DDos Prevention and Mitigation
-
Upload
ripe-ncc -
Category
Technology
-
view
76 -
download
2
Transcript of DDos Prevention and Mitigation
![Page 1: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/1.jpg)
Christian Teuschel | November 2016 | Skopje
DDos Prevention and Mitigation
![Page 2: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/2.jpg)
Christian Teuschel | Skopje | November 2016 2
Friday, 21 October 2016
http://downdetector.com/
http://dyn.com/blog/dyn-statement-on-10212016-ddos-attack/
![Page 3: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/3.jpg)
Christian Teuschel | Skopje | November 2016 3
Denial-Of-Service 101
• What? - Attack on IT infrastructure
- Make machine/network resource unavailable
- Temporary or indefinite
- Not a new invention!
![Page 4: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/4.jpg)
Christian Teuschel | Skopje | November 2016 4
Denial-Of-Service 101
• How? - Crashing service
- Flooding service
• Effect - Prevent legitimate users to be serviced
![Page 5: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/5.jpg)
Christian Teuschel | Skopje | November 2016 5
Denial-Of-Service 101
• Targets: - Usually high-profile sites
- But not only
• Initiators - Hackers
- Script kids
- Criminals
- State actor
- Insider
![Page 6: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/6.jpg)
Christian Teuschel | Skopje | November 2016 6
Denial-Of-Service 101
• Costs - Mitigation costs
- Lost revenue
- Reputation
![Page 7: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/7.jpg)
Christian Teuschel | Skopje | November 2016 7
Special Forms Of DOS
• Distributed DOS - Involving multiple devices in the attack
• APDOS - Involving an advanced persistent thread
- Requires resources and sophistication
• DOS as a service - Entry barrier is getting lower
- Growing market
Focus
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf
![Page 8: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/8.jpg)
Christian Teuschel | Skopje | November 2016 8
DDoS Attack Classes
• TCP Connection Attack - Intention to use up available connections
• Volumetric Attack - Intention to cause congestions
• Fragmentation Attack - Intention to overwhelm request handling
• Application Attack - Intention to exploit specific aspects of an application
![Page 9: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/9.jpg)
Christian Teuschel | Skopje | November 2016 9
DDoS Amplification
• DNS Reflection - Small request, big response
• Chargen Reflection - Streams of random characters on demand
![Page 10: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/10.jpg)
Christian Teuschel | Skopje | November 2016 10
Statistics on DDos
http://www.digitalattackmap.com/
State of the Internet Security Report by Akamai
![Page 11: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/11.jpg)
Christian Teuschel | Skopje | November 2016 11
Statistics on DDos
State of the Internet Security Report by Akamai
![Page 12: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/12.jpg)
Christian Teuschel | Skopje | November 2016 12
DDos Prevention
• Keep your software up-to-date
• Know your network and services - Make inventory on a regular basis
- Monitor
• Don’t make enemies and avoid becoming a target
![Page 13: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/13.jpg)
Christian Teuschel | Skopje | November 2016 13
DDos Prevention
• Recommendations by the Dutch government - Make an overview and monitor your infrastructure
- Check with each of your third-party suppliers to find out which (D)DoS countermeasures are in place and what the relevant contractual agreements are
- Find out which countermeasures have been taken to protect your in-house infrastructure and take additional steps, if necessary
- Prepare your incident response and think about failover scenarios for your online services
- Prepare a communication strategy
![Page 14: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/14.jpg)
Christian Teuschel | Skopje | November 2016 14
DDos Prevention
• Ingress filtering (BCP38)
• RPKI
• BGPSEC
![Page 15: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/15.jpg)
Christian Teuschel | Skopje | November 2016 15
DDos Mitigation
• Detection!!! - You need to be able to detect an attack
- Popular service vs. attack
![Page 16: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/16.jpg)
Christian Teuschel | Skopje | November 2016 16
DDos Mitigation
• BGP blackholing
![Page 17: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/17.jpg)
Christian Teuschel | Skopje | November 2016 17
DDos Mitigation
• Traffic Scrubbing - Services like NaWas
https://www.neustar.biz/resources/product-literature/siteprotect-ddos-mitigation-failover-service
![Page 18: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/18.jpg)
Christian Teuschel | Skopje | November 2016 18
DDos Mitigation
• Spread the word and inform the right people - Abuse-c
- National CERTs
- Affected companies
![Page 19: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/19.jpg)
Christian Teuschel | Skopje | November 2016 19
DDos Mitigation
• Spread it even further
• Working Group mailing list - Routing WG
- Anti-Abuse WG
• NOG/National lists - NANOG
- NLNOG, DENOG, PLNOG, SWINOG, etc.
- MKNOG?
![Page 20: DDos Prevention and Mitigation](https://reader031.fdocuments.us/reader031/viewer/2022020108/587a5d0a1a28ab520b8b6e51/html5/thumbnails/20.jpg)
[email protected] @cteuschel