• Save
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com



A simple presentation on understanding DDOS and DDOS mitigation solutions.

A simple presentation on understanding DDOS and DDOS mitigation solutions.



Total Views
Views on SlideShare
Embed Views



17 Embeds 1,770

http://www.theprohack.com 1363
http://www.feedblitz.com 139
http://feeds.feedburner.com 126
http://www.bonenjeu.com 85
http://www.universidadehacker.com 29
http://feedproxy.google.com 5
http://archive.feedblitz.com 4
http://translate.googleusercontent.com 4
http://tw.pinggu.baidu.com 4
http://www.feedspot.com 3
http://centralcomputing.blogspot.com 2
http://www.linkedin.com 1
http://cache.baidu.com 1
http://ezproxee.info 1
http://fr.flavors.me 1
http://centralcomputing.blogspot.fr 1
http://www.hanrss.com 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com Presentation Transcript

  • 1. Understanding DDOS Mitigation Rishabh Dangwal About me : Trivia geek, redbull addict &Independent security enthusiastic, currently employed at Tulip Telecom www.theprohack.com
  • 2. DDOS Mitigation Mitigation : mit·i·ga·tion. /ˌ ɪʃən/ Spelled[mit-i- mɪtɪˌge gey-shuhn] noun. the act of lessening the force or intensity of something• Understanding DDOS• Countermeasures• Mitigation
  • 3. DOS• Attack that makes a designated service unavailable to the targeted users• Exploits limitations of the system as an inherent universal vulnerability• Limitations : CPU, Memory,Bandwidth
  • 4. DDOS• Distributed DOS• A coordinated effort• Botnets are in fashion• Firewalls & IPS are NOT enough• NO 100% solution present , so you can ONLY slow it down
  • 5. DDOS Continued ..• Protocol Attacks – exploit protocol vulnerabilities/limitations• Bandwidth Attacks – overflow and consume resources , mostly flood attacks• Software Attacks – exploit network software architecture
  • 6. Typical Countermeasures• SYN Proxy• Limiting Number of Connections• Aggressive Aging• Source Rate Limiting• Dynamic Filtering• Active Verification• Anomaly Recognition• Granular Rate limiting• Whitelisting/Blacklisting• Dark Address Prevention
  • 7. How DDOS Mitigation solutions work ?• Monitor• Identify• Mitigate
  • 8. Monitor• Devices are generally added to monitoring sensors/servers/software via SNMP polling/BGP peering• Traffic thresholds are set• Devices..are monitored• Incase of trouble, alerts are generated
  • 9. Identify• Traffic is identified and profiled according to set parameters, configurations and algorithms• Once identified , identify type of attack• Protocol misuse – DNS / ICMP /TCP Null / TCP RST Flood, IP fragment• Bandwidth misuse
  • 10. Typical Parameters• Advanced Boolean Match / AS Path Reg exp – by using Regular expressing matching in traffic or on AS Path field of BGP• CIDR – traffic identification using by network prefixes and CIDR blocks• BGP Communities – traffic identification using BGP Communities.• Physical Interfaces – traffic identification by monitoring router’s physical interface through which the traffic is passing.• Peer ASNs & Local ASN/Sub AS – traffic identification by using peer AS numbers field of BGP or by using Local or Sub AS Numbers for the network.
  • 11. Mitigate• Traffic diversion• Categorize and “scrubbing” the traffic• Bringing the clean traffic to the cloud
  • 12. Traffic diversion• Generate prefix IP address• BGP route injection to predefined router• Divert traffic
  • 13. Categorize and scrub traffic• Custom Settings• Traffic Filtering & Malformed DNS packets filtering• DNS Authentication• HTTP request limiting / object limiting• Malformed HTTP & SIP packets filtering• TCP Connection Reset & TCP SYN Authentication• Zombie Removal• Baseline Network Policy Enforcement• Packet shaping• Filter/Allow based on payload• Signature based detection & Mitigation
  • 14. Tada ..• Once done, Clean traffic is sent to rightful customers• Attack patterns are jotted down for future reference & threat categorization• More smiles, less caffeine
  • 15. Questions ?
  • 16. Thank You :]feedback appreciated at admin@theprohack.com