Understanding DDOS      Mitigation                                             Rishabh Dangwal                            ...
DDOS Mitigation Mitigation : mit·i·ga·tion. /ˌ      ɪʃən/ Spelled[mit-i-                               mɪtɪˌge            ...
DOS• Attack that makes a designated  service unavailable to the  targeted users• Exploits limitations of the  system as an...
DDOS• Distributed DOS• A coordinated effort• Botnets are in fashion• Firewalls & IPS are NOT enough• NO 100% solution pres...
DDOS Continued ..• Protocol Attacks – exploit protocol  vulnerabilities/limitations• Bandwidth Attacks   – overflow and co...
Typical Countermeasures•   SYN Proxy•   Limiting Number of Connections•   Aggressive Aging•   Source Rate Limiting•   Dyna...
How DDOS Mitigation             solutions work ?• Monitor• Identify• Mitigate
Monitor• Devices are generally added to monitoring  sensors/servers/software via SNMP polling/BGP peering• Traffic thresho...
Identify• Traffic is identified and profiled according to set  parameters, configurations and algorithms• Once identified ...
Typical Parameters•   Advanced Boolean Match / AS Path Reg exp – by using Regular    expressing matching in traffic or on ...
Mitigate• Traffic diversion• Categorize and “scrubbing” the traffic• Bringing the clean traffic to the cloud
Traffic diversion• Generate prefix IP address• BGP route injection to predefined router• Divert traffic
Categorize and scrub traffic•   Custom Settings•   Traffic Filtering & Malformed DNS packets filtering•   DNS Authenticati...
Tada ..• Once done, Clean traffic is sent to rightful customers• Attack patterns are jotted down for future reference &  t...
Questions ?
Thank You :]feedback appreciated at admin@theprohack.com
Upcoming SlideShare
Loading in...5
×

Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com

3,939

Published on

A simple presentation on understanding DDOS and DDOS mitigation solutions.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,939
On Slideshare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com

  1. 1. Understanding DDOS Mitigation Rishabh Dangwal About me : Trivia geek, redbull addict &Independent security enthusiastic, currently employed at Tulip Telecom www.theprohack.com
  2. 2. DDOS Mitigation Mitigation : mit·i·ga·tion. /ˌ ɪʃən/ Spelled[mit-i- mɪtɪˌge gey-shuhn] noun. the act of lessening the force or intensity of something• Understanding DDOS• Countermeasures• Mitigation
  3. 3. DOS• Attack that makes a designated service unavailable to the targeted users• Exploits limitations of the system as an inherent universal vulnerability• Limitations : CPU, Memory,Bandwidth
  4. 4. DDOS• Distributed DOS• A coordinated effort• Botnets are in fashion• Firewalls & IPS are NOT enough• NO 100% solution present , so you can ONLY slow it down
  5. 5. DDOS Continued ..• Protocol Attacks – exploit protocol vulnerabilities/limitations• Bandwidth Attacks – overflow and consume resources , mostly flood attacks• Software Attacks – exploit network software architecture
  6. 6. Typical Countermeasures• SYN Proxy• Limiting Number of Connections• Aggressive Aging• Source Rate Limiting• Dynamic Filtering• Active Verification• Anomaly Recognition• Granular Rate limiting• Whitelisting/Blacklisting• Dark Address Prevention
  7. 7. How DDOS Mitigation solutions work ?• Monitor• Identify• Mitigate
  8. 8. Monitor• Devices are generally added to monitoring sensors/servers/software via SNMP polling/BGP peering• Traffic thresholds are set• Devices..are monitored• Incase of trouble, alerts are generated
  9. 9. Identify• Traffic is identified and profiled according to set parameters, configurations and algorithms• Once identified , identify type of attack• Protocol misuse – DNS / ICMP /TCP Null / TCP RST Flood, IP fragment• Bandwidth misuse
  10. 10. Typical Parameters• Advanced Boolean Match / AS Path Reg exp – by using Regular expressing matching in traffic or on AS Path field of BGP• CIDR – traffic identification using by network prefixes and CIDR blocks• BGP Communities – traffic identification using BGP Communities.• Physical Interfaces – traffic identification by monitoring router’s physical interface through which the traffic is passing.• Peer ASNs & Local ASN/Sub AS – traffic identification by using peer AS numbers field of BGP or by using Local or Sub AS Numbers for the network.
  11. 11. Mitigate• Traffic diversion• Categorize and “scrubbing” the traffic• Bringing the clean traffic to the cloud
  12. 12. Traffic diversion• Generate prefix IP address• BGP route injection to predefined router• Divert traffic
  13. 13. Categorize and scrub traffic• Custom Settings• Traffic Filtering & Malformed DNS packets filtering• DNS Authentication• HTTP request limiting / object limiting• Malformed HTTP & SIP packets filtering• TCP Connection Reset & TCP SYN Authentication• Zombie Removal• Baseline Network Policy Enforcement• Packet shaping• Filter/Allow based on payload• Signature based detection & Mitigation
  14. 14. Tada ..• Once done, Clean traffic is sent to rightful customers• Attack patterns are jotted down for future reference & threat categorization• More smiles, less caffeine
  15. 15. Questions ?
  16. 16. Thank You :]feedback appreciated at admin@theprohack.com

×