อต างก น 7. - Concept components Network
More informationNETNOD Autumn 2014 October 2, 2014
Surviving a DDoS Attack: Securing CDN traffic at CloudFlare NETNOD Autumn 2014 October 2, 2014 Martin J. Levy, Network Strategy www.cloudflare.com DDoS Attacks are becoming massive, and easier to initiate
More informationRegional cyber security considerations for network operations. Eric Osterweil Principal Scientist, Verisign
Regional cyber security considerations for network operations Eric Osterweil Principal Scientist, Verisign Internet operations and cyber security These two fields are deeply intertwined But, one could
More informationDNS, DNSSEC and DDOS. Geoff Huston APNIC February 2014
DNS, DNSSEC and DDOS Geoff Huston APNIC February 2014 The Evolu3on of Evil It used to be that they sent evil packets to their chosen vic3m but this exposed the abacker, and limited the damage they could
More informationIINS Implementing Cisco Network Security 3.0 (IINS)
IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities
More informationIntroducing FortiDDoS. Mar, 2013
Introducing FortiDDoS Mar, 2013 Introducing FortiDDoS Hardware Accelerated DDoS Defense Intent Based Protection Uses the newest member of the FortiASIC family, FortiASIC-TP TM Rate Based Detection Inline
More informationA Very Incomplete Diagram of Network Attacks
A Very Incomplete Diagram of Network Attacks TCP/IP Stack Reconnaissance Spoofing Tamper DoS Internet Transport Application HTTP SMTP DNS TCP UDP IP ICMP Network/Link 1) HTML/JS files 2)Banner Grabbing
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationDOMAIN NAME SECURITY EXTENSIONS
DOMAIN NAME SECURITY EXTENSIONS The aim of this paper is to provide information with regards to the current status of Domain Name System (DNS) and its evolution into Domain Name System Security Extensions
More informationThe ISP Column A monthly column on things Internet. NTP for Evil. The Evolution of Evil. March 2014 Geoff Huston
The ISP Column A monthly column on things Internet March 2014 Geoff Huston NTP for Evil There was a story that was distributed around the newswire services at the start of February this year, reporting
More informationFirewalls. Network Security. Firewalls Defined. Firewalls
Network Security Firewalls Firewalls Types of Firewalls Screening router firewalls Computer-based firewalls Firewall appliances Host firewalls (firewalls on clients and servers) Inspection Methods Firewall
More informationSymantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper Details: Introduction When computers in a private network connect to the Internet, they physically
More informationDoS/DDoS Attacks and Protection on VoIP/UC
DoS/DDoS Attacks and Protection on VoIP/UC Presented by: Sipera Systems Agenda What are DoS and DDoS Attacks? VoIP/UC is different Impact of DoS attacks on VoIP Protection techniques 2 UC Security Requirements
More informationDDoS Mitigation Solutions
DDoS Mitigation Solutions The Real Cost of DDOS Attacks Hosting, including colocation at datacenters, dedicated servers, cloud hosting, shared hosting, and infrastructure as a service (IaaS) supports
More informationDepth-in-Defense Approach against DDoS
6th WSEAS International Conference on Information Security and Privacy, Tenerife, Spain, December 14-16, 2007 102 Depth-in-Defense Approach against DDoS Rabia Sirhindi, Asma Basharat and Ahmad Raza Cheema
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More information8. Firewall Design & Implementation
DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or
More informationThe Transport Layer. Antonio Carzaniga. October 24, 2014. Faculty of Informatics University of Lugano. 2005 2007 Antonio Carzaniga
The Transport Layer Antonio Carzaniga Faculty of Informatics University of Lugano October 24, 2014 Outline Basic concepts in transport-layer protocols Multiplexing/demultiplexing UDP message format Reliable
More information2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer
2012 Infrastructure Security Report 8th Annual Edition Kleber Carriello Consulting Engineer Key Findings in the Survey* Advanced Persistent Threats (APT) a top concern for service providers and enterprises
More information