• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
 

Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com

on

  • 3,521 views

A simple presentation on understanding DDOS and DDOS mitigation solutions.

A simple presentation on understanding DDOS and DDOS mitigation solutions.

Statistics

Views

Total Views
3,521
Views on SlideShare
1,851
Embed Views
1,670

Actions

Likes
1
Downloads
0
Comments
0

17 Embeds 1,670

http://www.theprohack.com 1271
http://www.feedblitz.com 139
http://feeds.feedburner.com 120
http://www.bonenjeu.com 85
http://www.universidadehacker.com 29
http://feedproxy.google.com 5
http://tw.pinggu.baidu.com 4
http://www.feedspot.com 3
http://archive.feedblitz.com 3
http://translate.googleusercontent.com 3
http://centralcomputing.blogspot.com 2
http://www.linkedin.com 1
http://cache.baidu.com 1
http://ezproxee.info 1
http://fr.flavors.me 1
http://centralcomputing.blogspot.fr 1
http://www.hanrss.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com Presentation Transcript

    • Understanding DDOS Mitigation Rishabh Dangwal About me : Trivia geek, redbull addict &Independent security enthusiastic, currently employed at Tulip Telecom www.theprohack.com
    • DDOS Mitigation Mitigation : mit·i·ga·tion. /ˌ ɪʃən/ Spelled[mit-i- mɪtɪˌge gey-shuhn] noun. the act of lessening the force or intensity of something• Understanding DDOS• Countermeasures• Mitigation
    • DOS• Attack that makes a designated service unavailable to the targeted users• Exploits limitations of the system as an inherent universal vulnerability• Limitations : CPU, Memory,Bandwidth
    • DDOS• Distributed DOS• A coordinated effort• Botnets are in fashion• Firewalls & IPS are NOT enough• NO 100% solution present , so you can ONLY slow it down
    • DDOS Continued ..• Protocol Attacks – exploit protocol vulnerabilities/limitations• Bandwidth Attacks – overflow and consume resources , mostly flood attacks• Software Attacks – exploit network software architecture
    • Typical Countermeasures• SYN Proxy• Limiting Number of Connections• Aggressive Aging• Source Rate Limiting• Dynamic Filtering• Active Verification• Anomaly Recognition• Granular Rate limiting• Whitelisting/Blacklisting• Dark Address Prevention
    • How DDOS Mitigation solutions work ?• Monitor• Identify• Mitigate
    • Monitor• Devices are generally added to monitoring sensors/servers/software via SNMP polling/BGP peering• Traffic thresholds are set• Devices..are monitored• Incase of trouble, alerts are generated
    • Identify• Traffic is identified and profiled according to set parameters, configurations and algorithms• Once identified , identify type of attack• Protocol misuse – DNS / ICMP /TCP Null / TCP RST Flood, IP fragment• Bandwidth misuse
    • Typical Parameters• Advanced Boolean Match / AS Path Reg exp – by using Regular expressing matching in traffic or on AS Path field of BGP• CIDR – traffic identification using by network prefixes and CIDR blocks• BGP Communities – traffic identification using BGP Communities.• Physical Interfaces – traffic identification by monitoring router’s physical interface through which the traffic is passing.• Peer ASNs & Local ASN/Sub AS – traffic identification by using peer AS numbers field of BGP or by using Local or Sub AS Numbers for the network.
    • Mitigate• Traffic diversion• Categorize and “scrubbing” the traffic• Bringing the clean traffic to the cloud
    • Traffic diversion• Generate prefix IP address• BGP route injection to predefined router• Divert traffic
    • Categorize and scrub traffic• Custom Settings• Traffic Filtering & Malformed DNS packets filtering• DNS Authentication• HTTP request limiting / object limiting• Malformed HTTP & SIP packets filtering• TCP Connection Reset & TCP SYN Authentication• Zombie Removal• Baseline Network Policy Enforcement• Packet shaping• Filter/Allow based on payload• Signature based detection & Mitigation
    • Tada ..• Once done, Clean traffic is sent to rightful customers• Attack patterns are jotted down for future reference & threat categorization• More smiles, less caffeine
    • Questions ?
    • Thank You :]feedback appreciated at admin@theprohack.com