SlideShare ist ein Scribd-Unternehmen logo

DDoS Attacks - Scenery, Evolution and Mitigation

Wilson Rogerio Lopes
Wilson Rogerio Lopes

Presented at LACNIC 2016 meeting - Costa Rica

Internet
1 von 22
Downloaden Sie, um offline zu lesen
Wilson Rogério Lopes LACNIC 26 / LACNOG 2016 09/2016 DDoS Attacks Scenery, Evolution and Mitigation
Wilson Rogério Lopes • Network Engineer Specialist, with 12 years of experience in the internet industry • Postgraduate degree from University of Sao Paulo – USP • Frequent speaker at GTER and GTS – Network engineering and security groups of Brazil, talking about network engineering, DDoS mitigation, DNS and DNSSEC • Interests – Network architecture and network security, IaaS, SDN, DNS, DNSSEC Contacts – wilsonlopes00@gmail.com https://br.linkedin.com/in/wrlopes
Disclaimer All information and opinions contained in this presentation does not represent my employer. All information and stats presented is public, collected from blogs and specialized sites on the internet.
Agenda • DDoS – Scenery and Evolution • Mitigation – Options and Applicability • General Recomendations
“DDoS is a new spam…and it’s everyone’s problem now.”
Technical Details Behind a 400Gbps NTP Amplification DDoS Attack 13 Feb 2014 by Matthew Prince http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack/ “To generate approximately 400Gbps of traffic, the attacker used 4,529 NTP servers running on 1,298 different networks. On average, each of these servers sent 87Mbps of traffic to the intended victim on CloudFlare's network. Remarkably, it is possible that the attacker used only a single server running on a network that allowed source IP address spoofing to initiate the requests.”
Source: Atlas Arbor Networks
SSDP - Simple Service Discovery Protocol • UDP port 1900 • “Search” Request • Amplification factor – 30x • 8 million of opened devices around the world Source: https://ssdpscan.shadowserver.org/
2016 - IoT – CCTV Botnet • CCTV devices – telnet, admin with default passwd • At least 70 vendors running the same linux embedded • Lizard Squad – Bot LizardStresser • 400Gbps of volumetry – without amplification HTTP Request flood, tcp connections flood, udp flood Source: https://www.arbornetworks.com/blog/asert/lizard-brain-lizardstresser/
2016 – Rio Olympic Games Start of IoT botnet activity • 540Gbps sustained • Targets – Sponsors, government sites, financial institutions • Use of GRE to bypass the mitigations Fonte: https://www.arbornetworks.com/blog/asert/lizard-brain-lizardstresser/
2016 – 21/09 – Retaliation and Censorship • vDOS from Israel identified and owners were arrested • Reported by Brian Krebs - http://krebsonsecurity.com/about/ • 665Gbps – 143Mpps – Without amplification !
2016 – 25/09 – Google Project Shield #dig krebsonsecurity.com. krebsonsecurity.com. 246 IN A 130.211.45.45 CIDR: 130.211.0.0/16 NetName: GOOGLE-CLOUD
DDoS Attacks – IPv6 Source: Arbor 2016 Worldwide Infrastructure Security Report • 354 Service Providers interviewed • 70% answered that have IPv6 deployed 2015 – 2% at least 1 DDoS attack 2016 – 9% Biggest volumetry - 6Gbps
Mitigation – Team Cymru UTRS BGP Peering x.x.x.x/32 announce • UTRS - Unwanted Traffic Removal Service • Destination RTBH multihop – BGP • AS victim annouces the ip under attack • Authenticity verified – whois and peering db • The attack is blocked in the source AS • Restricted to /32 prefixes • More participants, more efficacy Recommended • Internet service providers for home users One or more user will lost the connectivity, but the provider remains up Maybe recommended.... ISPs, Content Providers, Hosting Providers Client Services unavailable (news home, e-commerce basket, bakline page) UTRS AS 1234 Network Under Attack Destination: x.x.x.x/32 Upstream 1 Upstream 2 AS YYYY route x.x.x.x/32 null0 AS XXXX route x.x.x.x/32 null0 BGP update BGP update Attack Traffic
Mitigation – Clean Pipe IP Transit Providers PE Provider CPE Client Cleaning Center • Normal Traffic • Attack Traffic • Cleaned Traffic • Detection via Netflow • Start a more specific announce of ip/prefix under attack • The traffic will be “cleaned” using: - Syn cookies / Syn Auth - Static filters : drop proto udp and src port 1900 drop proto udp and src port 123 - Rate Limit per src/dst prefix and ports - Protocol Authentication - Payload regular expressions - TCP connection limit - Rate limit or drops using GeoIP
Mitigation – Cloud DDoS Mitigation Service Providers PE Provider CPE Client • Normal Traffic • Attack Traffic • Cleaned Traffic • GRE tunnel between client and provider • BGP session under gre tunnel • Detection via Netflow • Start a more specific announce of ip/prefix under attack • Cloud Provider annouce to your upstreams • All the input traffic will be via Cloud Provider Network • Block of layer 3 and 4 attacks • Additionaly, WAF services Cloud Provider Network BGP GRE GRE Pros • Capacity of mitigation – Tbps • Easy implementation, without changes in the client network Cons • Latency • GRE and MSS –MSS, TCP DF bit setted Inbound traffic Outbound traffic
Mitigation Layer 7 – Load Balancers • L7 HTTP/HTTPS Floods - Rate limit client IP, destination URL, destination URI - HTTP header analisys Check of User Agent Check of Referer Validation if client is a browser: - Cookie insertion - JS insertion Validation if client is a human: - Captcha insertion
Mitigation – Home Made • Iptables SynProxy Kernel 3.13, Red Hat 7 iptables -t raw -I PREROUTING -p tcp -m tcp --syn -j CT –notrack iptables -I INPUT -p tcp -m tcp -m conntrack –ctstate UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
Mitigation – Home Made • Mod Evasive Rate limit client IP, destination URL, destination URI DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 60 DOSEmailNotify admin@example.org
Mitigation – Home Made • Mod Security WAF – Monitoring, Log and Block OWASP Core rules - https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project Protocol violation RBL Block of floods e slow attacks Bot, crowler and scan detection
Mitigation – General Recomendations • Use Hybrid strategy Block l3/l4 attacks os the service provider Block l7 attacks using on-premisse solutions • Monitoring systems focused on DDoS detection • Configure Control Plane Policy. Use filters to block traffic to control plane of network devices • Don’t use the same prefixes to infrastructure and clients • Keep the mitigation easy – WEB Servers separated of DNS Servers, etc.... • Use anycast as possible – our old and good friend  • Get away of statefull controls on the edge (Firewalls, IPS, etc). Use only where is necessary.
References • CERT.BR - Recomendações para Melhorar o Cenário de Ataques Distribuídos de Negação de Serviço (DDoS) http://www.cert.br/docs/whitepapers/ddos/ • Mod Evasive - http://www.zdziarski.com/blog/?page_id=442 • Mod Security - https://www.modsecurity.org/ • Iptables SynProxy - http://rhelblog.redhat.com/2014/04/11/mitigate-tcp-syn-flood-attacks-with-red-hat- enterprise-linux-7-beta/ • UTRS - https://www.cymru.com/jtk/misc/utrs.html • Google Project Shield - https://projectshield.withgoogle.com/public

Empfohlen

Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
9534715
95347159534715
9534715Pavel Odintsov
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSPavel Odintsov
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Jon Nield FastNetMon
Jon Nield FastNetMonJon Nield FastNetMon
Jon Nield FastNetMonPavel Odintsov
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 

Empfohlen

Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
9534715
95347159534715
9534715Pavel Odintsov
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSPavel Odintsov
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Jon Nield FastNetMon
Jon Nield FastNetMonJon Nield FastNetMon
Jon Nield FastNetMonPavel Odintsov
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresPavel Odintsov
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossPavel Odintsov
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaPavel Odintsov
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonPavel Odintsov
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesLogan Best
 
Make the internet safe with DNS Firewall
Make the internet safe with DNS FirewallMake the internet safe with DNS Firewall
Make the internet safe with DNS FirewallBangladesh Network Operators Group
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressBangladesh Network Operators Group
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahNull 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahnullowaspmumbai
 
FastNetMonを試してみた
FastNetMonを試してみたFastNetMonを試してみた
FastNetMonを試してみたYutaka Ishizaki
 
Route Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachRoute Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachBangladesh Network Operators Group
 
DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentPavel Odintsov
 
Ataques DDoS - Panorama, Mitigação e Evolução
Ataques DDoS - Panorama, Mitigação e EvoluçãoAtaques DDoS - Panorama, Mitigação e Evolução
Ataques DDoS - Panorama, Mitigação e EvoluçãoWilson Rogerio Lopes
 
Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...
Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...
Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...Wilson Rogerio Lopes
 
R&T Company Profile
R&T Company ProfileR&T Company Profile
R&T Company Profiledrivalda
 

Weitere ähnliche Inhalte

Was ist angesagt?

FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresPavel Odintsov
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossPavel Odintsov
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaPavel Odintsov
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonPavel Odintsov
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesLogan Best
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahNull 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahnullowaspmumbai
 
FastNetMonを試してみた
FastNetMonを試してみたFastNetMonを試してみた
FastNetMonを試してみたYutaka Ishizaki
 
DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentPavel Odintsov
 

Was ist angesagt? (19)

FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection tool
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And Mitigation
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP Infrastructures
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_voss
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container Technology
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
 
Make the internet safe with DNS Firewall
Make the internet safe with DNS FirewallMake the internet safe with DNS Firewall
Make the internet safe with DNS Firewall
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP address
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow Spec
 
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahNull 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
 
FastNetMonを試してみた
FastNetMonを試してみたFastNetMonを試してみた
FastNetMonを試してみた
 
Route Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachRoute Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS Approach
 
DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environment
 

Andere mochten auch

Ataques DDoS - Panorama, Mitigação e Evolução
Ataques DDoS - Panorama, Mitigação e EvoluçãoAtaques DDoS - Panorama, Mitigação e Evolução
Ataques DDoS - Panorama, Mitigação e EvoluçãoWilson Rogerio Lopes
 
Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...
Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...
Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...Wilson Rogerio Lopes
 
R&T Company Profile
R&T Company ProfileR&T Company Profile
R&T Company Profiledrivalda
 
TeamTILT for Nagios - Graphical based installation Guide
TeamTILT for Nagios - Graphical based installation GuideTeamTILT for Nagios - Graphical based installation Guide
TeamTILT for Nagios - Graphical based installation GuideTeamTILT
 
10 group presentation
10 group presentation10 group presentation
10 group presentationlunacy101
 
DNSSEC -Provisioning and Automatization using Bind
DNSSEC -Provisioning and Automatization using BindDNSSEC -Provisioning and Automatization using Bind
DNSSEC -Provisioning and Automatization using BindWilson Rogerio Lopes
 
А.Кумаков Apiship eRetailForum2015
А.Кумаков Apiship eRetailForum2015А.Кумаков Apiship eRetailForum2015
А.Кумаков Apiship eRetailForum2015InSales
 
História em quadrinhos
História em quadrinhosHistória em quadrinhos
História em quadrinhosSérgio Lima
 
Songwriting Unleashed
Songwriting UnleashedSongwriting Unleashed
Songwriting UnleashedDaniel Mayo
 
Difference between Prefix & Postfix
Difference between Prefix & Postfix Difference between Prefix & Postfix
Difference between Prefix & PostfixKms Nira
 
PROYECTO ESTADISTICA "FACTORES QUE INFLUYEN QUE LOS ESTUDIANTES DEL PL18 TEHU...
PROYECTO ESTADISTICA "FACTORES QUE INFLUYEN QUE LOS ESTUDIANTES DEL PL18 TEHU...PROYECTO ESTADISTICA "FACTORES QUE INFLUYEN QUE LOS ESTUDIANTES DEL PL18 TEHU...
PROYECTO ESTADISTICA "FACTORES QUE INFLUYEN QUE LOS ESTUDIANTES DEL PL18 TEHU...Dalia Violeta Gutierrez Ruíz
 
Сколько стоит доступ в память, и что с этим делать
Сколько стоит доступ в память, и что с этим делатьСколько стоит доступ в память, и что с этим делать
Сколько стоит доступ в память, и что с этим делатьQrator Labs
 
DDoS Prevention: Market Growth, Deployments, and NSS Test Results
DDoS Prevention: Market Growth, Deployments, and NSS Test ResultsDDoS Prevention: Market Growth, Deployments, and NSS Test Results
DDoS Prevention: Market Growth, Deployments, and NSS Test ResultsNSS Labs
 

Andere mochten auch (20)

Ataques DDoS - Panorama, Mitigação e Evolução
Ataques DDoS - Panorama, Mitigação e EvoluçãoAtaques DDoS - Panorama, Mitigação e Evolução
Ataques DDoS - Panorama, Mitigação e Evolução
 
Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...
Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...
Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...
 
R&T Company Profile
R&T Company ProfileR&T Company Profile
R&T Company Profile
 
Hnm
HnmHnm
Hnm
 
Hnm
HnmHnm
Hnm
 
TeamTILT for Nagios - Graphical based installation Guide
TeamTILT for Nagios - Graphical based installation GuideTeamTILT for Nagios - Graphical based installation Guide
TeamTILT for Nagios - Graphical based installation Guide
 
Hnm
HnmHnm
Hnm
 
10 group presentation
10 group presentation10 group presentation
10 group presentation
 
DNSSEC -Provisioning and Automatization using Bind
DNSSEC -Provisioning and Automatization using BindDNSSEC -Provisioning and Automatization using Bind
DNSSEC -Provisioning and Automatization using Bind
 
Sdn&security
Sdn&securitySdn&security
Sdn&security
 
А.Кумаков Apiship eRetailForum2015
А.Кумаков Apiship eRetailForum2015А.Кумаков Apiship eRetailForum2015
А.Кумаков Apiship eRetailForum2015
 
História em quadrinhos
História em quadrinhosHistória em quadrinhos
História em quadrinhos
 
Songwriting Unleashed
Songwriting UnleashedSongwriting Unleashed
Songwriting Unleashed
 
Виртуальный номер связывает филиалы в единую сеть
Виртуальный номер связывает филиалы в единую сетьВиртуальный номер связывает филиалы в единую сеть
Виртуальный номер связывает филиалы в единую сеть
 
Difference between Prefix & Postfix
Difference between Prefix & Postfix Difference between Prefix & Postfix
Difference between Prefix & Postfix
 
PROYECTO ESTADISTICA "FACTORES QUE INFLUYEN QUE LOS ESTUDIANTES DEL PL18 TEHU...
PROYECTO ESTADISTICA "FACTORES QUE INFLUYEN QUE LOS ESTUDIANTES DEL PL18 TEHU...PROYECTO ESTADISTICA "FACTORES QUE INFLUYEN QUE LOS ESTUDIANTES DEL PL18 TEHU...
PROYECTO ESTADISTICA "FACTORES QUE INFLUYEN QUE LOS ESTUDIANTES DEL PL18 TEHU...
 
Сколько стоит доступ в память, и что с этим делать
Сколько стоит доступ в память, и что с этим делатьСколько стоит доступ в память, и что с этим делать
Сколько стоит доступ в память, и что с этим делать
 
Capital budgeting
Capital budgetingCapital budgeting
Capital budgeting
 
WSO2-WSF-install-manual-linux-th
WSO2-WSF-install-manual-linux-thWSO2-WSF-install-manual-linux-th
WSO2-WSF-install-manual-linux-th
 
DDoS Prevention: Market Growth, Deployments, and NSS Test Results
DDoS Prevention: Market Growth, Deployments, and NSS Test ResultsDDoS Prevention: Market Growth, Deployments, and NSS Test Results
DDoS Prevention: Market Growth, Deployments, and NSS Test Results
 

Ähnlich wie DDoS Attacks - Scenery, Evolution and Mitigation

Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesSagi Brody
 
DDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet FilteringDDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet FilteringQrator Labs
 
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno OvereinderHSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno OvereinderSplend
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutionsFrank Victory
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
Dynamic Service Chaining
Dynamic Service Chaining Dynamic Service Chaining
Dynamic Service Chaining Tail-f Systems
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other FiendsStanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other FiendsSuzanne Aldrich
 
DNS Security Threats and Solutions
DNS Security Threats and SolutionsDNS Security Threats and Solutions
DNS Security Threats and SolutionsInnoTech
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Fwdays
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewMarketingArrowECS_CZ
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...Eric Vanderburg
 
Wireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesWireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesAidan Venn MSc
 

Ähnlich wie DDoS Attacks - Scenery, Evolution and Mitigation (20)

Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
 
DDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet FilteringDDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet Filtering
 
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno OvereinderHSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
HSB - Secure DNS en BGP ontwikkelingen - Benno Overeinder
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutions
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
 
LACNOG - Logging in the Post-IPv4 World
LACNOG - Logging in the Post-IPv4 WorldLACNOG - Logging in the Post-IPv4 World
LACNOG - Logging in the Post-IPv4 World
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 
Dynamic Service Chaining
Dynamic Service Chaining Dynamic Service Chaining
Dynamic Service Chaining
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other FiendsStanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
 
DNS Security Threats and Solutions
DNS Security Threats and SolutionsDNS Security Threats and Solutions
DNS Security Threats and Solutions
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solution
 
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
 
Wireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesWireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devices
 

Mehr von Wilson Rogerio Lopes

DNS na AWS - Zero To Hero using Route 53
DNS na AWS - Zero To Hero using Route 53DNS na AWS - Zero To Hero using Route 53
DNS na AWS - Zero To Hero using Route 53Wilson Rogerio Lopes
 
Zero to Hero for Network Admins on AWS
Zero to Hero for Network Admins on AWSZero to Hero for Network Admins on AWS
Zero to Hero for Network Admins on AWSWilson Rogerio Lopes
 
Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...
Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...
Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...Wilson Rogerio Lopes
 
Palestra sobre DNS apresentada no 3 PTT Forum
Palestra sobre DNS apresentada no 3 PTT ForumPalestra sobre DNS apresentada no 3 PTT Forum
Palestra sobre DNS apresentada no 3 PTT ForumWilson Rogerio Lopes
 

Mehr von Wilson Rogerio Lopes (7)

DNS na AWS - Zero To Hero using Route 53
DNS na AWS - Zero To Hero using Route 53DNS na AWS - Zero To Hero using Route 53
DNS na AWS - Zero To Hero using Route 53
 
Zero to Hero for Network Admins on AWS
Zero to Hero for Network Admins on AWSZero to Hero for Network Admins on AWS
Zero to Hero for Network Admins on AWS
 
Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...
Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...
Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...
 
Implementação do DNSSEC no iG
Implementação do DNSSEC no iGImplementação do DNSSEC no iG
Implementação do DNSSEC no iG
 
BGP Traffic Engineering on IXP
BGP Traffic Engineering on IXPBGP Traffic Engineering on IXP
BGP Traffic Engineering on IXP
 
DNS,DNSSEC and Best Practices
DNS,DNSSEC and Best PracticesDNS,DNSSEC and Best Practices
DNS,DNSSEC and Best Practices
 
Palestra sobre DNS apresentada no 3 PTT Forum
Palestra sobre DNS apresentada no 3 PTT ForumPalestra sobre DNS apresentada no 3 PTT Forum
Palestra sobre DNS apresentada no 3 PTT Forum
 

Kürzlich hochgeladen

Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasDigicorns Technologies
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Balliameghakumariji156
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...meghakumariji156
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理F
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsMonica Sydney
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...kumargunjan9515
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 

Kürzlich hochgeladen (20)

Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 

DDoS Attacks - Scenery, Evolution and Mitigation

  • 1. Wilson Rogério Lopes LACNIC 26 / LACNOG 2016 09/2016 DDoS Attacks Scenery, Evolution and Mitigation
  • 2. Wilson Rogério Lopes • Network Engineer Specialist, with 12 years of experience in the internet industry • Postgraduate degree from University of Sao Paulo – USP • Frequent speaker at GTER and GTS – Network engineering and security groups of Brazil, talking about network engineering, DDoS mitigation, DNS and DNSSEC • Interests – Network architecture and network security, IaaS, SDN, DNS, DNSSEC Contacts – wilsonlopes00@gmail.com https://br.linkedin.com/in/wrlopes
  • 3. Disclaimer All information and opinions contained in this presentation does not represent my employer. All information and stats presented is public, collected from blogs and specialized sites on the internet.
  • 4. Agenda • DDoS – Scenery and Evolution • Mitigation – Options and Applicability • General Recomendations
  • 5. “DDoS is a new spam…and it’s everyone’s problem now.”
  • 6. Technical Details Behind a 400Gbps NTP Amplification DDoS Attack 13 Feb 2014 by Matthew Prince http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack/ “To generate approximately 400Gbps of traffic, the attacker used 4,529 NTP servers running on 1,298 different networks. On average, each of these servers sent 87Mbps of traffic to the intended victim on CloudFlare's network. Remarkably, it is possible that the attacker used only a single server running on a network that allowed source IP address spoofing to initiate the requests.”
  • 8. SSDP - Simple Service Discovery Protocol • UDP port 1900 • “Search” Request • Amplification factor – 30x • 8 million of opened devices around the world Source: https://ssdpscan.shadowserver.org/
  • 9. 2016 - IoT – CCTV Botnet • CCTV devices – telnet, admin with default passwd • At least 70 vendors running the same linux embedded • Lizard Squad – Bot LizardStresser • 400Gbps of volumetry – without amplification HTTP Request flood, tcp connections flood, udp flood Source: https://www.arbornetworks.com/blog/asert/lizard-brain-lizardstresser/
  • 10. 2016 – Rio Olympic Games Start of IoT botnet activity • 540Gbps sustained • Targets – Sponsors, government sites, financial institutions • Use of GRE to bypass the mitigations Fonte: https://www.arbornetworks.com/blog/asert/lizard-brain-lizardstresser/
  • 11. 2016 – 21/09 – Retaliation and Censorship • vDOS from Israel identified and owners were arrested • Reported by Brian Krebs - http://krebsonsecurity.com/about/ • 665Gbps – 143Mpps – Without amplification !
  • 12. 2016 – 25/09 – Google Project Shield #dig krebsonsecurity.com. krebsonsecurity.com. 246 IN A 130.211.45.45 CIDR: 130.211.0.0/16 NetName: GOOGLE-CLOUD
  • 13. DDoS Attacks – IPv6 Source: Arbor 2016 Worldwide Infrastructure Security Report • 354 Service Providers interviewed • 70% answered that have IPv6 deployed 2015 – 2% at least 1 DDoS attack 2016 – 9% Biggest volumetry - 6Gbps
  • 14. Mitigation – Team Cymru UTRS BGP Peering x.x.x.x/32 announce • UTRS - Unwanted Traffic Removal Service • Destination RTBH multihop – BGP • AS victim annouces the ip under attack • Authenticity verified – whois and peering db • The attack is blocked in the source AS • Restricted to /32 prefixes • More participants, more efficacy Recommended • Internet service providers for home users One or more user will lost the connectivity, but the provider remains up Maybe recommended.... ISPs, Content Providers, Hosting Providers Client Services unavailable (news home, e-commerce basket, bakline page) UTRS AS 1234 Network Under Attack Destination: x.x.x.x/32 Upstream 1 Upstream 2 AS YYYY route x.x.x.x/32 null0 AS XXXX route x.x.x.x/32 null0 BGP update BGP update Attack Traffic
  • 15. Mitigation – Clean Pipe IP Transit Providers PE Provider CPE Client Cleaning Center • Normal Traffic • Attack Traffic • Cleaned Traffic • Detection via Netflow • Start a more specific announce of ip/prefix under attack • The traffic will be “cleaned” using: - Syn cookies / Syn Auth - Static filters : drop proto udp and src port 1900 drop proto udp and src port 123 - Rate Limit per src/dst prefix and ports - Protocol Authentication - Payload regular expressions - TCP connection limit - Rate limit or drops using GeoIP
  • 16. Mitigation – Cloud DDoS Mitigation Service Providers PE Provider CPE Client • Normal Traffic • Attack Traffic • Cleaned Traffic • GRE tunnel between client and provider • BGP session under gre tunnel • Detection via Netflow • Start a more specific announce of ip/prefix under attack • Cloud Provider annouce to your upstreams • All the input traffic will be via Cloud Provider Network • Block of layer 3 and 4 attacks • Additionaly, WAF services Cloud Provider Network BGP GRE GRE Pros • Capacity of mitigation – Tbps • Easy implementation, without changes in the client network Cons • Latency • GRE and MSS –MSS, TCP DF bit setted Inbound traffic Outbound traffic
  • 17. Mitigation Layer 7 – Load Balancers • L7 HTTP/HTTPS Floods - Rate limit client IP, destination URL, destination URI - HTTP header analisys Check of User Agent Check of Referer Validation if client is a browser: - Cookie insertion - JS insertion Validation if client is a human: - Captcha insertion
  • 18. Mitigation – Home Made • Iptables SynProxy Kernel 3.13, Red Hat 7 iptables -t raw -I PREROUTING -p tcp -m tcp --syn -j CT –notrack iptables -I INPUT -p tcp -m tcp -m conntrack –ctstate UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
  • 19. Mitigation – Home Made • Mod Evasive Rate limit client IP, destination URL, destination URI DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 60 DOSEmailNotify admin@example.org
  • 20. Mitigation – Home Made • Mod Security WAF – Monitoring, Log and Block OWASP Core rules - https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project Protocol violation RBL Block of floods e slow attacks Bot, crowler and scan detection
  • 21. Mitigation – General Recomendations • Use Hybrid strategy Block l3/l4 attacks os the service provider Block l7 attacks using on-premisse solutions • Monitoring systems focused on DDoS detection • Configure Control Plane Policy. Use filters to block traffic to control plane of network devices • Don’t use the same prefixes to infrastructure and clients • Keep the mitigation easy – WEB Servers separated of DNS Servers, etc.... • Use anycast as possible – our old and good friend  • Get away of statefull controls on the edge (Firewalls, IPS, etc). Use only where is necessary.
  • 22. References • CERT.BR - Recomendações para Melhorar o Cenário de Ataques Distribuídos de Negação de Serviço (DDoS) http://www.cert.br/docs/whitepapers/ddos/ • Mod Evasive - http://www.zdziarski.com/blog/?page_id=442 • Mod Security - https://www.modsecurity.org/ • Iptables SynProxy - http://rhelblog.redhat.com/2014/04/11/mitigate-tcp-syn-flood-attacks-with-red-hat- enterprise-linux-7-beta/ • UTRS - https://www.cymru.com/jtk/misc/utrs.html • Google Project Shield - https://projectshield.withgoogle.com/public