Your SlideShare is downloading. ×
0
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com

3,801

Published on

A simple presentation on understanding DDOS and DDOS mitigation solutions.

A simple presentation on understanding DDOS and DDOS mitigation solutions.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,801
On Slideshare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Understanding DDOS Mitigation Rishabh Dangwal About me : Trivia geek, redbull addict &Independent security enthusiastic, currently employed at Tulip Telecom www.theprohack.com
  • 2. DDOS Mitigation Mitigation : mit·i·ga·tion. /ˌ ɪʃən/ Spelled[mit-i- mɪtɪˌge gey-shuhn] noun. the act of lessening the force or intensity of something• Understanding DDOS• Countermeasures• Mitigation
  • 3. DOS• Attack that makes a designated service unavailable to the targeted users• Exploits limitations of the system as an inherent universal vulnerability• Limitations : CPU, Memory,Bandwidth
  • 4. DDOS• Distributed DOS• A coordinated effort• Botnets are in fashion• Firewalls & IPS are NOT enough• NO 100% solution present , so you can ONLY slow it down
  • 5. DDOS Continued ..• Protocol Attacks – exploit protocol vulnerabilities/limitations• Bandwidth Attacks – overflow and consume resources , mostly flood attacks• Software Attacks – exploit network software architecture
  • 6. Typical Countermeasures• SYN Proxy• Limiting Number of Connections• Aggressive Aging• Source Rate Limiting• Dynamic Filtering• Active Verification• Anomaly Recognition• Granular Rate limiting• Whitelisting/Blacklisting• Dark Address Prevention
  • 7. How DDOS Mitigation solutions work ?• Monitor• Identify• Mitigate
  • 8. Monitor• Devices are generally added to monitoring sensors/servers/software via SNMP polling/BGP peering• Traffic thresholds are set• Devices..are monitored• Incase of trouble, alerts are generated
  • 9. Identify• Traffic is identified and profiled according to set parameters, configurations and algorithms• Once identified , identify type of attack• Protocol misuse – DNS / ICMP /TCP Null / TCP RST Flood, IP fragment• Bandwidth misuse
  • 10. Typical Parameters• Advanced Boolean Match / AS Path Reg exp – by using Regular expressing matching in traffic or on AS Path field of BGP• CIDR – traffic identification using by network prefixes and CIDR blocks• BGP Communities – traffic identification using BGP Communities.• Physical Interfaces – traffic identification by monitoring router’s physical interface through which the traffic is passing.• Peer ASNs & Local ASN/Sub AS – traffic identification by using peer AS numbers field of BGP or by using Local or Sub AS Numbers for the network.
  • 11. Mitigate• Traffic diversion• Categorize and “scrubbing” the traffic• Bringing the clean traffic to the cloud
  • 12. Traffic diversion• Generate prefix IP address• BGP route injection to predefined router• Divert traffic
  • 13. Categorize and scrub traffic• Custom Settings• Traffic Filtering & Malformed DNS packets filtering• DNS Authentication• HTTP request limiting / object limiting• Malformed HTTP & SIP packets filtering• TCP Connection Reset & TCP SYN Authentication• Zombie Removal• Baseline Network Policy Enforcement• Packet shaping• Filter/Allow based on payload• Signature based detection & Mitigation
  • 14. Tada ..• Once done, Clean traffic is sent to rightful customers• Attack patterns are jotted down for future reference & threat categorization• More smiles, less caffeine
  • 15. Questions ?
  • 16. Thank You :]feedback appreciated at admin@theprohack.com

×