Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!
-
Upload
jemima-oliver -
Category
Documents
-
view
220 -
download
0
Transcript of Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!
http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html
Fighting the DDoS Menace!
● Protx (Online payments processing firm) :October 31st
● WeaKnees.com, RapidSatellite.com (e-commerce)October 6th
● WorldPay (section of Royal Bank of Scotland) :October 4th
● Authorize.net (US credit card processing firm) :September 23rd
Recent High Profile DDoS Attacks
Fighting the Good Fight
● Aggregate-based congestion control (ACC)– identify a pattern of packets
– apply a rate-limiter to the pattern(s)
● Local ACC versus Global ACC– allow a router to request adjacent upstream routers to
rate-limit traffic corresponding to a specific aggregate.
An Illustrated Example
“Controlling High Bandwidth Aggregates in the Network” (Mahajan et al, 2001)
ACC Works???
The Scalable SimulationFramework(http://www.ssfnet.org)
● focus on scalabilitymodel scalability: # of nodes, traffic flows,bandwidth, system heterogeneity
● contains a DDoS scenario● much faster learning curve than NS tools (no tcl/tk)
What's the catch?
● Well, it turns out the DDoS scenario models a TCP SYN flooding denial of service attack.
● This DDoS attacks the TCP/IP stack of the target servers. It is not bandwidth limited! So congestion control is not the appropriate response.
● Quickly, we must model a bandwidth-limited DDoS attack....
NetworkTopology
Client Topology
Server Topology
DDoSTopology
But What Does It Do?
● 164 iterations, no DDoS enabled:– mean 202.71 connections, std. dev. 13.79
● 68 iterations, DDoS enabled:– mean 194.29 connections, std. dev. 15.47
● 59 iterations, DDoS enabled & local ACC:– mean 196.98 connections, std. dev. 14.33
TODO LIST
● Improve the effectiveness of the DDoS attack
● Use identical random number seeds across all three trial. This will show strict ordering of,
DDoS < DDoS + local ACC ≤ no DDoS