Distributed Denial of Service attacks (DDoS) are getting larger and more sophisticated causing stress on even the largest networks and applications. ThousandEyes helps security and network operations teams to gain in-depth DNS, network and BGP visibility into DDoS events as they’re happening. Reviewing actual DDoS attacks on leading online services, we share how to:
- Visualize impact of an ongoing DDoS Attack.
- Ensure DDoS mitigation is correctly configured and working as expected.
- Provide insight into your DDoS vendor's performance, including isolating specific scrubbing centers that may be problematic.
Watch the recorded webinar with live demo here: http://ow.ly/BzALA
2. 1
About ThousandEyes
ThousandEyes delivers visibility into every network your organization relies on.
Founded by network
experts; strong
investor backing
Relied on for
critical operations by
leading enterprises
Recognized as
an innovative
new approach
31 Fortune 500
5 top 5 SaaS Companies
4 top 6 US Banks
3. 2
• Saturate bandwidth
of the target.
• Amplification
attacks.
• Easy to generate.
• Examples: TCP
Flood, NTP
Amplification
Distributed Denial of Service
• Target Layer 7 of
the protocol stack
• Monopolize
application
transactions
• Sophisticated &
challenging
• Examples: HTTP
Flood, Attack on
DNS
Volumetric Application
• Exploit a Layer 3 or
Layer 4 weakness
• Consume
processing capacity
of the target
• Examples: Syn
Flood, Ping of
Death
Protocol
4. 3
Impact of DDoS Attacks
• The target of the attack.
– Attacking critical infrastructure
can bring down the entire
Internet
– Load-balancer/firewalls
• The type of attack.
• Network architecture
• Anycast networks are more
resilient
• Redundancy
• Mitigation strategies
Well, it depends!
5. 4
Visibility Across Critical Services
Enterprise
Agents
Branch
Data
Center
Hosting / SaaS
Provider
ConsumersCloud
Agents
Internet
Visibility across
ISPs, DNS, online
DDOS mitigation,
and corporate
networks
6. 5
Mitigation Strategy 1:On-Premise
Chicago, IL
YourBank.comLondon
Tokyo
Atlanta
Portland, OR
Sydney
Appliance at network edge
monitors and mitigates
application-layer attacks
Internet EnterpriseOn-Premises DDoS
Mitigation Appliance
7. 6
Mitigation Strategy 2: ISP Collaboration
Chicago, IL
YourBank.comLondon
Tokyo
Atlanta
Portland, OR
Sydney
Attack traffic is routed by ISPs to a
remote-triggered black hole
Internet EnterpriseRemote-Triggered
Black Hole
ISP 1
ISP 2
8. 7
Mitigation Strategy 3: Cloud-based
Chicago, IL
London
Tokyo
Atlanta
Portland, OR
Sydney
Traffic is rerouted, using DNS or
BGP, to cloud-based scrubbing
centers and ‘real’ traffic is routed
back to your network
Internet EnterpriseScrubbing
Center
9. 8
Monitor For DDoS Attacks
Global Availability Layered Error Detection
Identify Bottlenecks Mitigation Performance
13. 12
Find Congested Nodes and Links
Bank website
under attackPacket loss in
upstream ISPs
High packet
loss from all
testing points
14. 13
Monitor and Visualize Mitigation Performance
Highlighted nodes indicate
mitigation vendor networks
Search for specific networks
Quickly select interesting
data points
15. 14
Confirm Mitigation Handoff Using BGP
New Autonomous
System (Verisign)
Prior
autonomous
system (HSBC)
Mitigation vendor in the forefront of the
attack by altering BGP routes to
Bank’s prefix under attack
16. 15
See what you’re missing.
Watch the webinar
www.thousandeyes.com/webinars/ddos