CloudFlare DDoS attacks 101: what are they and how to protect your site?
Upcoming SlideShare
Loading in...5
×
 

CloudFlare DDoS attacks 101: what are they and how to protect your site?

on

  • 460 views

Distributed denial of service (DDoS) attacks have scaled up in size and frequency over the past year. Attackers constantly adopt new methods to flood your website and network with malicious traffic. ...

Distributed denial of service (DDoS) attacks have scaled up in size and frequency over the past year. Attackers constantly adopt new methods to flood your website and network with malicious traffic. What exactly are DDoS attacks and how do they work? More importantly, how can you ensure that your website stays protected. CloudFlare solutions engineer Trey Guinn discusses the nature of DDoS attacks, with a focus on amplification attacks. He explains how CloudFlare is able to stop such attacks and also what can you do to ensure you are not part of the problem by running open NTP servers or DNS resolvers.

Statistics

Views

Total Views
460
Views on SlideShare
457
Embed Views
3

Actions

Likes
0
Downloads
14
Comments
0

1 Embed 3

http://www.slideee.com 3

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

CloudFlare DDoS attacks 101: what are they and how to protect your site? CloudFlare DDoS attacks 101: what are they and how to protect your site? Presentation Transcript

  • Trey Guinn Solution Engineer, CloudFlare www.cloudflare.com DDoS 101
  • Distributed Denial of Service ! An attack coming from all many locations which overwhelms your resources and prevents you from serving legitimate customers.
  • Fake Pizza Orders
  • Variety of Attacks Volumetric Protocol Attacks Application Attacks
  • Real Life Example
  • Wednesday, March 20 ~75Gbps attack
  • 100Gbps Magic ceiling in DDoS attacks
  • March 24 – March 25 Peaks of the attack reached at least 309Gbps
  • dig ANY isc.org @63.217.84.76 +edns=0 +notcp +bufsize=4096
  • 64-byte query
  • $ dig ANY isc.org @63.217.84.76 +edns=0 +notcp +bufsize=4096
  • 3,363-byteresponse
  • Amplification
  • 50x Amplification factor
  • Attack Amplification ! DNS - 50 x NTP - 200x Coming: SNMP - 650x
  • UDP = no handshake
  • Problem Ingredients: Networks that allows source IP spoofing + Servers that reply to “non-customers”
  • Good networks don’t let packets originate from IPs they don’t own (BCP38)
  • Not all networks are good
  • How common are these ingredients?
  • 28 million open resolvers
  • 24.6% networks allow spoofing
  • 10s of Millions Open NTP DNS servers
  • 1 attacker’s laptop controlling 5–7 compromised servers on 3 networks that allowed spoofing of 9Gbps DNS requests to 0.1% of open resolvers resulted in 300Gbps+ of DDoS attack traffic. + + + +
  • How did we stop it?
  • Anycast
  • Inherently “dilutes” the attack
  • 300Gbps 25 Anycasted PoPs 12 Gbps/PoP ÷
  • Make sure you’re not part of the problem…
  • Are you running open DNS resolvers?
  • Are you running open NTP servers?
  • Implement BCP38 (uRPF)
  • Trey Guinn Solution Engineer www.cloudflare.com