A Living Example of DDoS Mitigation

Similar documents

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks

Stop DDoS Before They Stop You! CNNIC Conference

Architecture of a new DDoS and Web attack Mitigation System for Data Center

NSFOCUS Anti-DDoS System White Paper

DDoS Overview and Incident Response Guide. July 2014

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

JUNOS DDoS SECURE. Advanced DDoS Mitigation Technology

DDoS Threat Report. Chris Beal Chief Security Architect on Twitter

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

TDC s perspective on DDoS threats

Introduction to DDoS Attacks. Chris Beal Chief Security Architect on Twitter

Complete Protection against Evolving DDoS Threats

Ihr Standort bleibt erreichbar. Ihre Applikationen bleiben erreichbar!

Distributed Denial of Service protection

Business Case for a DDoS Consolidated Solution

Cloud Security In Your Contingency Plans

FortiDDos Size isn t everything

Introducing FortiDDoS. Mar, 2013

Service Description DDoS Mitigation Service

[Restricted] ONLY for designated groups and individuals Check Point Software Technologies Ltd.

Take the NetFlow Challenge!

SecurityDAM On-demand, Cloud-based DDoS Mitigation

Corero Network Security plc

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

Stop DDoS Attacks in Minutes

Attacks Against the Cloud: A Mitigation Strategy. Cloud Attack Mitigation & Firewall on Demand

Distributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks.

Data Sheet. DPtech Anti-DDoS Series. Overview

Arbor s Solution for ISP

Radware s Attack Mitigation Solution On-line Business Protection

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

NSFOCUS Web Application Firewall White Paper

Cisco Network Foundation Protection Overview

Ranch Networks for Hosted Data Centers

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Carrier/WAN SDN Brocade Flow Optimizer Making SDN Consumable

Don t get DDoSed and Confused. Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

How Cisco IT Protects Against Distributed Denial of Service Attacks

Real Life DoS/DDOS Threats and Benefits of Deep DDOS Inspection. Oğuz YILMAZ CTO Labris Networks

KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Performance and Scalability with the Juniper SRX5400

NSFOCUS Network Traffic Analyzer (NTA)

Security Solutions for the New Threads

Business Case for Data Center Network Consolidation

Introducing Radware Attack Mitigation System. Presenter: Werner Thalmeier September 2013

Cisco SR 520-T1 Secure Router

Huawei Traffic Cleaning Solution

NSFOCUS Web Application Firewall

Global DDoS Prevention Market

Understanding and Defending Against the Modern DDoS Threat

State of Texas. TEX-AN Next Generation. NNI Plan

DDoS Attack and Its Defense

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

VALIDATING DDoS THREAT PROTECTION

Company Overview. October 2014

BROCADE NETWORKING: EXPLORING SOFTWARE-DEFINED NETWORK. Gustavo Barros Systems Engineer Brocade Brasil

Automated Mitigation of the Largest and Smartest DDoS Attacks

Protection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd

Analysis of a DDoS Attack

How To Protect A Dns Authority Server From A Flood Attack

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

Scalable Extraction, Aggregation, and Response to Network Intelligence

Corero Network Security First Line of Defense Executive Overview

Application Note. Onsight Connect Network Requirements v6.3

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

DEFENSE NETWORK FAQS DATA SHEET

Introduction about DDoS. Security Functional Requirements

Protecting against DoS Attacks

Demonstrating the high performance and feature richness of the compact MX Series

How To Block A Ddos Attack On A Network With A Firewall

Transcription:

A Living Example of DDoS Mitigation Stop DDoS before they stop you! James Braunegg (Micron 21) Maolin Gu (NSFOCUS)

The creation of Micron21 Datacentre Removing resellers and middle men Working directly with the end customer Total control over the physical security Continuous power, continuous cooling and continuous network access 24 hour IT service and support

Micron21 DDoS Protection Over Time

Micron21 First Network

DDoS Attack - Blind

Micron21 Netflow

DDoS Attack - Netflow Over Load

Juniper SRX 3400 Cluster

DDoS Attack Firewall Over Load

Five Brocade MLXe XMR Routers Upgrade from 2gbit to 1.92 Tbps Capacity 960x Increase in capacity from Cisco Upgrade from 2 Million PPS to 1.19 Billion PPS 600x Increase in capacity from Cisco Upgrade port speed from 1gbit to a 100 GbE 100x Increase in capacity from Cisco Other Features per MLXe Triple switch fabrics Dual routing engines Four power supplies Segmented the Micron21 Network Shared Firewall customers Dedicated firewall customers No security customers

Manual Mitigation -2010-2012

Automatic DDos Mitigtatoin

Micron21 DDoS Mitigation Ok so I couldn't build Star Ship Enterprise. But.

Inside Micron21

And We Installed this Weapon!!

Micron21 DDoS Mitigation Cannon

Micron21 DDoS Mitigation Scenario USA DDoS Attack Traffic Cleaned Traffic Cogent IP Transit Direct Peering Direct Peering HE IP Transit nlayer IP Transit DDoS Portal ADS 6020 ADS-M Mgt. Southern Cross To M21 DC

Micron21 DDoS Mitigation Scenario AUST DDoS Attack Traffic M1 DC Vocus DC Primus DC Cleaned Traffic CBD Location M21 DC ADS / NTA M21 DC Kilsyth Location ADS-M Mgt. DDoS Portal Micron21 Segmented Internal Network

Thousands of Attacks per day Mitigated

Micron21 DDoS Customer Portal

A living 17G DDoS attack mitigation example

So How Does NSFOCUS work How Does the ADS Clean Traffic

ADS -- Multilayer Cleaning Attacker Internet Traffic Cleaning Center 1 2 3 4 5 Protocol Analysis Access Control List Reputation List Layer 4 Flood Mitigation Layer 7 Flood Mitigation 6 Rate Limit 1. Protocol Analysis Protocol Validation by RFC Check 2. Access Control List Layer 4 ACL Conn-Exhaustion ACL URL ACL 3. Reputation List White/Black List Dynamic Prioritizing 4. Layer 4 Flood Mitigation Source/destination IP address check/verification Various mitigation algorithms 5. Layer 7 Flood Mitigation Various mitigation algorithms Pattern Matching 6: Rate Limit Restricts traffic and ensures the critical business.

So What NSFOCUS really look like Show Me the Magic.

The Magic Box

Scale and Cluster as you Grow Collapsar Attack Mitigation 流量清洗系列 ADS ADS 2010 (2G) ADS 2020 (4G) ADS 4020(2-10G) ADS 6020 (12-20G) 1,488,000 pps 2,976,000 pps 8,928,000 pps 14,880,000 pps

24/7 Automatic DDoS Engineer

DDoS Trends in 2013 H1 DDoS Attack Frequency 5% 1% 1% 40000 35000 30000 25000 20000 15000 10000 5000 19812 29962 33807 36266 25016 23596 21% 29% 43% Bank Government Enterprise NPO ISP Other 0 Jan Feb Mar Apr May Jun Figure 2 DDoS Attacks Monitored by NSFOCUS Figure 5 Targets of Major DDoS Attacks TCP_FLOOD 38,7% The combination of Hybrid DDoS Attacks HTTP_FLOOD DNS_FLOOD 13,1% 37,2% 9,8% 10,8% HYBRID_FLOOD UDP_FLOOD OTHER ICMP_FLOOD 4,1% 3,5% 3,0% 0,3% 10,2% 18,5% 50,6% ICMP+TCP+UDP ICMP+TCP+UDP+DNS ICMP+TCP TCP HYBRID Other 0,0% 5,0% 10,0% 15,0% 20,0% 25,0% 30,0% 35,0% 40,0% Figure 8 Methods of DDOS Attacks -- Source: NSFOCUS Mid-Year DDoS Threat Report 2013

Findings of DDoS Trends Findings from NSFOCUS Mid-year DDoS Threat Report 2013 : One major DDoS news event happened every two days and one common DDoS attack happened every two minutes; DDoS motives - Hacktivism tops the list; DDoS victims Most likely targets were banks, governments and enterprises; More than 68 percent of victims are suffering multiple attacks; TCP Flood and HTTP Flood remain the most popular attack methods; Most DDoS attacks are short, over 90% less than 30mins Most attacks are not very big, over 90% less than 2Gbps and 69% less than 0.2 Mpps Hybrid attacks are becoming more prevailing 91,1% 2,2% 2,2% 4,4% Hacktivism Business Crime Cyber War Other Figure 3 Causes for Major DDoS Attacks -- Source: NSFOCUS Mid-Year DDoS Threat Report 2013

The thought of DDoS mitigation from box mitigation to value-added service Mgt. & Operation NTA Multi-layered collaboration Internet Attack Mitigation Anti-DDOS Solution Traffic Monitoring 100G 10G to 40G ISP1 Data Center /MSSP ADS ADS ADS 1-10G Hosting ADS/WAF ADS 2010/2020 ADS 4020 ADS 6020 Traffic monitoring + DDoS mitigation; Out-of-path traffic diversion; CPE Web security (WAF) + Cloud cleaning service; Enable Web hosting provider become MSSP;

About NSFOCUS Regional HQ and Offices: Beijing, CN Santa Clara, US Tokyo, Japan London, UK KL, Malaysia R&D Centers Beijing Chengdu Xian Wuhan Microsoft Active Protections Program (MAPP) Partner

THANKS! Please come and talk at our booth! Info-anz@nsfocus.com gumaolin@nsfocus.com