SlideShare ist ein Scribd-Unternehmen logo

DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-dots-use-cases-00

ShortestPathFirst
ShortestPathFirst

Presentation given by Roland Dobbins covering our recent draft of use case scenarios for use in DDoS Open Threat Signaling. This presentation was given on Nov. 3rd, 2015 at IETF 94 in Yokohama, Japan.

Internet
1 von 75
Downloaden Sie, um offline zu lesen
DOTS WG draft-ietf-dots-use-cases-00 DDoS Open Threat Signaling (DOTS) Working Group Roland  Dobbins    –  Arbor  Networks   Stefan  Fouant  –  Corero  Network  Security   Daniel  Migault  –  Ericsson   Robert  Moskowitz  –  HTT  ConsulAng   Nik  Teague  –  Verisign   Liang  ‘Frank’  Xia  –  Huawei  
DOTS WG2   IntroducAon  &  Context  
DOTS WG3   draft-ietf-dots-use-cases-00 Summary •  Provides example use-cases for DOTS (actually, categories). •  All examples can be CE/PE or PE/PE. •  Room for wide variation within each category (see 4.1.1). •  All DOTS communications in each example can be directly between DOTS servers and DOTS clients, or mediated by DOTS relays. •  DOTS relays can forward messages between DOTS clients and servers using either stateless transport, stateful transport, or a combination of the two. •  DOTS relays can aggregate service requests, status messages, and responses. •  DOTS relays can filter service requests, status messages, and responses
DOTS WG4   draft-ietf-dots-use-cases-00 Summary (cont.) •  Use-cases in -00 are not exhaustive, are illustrative. •  Use-cases in -00 focus on DDoS mitigation using dedicated mitigation devices. S/RTBH, flowspec, OpenFlow, etc. can also be used to leverage network infrastructure for DDoS mitigation. •  4.1.1 use-case in this presentation illustrates full DOTS communications cycle, variants. •  Other use-cases in this presentation are summarized ‘diffs’ illustrating DOTS communications model in widely varying circumstances. •  Use-cases in this presentation focus on protecting servers under DDoS attack on destination networks. DOTS can also be used to suppress attack traffic on origin networks or as it traverses intermediary networks.
DOTS WG5   4.1  -­‐  Primary  Use  Cases  
DOTS WG6   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  CPE  or  PE  MiAgators  Request   Upstream  DDoS  MiAgaAon  
DOTS WG7  
DOTS WG8  
DOTS WG9  
DOTS WG10  
DOTS WG11   DDoS  a&ack  ini+ated.  
DOTS WG12   A&ack  mi+gated     on-­‐prem.  
DOTS WG13   On-­‐prem  mi+ga+on     capacity  exceeded.  
DOTS WG14   On-­‐prem  mi+ga+on     capacity  exceeded.  
DOTS WG15   DOTS  client  signals   for  upstream  mi+ga+on.  
DOTS WG16   DOTS  server  acknowledges     mi+ga+on  request,   mi+ga+on  ini+ated.  
DOTS WG17   Mi+ga+on  in  progress.  
DOTS WG18   Status  messages   exhanged  during   mi+ga+on  –  efficacy,   mi+ga+on  status,  etc.  
DOTS WG19   A&ack  terminated.  
DOTS WG20   Mi+ga+on  status  change   message  transmi&ed.  
DOTS WG21   Mi+ga+on  termina+on   service  request.  
DOTS WG22   Mi+ga+on  termina+on   service  acknowledgement.  
DOTS WG23   Mi+ga+on  terminated,   return  to  status  quo  ante.  
DOTS WG24   DOTS  communica+on   rela+onships.  
DOTS WG25   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  VariaAon  with  DOTS  Relay   MediaAng  CommunicaAons  
DOTS WG26  
DOTS WG27  
DOTS WG28   Mi+ga+on  in  progress.  
DOTS WG29   Mi+ga+on  in  progress.  
DOTS WG30   DOTS  communica+on   rela+onships.  
DOTS WG31   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  VariaAon  with  Overlay  DDoS   MiAgaAon  Service  Provider  
DOTS WG32  
DOTS WG33   Mi+ga+on  in  progress.  
DOTS WG34   DOTS  communica+on   rela+onships.  
DOTS WG35   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  VariaAon  with  MulAple   Upstream  DDoS  MiAgaAon  Providers  
DOTS WG36  
DOTS WG37   Mi+ga+on  in  progress.  
DOTS WG38   Mi+ga+on  status     messaging  between   providers.  
DOTS WG39   DOTS  communica+on   rela+onships.  
DOTS WG40   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.2  –  Network  Infrastructure   Device  Requests  Upstream  DDoS   MiAgaAon  
DOTS WG41  
DOTS WG42   Mi+ga+on  in  progress.  
DOTS WG43   DOTS  communica+on   rela+onships.  
DOTS WG44   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.3  –  AYack  Telemetry  DetecAon/ ClassificaAon  System  Requests  Upstream   DDoS  MiAgaAon  
DOTS WG45  
DOTS WG46   Mi+ga+on  in  progress.  
DOTS WG47   DOTS  communica+on   rela+onships.  
DOTS WG48   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.4  –  Targeted  Service/ApplicaAon   Requests  Upstream  DDoS  MiAgaAon  
DOTS WG49  
DOTS WG50   Mi+ga+on  in  progress.  
DOTS WG51   DOTS  communica+on   rela+onships.  
DOTS WG52   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.5  –  Manual  Web  Portal  Request   to  Upstream  MiAgator  
DOTS WG53  
DOTS WG54   Mi+ga+on  in  progress.   HTTP/S  between  Web   browser  &  DOTS  client   on  Web  portal.  
DOTS WG55   Mi+ga+on  in  progress.   HTTP/S  between  Web   browser  &  DOTS  client   on  Web  portal.  
DOTS WG56   Communica+on   rela+onships.  DOTS   on  upstream  mi+ga+on   network  only.  
DOTS WG57   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.6  –  Manual  Mobile  Device   ApplicaAon  Request  to  Upstream   MiAgator    
DOTS WG58  
DOTS WG59   Mi+ga+on  in  progress.  
DOTS WG60   DOTS  communica+on   rela+onships.  
DOTS WG61   s ReflecAon/AmplificaAon   DDoS  AYacks   4.1.7  –  Unsuccessful  CPE  or  PE   MiAgator  Request  for  Upstream   DDoS  MiAgaAon  
DOTS WG62  
DOTS WG63   Mi+ga+on  in     progress.  
DOTS WG64   Another  a&ack   ini+ated,  different   target.  
DOTS WG65   Mi+ga+on   service  request   refused  due  to   mi+ga+on  capacity   constraints.  
DOTS WG66   DOTS  communica+on   rela+onships.  
DOTS WG67   4.2  -­‐  Ancillary  Use  Cases  
DOTS WG68   4.2.1 – Auto-Registration •  Beyond attack mitigation requests, responses, and status messages, DOTS can also be useful for administrative tasks. •  Administrative tasks are a significant barrier to effective DDoS mitigation. •  DOTS clients with appropriate credentials can auto-register with DOTS servers on upstream mitigation networks. •  This helps with DDoS mitigation service on-boarding, moves/adds/changes.
DOTS WG69   4.2.2 – Automatic Provisioning of DDoS Countermeasures •  DDoS countermeasure provisioning today is a largely manual process, errors and inefficiency can be problematic. •  This can lead to inadequately-provisioned DDoS mitigation services which often are not optimized for the assets under DDoS protection. Mitigation rapidity, efficacy suffers. •  On-boarding organizations during an attack – an all-too- common situation – can be very challenging. •  The ‘self-descriptive’ nature of DOTS registration and mitigation status requests can be leveraged to automate the countermeasure selection, provisioning, and tuning process. •  Mitigation efficacy feedback from DOTS clients to DOTS servers during an attack can be leveraged for real-time mitigation tuning and optimization.
DOTS WG70   4.2.3 – Informational DDoS Attack Notification to Third Parties •  In addition to service requests from organizations under attack to upstream mitigators, DOTS can be used to send DDoS attack notification and status messages to interested and authorized third parties. •  It may be beneficial in some circumstances to automatically provide attack notifications and status messages econdary or tertiary ‘backup’ mitigation providers, security researchers, vendors, law enforcement agencies, regulatory agencies, etc. •  Any such sharing of information with third parties should only take place in accordance with all relevant laws, regulations, contractual obligations, privacy and confidentiality agreements.
DOTS WG71   s ReflecAon/AmplificaAon   DDoS  AYacks   Next  Steps  for  Use-­‐Cases   Drac  
DOTS WG72   To-Do List for draft-dots-ietf-use-cases-01 •  Fix typos (doh!). •  Remove duplicative verbiage. •  Wordsmith phrasing for clarity. •  Present use-cases via ‘diffs’ – i.e., refer to commonalities with other use-cases, emphasize specific factors unique to each use-case. •  Reconcile definitions of terminology with dots-ietf- requirements draft. •  Add use-cases illustrating suppression of DDoS attack traffic on origin networks, filtering on intermediate networks. •  Add use-cases illustrating specific PE-PE scenarios (e.g., ‘overflow’ requests for additional DDoS mitigation capacity, etc.).
DOTS WG73   Request for Feedback from WG Participants •  What should we add? •  What should we remove? •  What should we change? •  Should we include variations (via ‘diffs’) on each use-case similar to what was done with 4.1.1 in this presentation? •  Other input?
DOTS WG This Presentation – http://bit.ly/1N6u8za
DOTS WG Thank you! DDoS Open Threat Signaling (DOTS) Working Group Roland  Dobbins    –  Arbor  Networks   Stefan  Fouant  –  Corero  Network  Security   Daniel  Migault  –  Ericsson   Robert  Moskowitz  –  HTT  ConsulAng   Nik  Teague  –  Verisign   Liang  ‘Frank’  Xia  –  Huawei  

Empfohlen

10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation TechniquesIntruGuard
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)btpsec
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNChao Chen
 
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Bangladesh Network Operators Group
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksAcquia
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 

Empfohlen

10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation TechniquesIntruGuard
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)btpsec
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNChao Chen
 
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Bangladesh Network Operators Group
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksAcquia
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationJerod Brennen
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and RiskSukbum Hong
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDNVishal Vasudev
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Suzanne Aldrich
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationCloudflare
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and MitigationDevang Badrakiya
 
Time-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerTime-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerLippo Group Digital
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOGZobair Khan
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
What is DDoS ?
What is DDoS ?What is DDoS ?
What is DDoS ?Vikas Phonsa
 
What is ddos attack
What is ddos attackWhat is ddos attack
What is ddos attackDosarrest007
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
DDoS Attack
DDoS AttackDDoS Attack
DDoS AttackGopi Krishnan S
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
Testing High Performance Firewalls
Testing High Performance FirewallsTesting High Performance Firewalls
Testing High Performance FirewallsIxia
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksMyNOG
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
IP Routing Tutorial
IP Routing TutorialIP Routing Tutorial
IP Routing TutorialShortestPathFirst
 

Weitere ähnliche Inhalte

Was ist angesagt?

DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationJerod Brennen
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and RiskSukbum Hong
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDNVishal Vasudev
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Suzanne Aldrich
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationCloudflare
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and MitigationDevang Badrakiya
 
Time-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerTime-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerLippo Group Digital
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
What is ddos attack
What is ddos attackWhat is ddos attack
What is ddos attackDosarrest007
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
Testing High Performance Firewalls
Testing High Performance FirewallsTesting High Performance Firewalls
Testing High Performance FirewallsIxia
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksMyNOG
 

Was ist angesagt? (20)

DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDN
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and Mitigation
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and Mitigation
 
Time-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerTime-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN Controller
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOG
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
What is DDoS ?
What is DDoS ?What is DDoS ?
What is DDoS ?
 
What is ddos attack
What is ddos attackWhat is ddos attack
What is ddos attack
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
DDoS Attack
DDoS AttackDDoS Attack
DDoS Attack
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
Testing High Performance Firewalls
Testing High Performance FirewallsTesting High Performance Firewalls
Testing High Performance Firewalls
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacks
 

Andere mochten auch

An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overviewBAKOTECH
 
Return on Security Investment
Return on Security InvestmentReturn on Security Investment
Return on Security InvestmentConferencias FIST
 

Andere mochten auch (6)

An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow Spec
 
IP Routing Tutorial
IP Routing TutorialIP Routing Tutorial
IP Routing Tutorial
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overview
 
Return on Security Investment
Return on Security InvestmentReturn on Security Investment
Return on Security Investment
 
Connecting the dots
Connecting the dotsConnecting the dots
Connecting the dots
 

Ähnlich wie DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-dots-use-cases-00

The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCCloudflare
 
Solution_Use_Case_-_DDoS_Incident_Monitoring.pdf
Solution_Use_Case_-_DDoS_Incident_Monitoring.pdfSolution_Use_Case_-_DDoS_Incident_Monitoring.pdf
Solution_Use_Case_-_DDoS_Incident_Monitoring.pdfمنیزہ ہاشمی
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
IMPROVING DDOS DETECTION IN IOT DEVICES
IMPROVING DDOS DETECTION IN IOT DEVICESIMPROVING DDOS DETECTION IN IOT DEVICES
IMPROVING DDOS DETECTION IN IOT DEVICESIRJET Journal
 
The role of DDoS Providers
The role of DDoS ProvidersThe role of DDoS Providers
The role of DDoS ProvidersNeil Hinton
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceCloudflare
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
DDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkDDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkHaltdos
 
DDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxDDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxShaimKibria
 
DDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosDDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosHaltdos
 
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...IRJET Journal
 
DDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customersDDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customersStephanie Weagle
 
The Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThe Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThousandEyes
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Infradata
 
DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.Глеб Хохлов
 
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyBKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyNexusguard
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...MazeBolt Technologies
 

Ähnlich wie DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-dots-use-cases-00 (20)

The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
 
Solution_Use_Case_-_DDoS_Incident_Monitoring.pdf
Solution_Use_Case_-_DDoS_Incident_Monitoring.pdfSolution_Use_Case_-_DDoS_Incident_Monitoring.pdf
Solution_Use_Case_-_DDoS_Incident_Monitoring.pdf
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
 
IMPROVING DDOS DETECTION IN IOT DEVICES
IMPROVING DDOS DETECTION IN IOT DEVICESIMPROVING DDOS DETECTION IN IOT DEVICES
IMPROVING DDOS DETECTION IN IOT DEVICES
 
The role of DDoS Providers
The role of DDoS ProvidersThe role of DDoS Providers
The role of DDoS Providers
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
DDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkDDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT Network
 
DDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxDDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptx
 
DDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosDDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-Haltdos
 
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
 
Final report
Final reportFinal report
Final report
 
DDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customersDDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customers
 
The Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThe Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and Takeaways
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)
 
DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.
 
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyBKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
 
Data Center Trends And Network Security Impact
Data Center Trends And Network Security ImpactData Center Trends And Network Security Impact
Data Center Trends And Network Security Impact
 
Apani UK GCSx Co-Co Compliance
Apani UK GCSx Co-Co ComplianceApani UK GCSx Co-Co Compliance
Apani UK GCSx Co-Co Compliance
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
 

Kürzlich hochgeladen

Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxBipin Adhikari
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 

Kürzlich hochgeladen (20)

Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptx
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 

DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-dots-use-cases-00

  • 1. DOTS WG draft-ietf-dots-use-cases-00 DDoS Open Threat Signaling (DOTS) Working Group Roland  Dobbins    –  Arbor  Networks   Stefan  Fouant  –  Corero  Network  Security   Daniel  Migault  –  Ericsson   Robert  Moskowitz  –  HTT  ConsulAng   Nik  Teague  –  Verisign   Liang  ‘Frank’  Xia  –  Huawei  
  • 2. DOTS WG2   IntroducAon  &  Context  
  • 3. DOTS WG3   draft-ietf-dots-use-cases-00 Summary •  Provides example use-cases for DOTS (actually, categories). •  All examples can be CE/PE or PE/PE. •  Room for wide variation within each category (see 4.1.1). •  All DOTS communications in each example can be directly between DOTS servers and DOTS clients, or mediated by DOTS relays. •  DOTS relays can forward messages between DOTS clients and servers using either stateless transport, stateful transport, or a combination of the two. •  DOTS relays can aggregate service requests, status messages, and responses. •  DOTS relays can filter service requests, status messages, and responses
  • 4. DOTS WG4   draft-ietf-dots-use-cases-00 Summary (cont.) •  Use-cases in -00 are not exhaustive, are illustrative. •  Use-cases in -00 focus on DDoS mitigation using dedicated mitigation devices. S/RTBH, flowspec, OpenFlow, etc. can also be used to leverage network infrastructure for DDoS mitigation. •  4.1.1 use-case in this presentation illustrates full DOTS communications cycle, variants. •  Other use-cases in this presentation are summarized ‘diffs’ illustrating DOTS communications model in widely varying circumstances. •  Use-cases in this presentation focus on protecting servers under DDoS attack on destination networks. DOTS can also be used to suppress attack traffic on origin networks or as it traverses intermediary networks.
  • 5. DOTS WG5   4.1  -­‐  Primary  Use  Cases  
  • 6. DOTS WG6   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  CPE  or  PE  MiAgators  Request   Upstream  DDoS  MiAgaAon  
  • 11. DOTS WG11   DDoS  a&ack  ini+ated.  
  • 12. DOTS WG12   A&ack  mi+gated     on-­‐prem.  
  • 13. DOTS WG13   On-­‐prem  mi+ga+on     capacity  exceeded.  
  • 14. DOTS WG14   On-­‐prem  mi+ga+on     capacity  exceeded.  
  • 15. DOTS WG15   DOTS  client  signals   for  upstream  mi+ga+on.  
  • 16. DOTS WG16   DOTS  server  acknowledges     mi+ga+on  request,   mi+ga+on  ini+ated.  
  • 17. DOTS WG17   Mi+ga+on  in  progress.  
  • 18. DOTS WG18   Status  messages   exhanged  during   mi+ga+on  –  efficacy,   mi+ga+on  status,  etc.  
  • 19. DOTS WG19   A&ack  terminated.  
  • 20. DOTS WG20   Mi+ga+on  status  change   message  transmi&ed.  
  • 21. DOTS WG21   Mi+ga+on  termina+on   service  request.  
  • 22. DOTS WG22   Mi+ga+on  termina+on   service  acknowledgement.  
  • 23. DOTS WG23   Mi+ga+on  terminated,   return  to  status  quo  ante.  
  • 24. DOTS WG24   DOTS  communica+on   rela+onships.  
  • 25. DOTS WG25   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  VariaAon  with  DOTS  Relay   MediaAng  CommunicaAons  
  • 28. DOTS WG28   Mi+ga+on  in  progress.  
  • 29. DOTS WG29   Mi+ga+on  in  progress.  
  • 30. DOTS WG30   DOTS  communica+on   rela+onships.  
  • 31. DOTS WG31   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  VariaAon  with  Overlay  DDoS   MiAgaAon  Service  Provider  
  • 33. DOTS WG33   Mi+ga+on  in  progress.  
  • 34. DOTS WG34   DOTS  communica+on   rela+onships.  
  • 35. DOTS WG35   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  VariaAon  with  MulAple   Upstream  DDoS  MiAgaAon  Providers  
  • 37. DOTS WG37   Mi+ga+on  in  progress.  
  • 38. DOTS WG38   Mi+ga+on  status     messaging  between   providers.  
  • 39. DOTS WG39   DOTS  communica+on   rela+onships.  
  • 40. DOTS WG40   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.2  –  Network  Infrastructure   Device  Requests  Upstream  DDoS   MiAgaAon  
  • 42. DOTS WG42   Mi+ga+on  in  progress.  
  • 43. DOTS WG43   DOTS  communica+on   rela+onships.  
  • 44. DOTS WG44   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.3  –  AYack  Telemetry  DetecAon/ ClassificaAon  System  Requests  Upstream   DDoS  MiAgaAon  
  • 46. DOTS WG46   Mi+ga+on  in  progress.  
  • 47. DOTS WG47   DOTS  communica+on   rela+onships.  
  • 48. DOTS WG48   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.4  –  Targeted  Service/ApplicaAon   Requests  Upstream  DDoS  MiAgaAon  
  • 50. DOTS WG50   Mi+ga+on  in  progress.  
  • 51. DOTS WG51   DOTS  communica+on   rela+onships.  
  • 52. DOTS WG52   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.5  –  Manual  Web  Portal  Request   to  Upstream  MiAgator  
  • 54. DOTS WG54   Mi+ga+on  in  progress.   HTTP/S  between  Web   browser  &  DOTS  client   on  Web  portal.  
  • 55. DOTS WG55   Mi+ga+on  in  progress.   HTTP/S  between  Web   browser  &  DOTS  client   on  Web  portal.  
  • 56. DOTS WG56   Communica+on   rela+onships.  DOTS   on  upstream  mi+ga+on   network  only.  
  • 57. DOTS WG57   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.6  –  Manual  Mobile  Device   ApplicaAon  Request  to  Upstream   MiAgator    
  • 59. DOTS WG59   Mi+ga+on  in  progress.  
  • 60. DOTS WG60   DOTS  communica+on   rela+onships.  
  • 61. DOTS WG61   s ReflecAon/AmplificaAon   DDoS  AYacks   4.1.7  –  Unsuccessful  CPE  or  PE   MiAgator  Request  for  Upstream   DDoS  MiAgaAon  
  • 63. DOTS WG63   Mi+ga+on  in     progress.  
  • 64. DOTS WG64   Another  a&ack   ini+ated,  different   target.  
  • 65. DOTS WG65   Mi+ga+on   service  request   refused  due  to   mi+ga+on  capacity   constraints.  
  • 66. DOTS WG66   DOTS  communica+on   rela+onships.  
  • 67. DOTS WG67   4.2  -­‐  Ancillary  Use  Cases  
  • 68. DOTS WG68   4.2.1 – Auto-Registration •  Beyond attack mitigation requests, responses, and status messages, DOTS can also be useful for administrative tasks. •  Administrative tasks are a significant barrier to effective DDoS mitigation. •  DOTS clients with appropriate credentials can auto-register with DOTS servers on upstream mitigation networks. •  This helps with DDoS mitigation service on-boarding, moves/adds/changes.
  • 69. DOTS WG69   4.2.2 – Automatic Provisioning of DDoS Countermeasures •  DDoS countermeasure provisioning today is a largely manual process, errors and inefficiency can be problematic. •  This can lead to inadequately-provisioned DDoS mitigation services which often are not optimized for the assets under DDoS protection. Mitigation rapidity, efficacy suffers. •  On-boarding organizations during an attack – an all-too- common situation – can be very challenging. •  The ‘self-descriptive’ nature of DOTS registration and mitigation status requests can be leveraged to automate the countermeasure selection, provisioning, and tuning process. •  Mitigation efficacy feedback from DOTS clients to DOTS servers during an attack can be leveraged for real-time mitigation tuning and optimization.
  • 70. DOTS WG70   4.2.3 – Informational DDoS Attack Notification to Third Parties •  In addition to service requests from organizations under attack to upstream mitigators, DOTS can be used to send DDoS attack notification and status messages to interested and authorized third parties. •  It may be beneficial in some circumstances to automatically provide attack notifications and status messages econdary or tertiary ‘backup’ mitigation providers, security researchers, vendors, law enforcement agencies, regulatory agencies, etc. •  Any such sharing of information with third parties should only take place in accordance with all relevant laws, regulations, contractual obligations, privacy and confidentiality agreements.
  • 71. DOTS WG71   s ReflecAon/AmplificaAon   DDoS  AYacks   Next  Steps  for  Use-­‐Cases   Drac  
  • 72. DOTS WG72   To-Do List for draft-dots-ietf-use-cases-01 •  Fix typos (doh!). •  Remove duplicative verbiage. •  Wordsmith phrasing for clarity. •  Present use-cases via ‘diffs’ – i.e., refer to commonalities with other use-cases, emphasize specific factors unique to each use-case. •  Reconcile definitions of terminology with dots-ietf- requirements draft. •  Add use-cases illustrating suppression of DDoS attack traffic on origin networks, filtering on intermediate networks. •  Add use-cases illustrating specific PE-PE scenarios (e.g., ‘overflow’ requests for additional DDoS mitigation capacity, etc.).
  • 73. DOTS WG73   Request for Feedback from WG Participants •  What should we add? •  What should we remove? •  What should we change? •  Should we include variations (via ‘diffs’) on each use-case similar to what was done with 4.1.1 in this presentation? •  Other input?
  • 74. DOTS WG This Presentation – http://bit.ly/1N6u8za
  • 75. DOTS WG Thank you! DDoS Open Threat Signaling (DOTS) Working Group Roland  Dobbins    –  Arbor  Networks   Stefan  Fouant  –  Corero  Network  Security   Daniel  Migault  –  Ericsson   Robert  Moskowitz  –  HTT  ConsulAng   Nik  Teague  –  Verisign   Liang  ‘Frank’  Xia  –  Huawei