SlideShare a Scribd company logo

Black alps 2018-folini-d-dos

C
Christian Folini

Application Level DDoS, the Rise of CDNs and the End of the Free Internet

Internet
1 of 21
Download to read offline
Application Level DoS, The Rise of CDNs And The End of The Free Internet Christian Folini / @ChrFolini
Christian Folini: The Boring Bio • Co-Lead OWASP CRS Project • Author of the ModSecurity Handbook 2ed • Program Chair Swiss Cyber Storm Conf • Vice-President Swiss Cyber Experts Christian Folini / @ChrFolini
Table of Contents • Intro to DoS • DoS Trends • Limits of Traditional Defense Methods • Local Announcement as Alternative • Collateral Damage: The Internet Christian Folini / @ChrFolini Craziness
Confidentiality • Integrity • Availability CIA
CPU • Storage • Bandwidth DoS Targets
Postfinance • Protonmail • Digitec DDoS Attacks in CH
Trend I GROWTH
Trend II Application Level DDoS
Trend III Encryption
Decentralization • Centralization • Consolidation CDNs
Christian Folini / @ChrFolini “In a not-so-distant future, if we're not there already, it may be that if you're going to put content on the Internet you'll need to use a company with a giant network like Cloudflare, Google, Microsoft, Facebook, Amazon, or Alibaba.” Matthew Prince, CEO Cloudflare
“Within 2-3 years, there will be only 2-3 players in the world that are able to withstand the biggest DDoS attacks and protect websites on a global scale.” Damian Menscher, Google, Usenix Enigma Conference, February 2017 Christian Folini / @ChrFolini
“I think we are going to see a future where people will accept to pay money in extortion. It will be part of the costs of doing business. As an alternative, there will be a handful of expensive services that can protect you from DDoS attacks and these services effectively control what new startups will be allowed to operate on the internet.” Dr. Paul Vixie, April 2017 in Zurich Christian Folini / @ChrFolini
Integration • Directories • Encryption Keys CDN Limits
Local Userbase • ACL • Control GeoIP
Size of ACL • Carrier Bandwidth GeoIP Limits
BGP • Peering • No Route Export Local Route Announcement
Jurisdiction • IP Space as Territory • Balkanization Dystopia
• Trend I: DDoS Attacks Are Getting Bigger All The Time • Trend II: More and More Attacks are Application Level DDoS • Trend III: Widspread Use of Encryption Make Defense Harder • CDNs Are Here To Help And They Rule The Internet • Limiting BGP Route Announc. Can Guarantee Ultimate GeoIP • States May Fail To Protect Traffic Outside Their Jurisdictions Christian Folini / @ChrFolini Summary
• https://www.flickr.com/photos/nirak/29124106183 • https://www.flickr.com/photos/timdorr/63630545 • https://www.flickr.com/photos/the_ewan/3772847639 • https://www.flickr.com/photos/3336/ • https://www.flickr.com/photos/barsen/5484256163/ • https://twitter.com/letsencrypt/status/1020058447922978816 • https://www.yicaiglobal.com/news/tencent-cloud-puts-its-seoul-data-center-online • https://www.youtube.com/watch?v=aE1kA0Jy0Xg • https://alt929boston.com/2017/12/07/canadian-postal-worker-laughing-driving-recklessly/ • https://blog.cloudflare.com/why-we-terminated-daily-stormer/ Christian Folini / @ChrFolini Sources for Slides (Mostly CC) Christian Folini / @ChrFolini
• christian.folini@netnea.com • @ChrFolini • https://christian-folini.ch Christian Folini / @ChrFolini Thank you for attending my talk

Recommended

Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchainJose L. Quiñones-Borrero
 
The dark web
The dark webThe dark web
The dark webhellboytonmoy
 
darkweb
darkwebdarkweb
darkwebjojojostar
 
Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Bich (Evelyn) Chu
 
Scuba diving into The Deep Dark Web
Scuba diving into The Deep Dark WebScuba diving into The Deep Dark Web
Scuba diving into The Deep Dark Webn|u - The Open Security Community
 
Deep web and Dark web
Deep web and Dark webDeep web and Dark web
Deep web and Dark webParvez Hossain
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebJan Siy
 
Dark net (escalona)
Dark net (escalona)Dark net (escalona)
Dark net (escalona)Nico Escalona
 

Recommended

Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchainJose L. Quiñones-Borrero
 
The dark web
The dark webThe dark web
The dark webhellboytonmoy
 
darkweb
darkwebdarkweb
darkwebjojojostar
 
Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Rolling in the Deep. ISACA.SV.2016
Rolling in the Deep. ISACA.SV.2016Bich (Evelyn) Chu
 
Scuba diving into The Deep Dark Web
Scuba diving into The Deep Dark WebScuba diving into The Deep Dark Web
Scuba diving into The Deep Dark Webn|u - The Open Security Community
 
Deep web and Dark web
Deep web and Dark webDeep web and Dark web
Deep web and Dark webParvez Hossain
 
The Dark Web
The Dark WebThe Dark Web
The Dark WebJan Siy
 
Dark net (escalona)
Dark net (escalona)Dark net (escalona)
Dark net (escalona)Nico Escalona
 
Privacy Concerns related to Verifiable Claims
Privacy Concerns related to Verifiable ClaimsPrivacy Concerns related to Verifiable Claims
Privacy Concerns related to Verifiable ClaimsDavid Wood
 
Deep Web
Deep WebDeep Web
Deep WebAbishaiDas
 
Deep web
Deep webDeep web
Deep webANKIT OJHA
 
Is the Internet Fragmenting?
Is the Internet Fragmenting?Is the Internet Fragmenting?
Is the Internet Fragmenting?APNIC
 
The Idea Behind Blockchain Technology
The Idea Behind Blockchain TechnologyThe Idea Behind Blockchain Technology
The Idea Behind Blockchain TechnologyBlockchain Council
 
Inter Lab06 Bebo White 1
Inter Lab06 Bebo White 1Inter Lab06 Bebo White 1
Inter Lab06 Bebo White 1Ram Srivastava
 
Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Andrew Hammond
 
Quant & Crypto Gold
Quant & Crypto GoldQuant & Crypto Gold
Quant & Crypto GoldAndrew Hammond
 
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...InnoTech
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New... The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New...InnoTech
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS AttackRedZone Technologies
 
Exploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsExploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsJay McLaughlin
 
Network Security in the Age of the Third Platform
Network Security in the Age of the Third PlatformNetwork Security in the Age of the Third Platform
Network Security in the Age of the Third PlatformNapier University
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsKim Jensen
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
ICTSA v2
ICTSA v2ICTSA v2
ICTSA v2Donald Tabone
 
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Abzetdin Adamov
 
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re... Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...CloudCamp Chicago
 
Andy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for itAndy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for itNordic Infrastructure Conference
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Cloud Security Alliance Lviv Chapter
 

More Related Content

What's hot

Privacy Concerns related to Verifiable Claims
Privacy Concerns related to Verifiable ClaimsPrivacy Concerns related to Verifiable Claims
Privacy Concerns related to Verifiable ClaimsDavid Wood
 
Is the Internet Fragmenting?
Is the Internet Fragmenting?Is the Internet Fragmenting?
Is the Internet Fragmenting?APNIC
 
The Idea Behind Blockchain Technology
The Idea Behind Blockchain TechnologyThe Idea Behind Blockchain Technology
The Idea Behind Blockchain TechnologyBlockchain Council
 
Inter Lab06 Bebo White 1
Inter Lab06 Bebo White 1Inter Lab06 Bebo White 1
Inter Lab06 Bebo White 1Ram Srivastava
 

What's hot (6)

Privacy Concerns related to Verifiable Claims
Privacy Concerns related to Verifiable ClaimsPrivacy Concerns related to Verifiable Claims
Privacy Concerns related to Verifiable Claims
 
Deep Web
Deep WebDeep Web
Deep Web
 
Deep web
Deep webDeep web
Deep web
 
Is the Internet Fragmenting?
Is the Internet Fragmenting?Is the Internet Fragmenting?
Is the Internet Fragmenting?
 
The Idea Behind Blockchain Technology
The Idea Behind Blockchain TechnologyThe Idea Behind Blockchain Technology
The Idea Behind Blockchain Technology
 
Inter Lab06 Bebo White 1
Inter Lab06 Bebo White 1Inter Lab06 Bebo White 1
Inter Lab06 Bebo White 1
 

Similar to Black alps 2018-folini-d-dos

Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Andrew Hammond
 
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...InnoTech
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New... The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New...InnoTech
 
Exploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsExploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsJay McLaughlin
 
Network Security in the Age of the Third Platform
Network Security in the Age of the Third PlatformNetwork Security in the Age of the Third Platform
Network Security in the Age of the Third PlatformNapier University
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsKim Jensen
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Abzetdin Adamov
 
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re... Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...CloudCamp Chicago
 
Andy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for itAndy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for itNordic Infrastructure Conference
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Cloud Security Alliance Lviv Chapter
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016Melissa Krasnow
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityAPNIC
 
Progam slides | December 17, 2013 | Federal Cloud Computing Summit
Progam slides | December 17, 2013 | Federal Cloud Computing SummitProgam slides | December 17, 2013 | Federal Cloud Computing Summit
Progam slides | December 17, 2013 | Federal Cloud Computing SummitTim Harvey
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.
 

Similar to Black alps 2018-folini-d-dos (20)

Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...
 
Quant & Crypto Gold
Quant & Crypto GoldQuant & Crypto Gold
Quant & Crypto Gold
 
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New... The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New...
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
 
Exploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsExploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial Institutions
 
Network Security in the Age of the Third Platform
Network Security in the Age of the Third PlatformNetwork Security in the Age of the Third Platform
Network Security in the Age of the Third Platform
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 Threats
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
ICTSA v2
ICTSA v2ICTSA v2
ICTSA v2
 
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
 
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re... Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
 
Andy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for itAndy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for it
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivity
 
Progam slides | December 17, 2013 | Federal Cloud Computing Summit
Progam slides | December 17, 2013 | Federal Cloud Computing SummitProgam slides | December 17, 2013 | Federal Cloud Computing Summit
Progam slides | December 17, 2013 | Federal Cloud Computing Summit
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAF
 

More from Christian Folini

OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endChristian Folini
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landChristian Folini
 
Never Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectNever Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectChristian Folini
 
What’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS projectWhat’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS projectChristian Folini
 
The Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandThe Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandChristian Folini
 
EVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanEVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanChristian Folini
 
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetSecuring Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetChristian Folini
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...Christian Folini
 
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetIntroduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Christian Folini
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerGedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerChristian Folini
 
Medieval Castles and Modern Servers
Medieval Castles and Modern ServersMedieval Castles and Modern Servers
Medieval Castles and Modern ServersChristian Folini
 
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenE-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenChristian Folini
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusChristian Folini
 
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017Christian Folini
 
Introducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetIntroducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetChristian Folini
 
OWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeOWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeChristian Folini
 

More from Christian Folini (18)

OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy end
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's land
 
Never Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectNever Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP Project
 
What’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS projectWhat’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS project
 
The Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandThe Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in Switzerland
 
EVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanEVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein Fortsetzungsroman
 
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetSecuring Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
 
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
 
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetIntroduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule Set
 
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerGedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für Datenschützer
 
Medieval Castles and Modern Servers
Medieval Castles and Modern ServersMedieval Castles and Modern Servers
Medieval Castles and Modern Servers
 
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenE-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der Experten
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX Plus
 
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017
 
Introducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetIntroducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule Set
 
OWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeOWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia Mode
 

Recently uploaded

Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 

Recently uploaded (20)

Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 

Black alps 2018-folini-d-dos

  • 1. Application Level DoS, The Rise of CDNs And The End of The Free Internet Christian Folini / @ChrFolini
  • 2. Christian Folini: The Boring Bio • Co-Lead OWASP CRS Project • Author of the ModSecurity Handbook 2ed • Program Chair Swiss Cyber Storm Conf • Vice-President Swiss Cyber Experts Christian Folini / @ChrFolini
  • 3. Table of Contents • Intro to DoS • DoS Trends • Limits of Traditional Defense Methods • Local Announcement as Alternative • Collateral Damage: The Internet Christian Folini / @ChrFolini Craziness
  • 4. Confidentiality • Integrity • Availability CIA
  • 5. CPU • Storage • Bandwidth DoS Targets
  • 6. Postfinance • Protonmail • Digitec DDoS Attacks in CH
  • 10. Decentralization • Centralization • Consolidation CDNs
  • 11. Christian Folini / @ChrFolini “In a not-so-distant future, if we're not there already, it may be that if you're going to put content on the Internet you'll need to use a company with a giant network like Cloudflare, Google, Microsoft, Facebook, Amazon, or Alibaba.” Matthew Prince, CEO Cloudflare
  • 12. “Within 2-3 years, there will be only 2-3 players in the world that are able to withstand the biggest DDoS attacks and protect websites on a global scale.” Damian Menscher, Google, Usenix Enigma Conference, February 2017 Christian Folini / @ChrFolini
  • 13. “I think we are going to see a future where people will accept to pay money in extortion. It will be part of the costs of doing business. As an alternative, there will be a handful of expensive services that can protect you from DDoS attacks and these services effectively control what new startups will be allowed to operate on the internet.” Dr. Paul Vixie, April 2017 in Zurich Christian Folini / @ChrFolini
  • 14. Integration • Directories • Encryption Keys CDN Limits
  • 15. Local Userbase • ACL • Control GeoIP
  • 16. Size of ACL • Carrier Bandwidth GeoIP Limits
  • 17. BGP • Peering • No Route Export Local Route Announcement
  • 18. Jurisdiction • IP Space as Territory • Balkanization Dystopia
  • 19. • Trend I: DDoS Attacks Are Getting Bigger All The Time • Trend II: More and More Attacks are Application Level DDoS • Trend III: Widspread Use of Encryption Make Defense Harder • CDNs Are Here To Help And They Rule The Internet • Limiting BGP Route Announc. Can Guarantee Ultimate GeoIP • States May Fail To Protect Traffic Outside Their Jurisdictions Christian Folini / @ChrFolini Summary
  • 20. • https://www.flickr.com/photos/nirak/29124106183 • https://www.flickr.com/photos/timdorr/63630545 • https://www.flickr.com/photos/the_ewan/3772847639 • https://www.flickr.com/photos/3336/ • https://www.flickr.com/photos/barsen/5484256163/ • https://twitter.com/letsencrypt/status/1020058447922978816 • https://www.yicaiglobal.com/news/tencent-cloud-puts-its-seoul-data-center-online • https://www.youtube.com/watch?v=aE1kA0Jy0Xg • https://alt929boston.com/2017/12/07/canadian-postal-worker-laughing-driving-recklessly/ • https://blog.cloudflare.com/why-we-terminated-daily-stormer/ Christian Folini / @ChrFolini Sources for Slides (Mostly CC) Christian Folini / @ChrFolini
  • 21. • christian.folini@netnea.com • @ChrFolini • https://christian-folini.ch Christian Folini / @ChrFolini Thank you for attending my talk