SlideShare a Scribd company logo

DDoS Attacks Explained: Causes, Defenses and Solutions

S
segughana

This document discusses distributed denial of service (DDoS) attacks and botnets. It explains that DDoS attacks use multiple compromised internet-connected devices to overwhelm a target with traffic. Large botnets like Conficker have infected millions of devices worldwide. While targets can defend against low-level attacks, high volume attacks are difficult to defend against. Ultimately, reducing DDoS attacks requires addressing the root causes that enable the creation of botnets, such as improving user awareness of computer security and developing better security tools.

Technology
1 of 11
Download to read offline
DDoS  the  problem?   john.crain@icann.org  
What  is  DDoS?   •  “Distributed  Denial  of  Service  A>ack”   –  Uses  mulBple  hosts  on  the  Internet  to  focus  traffic   against  one  or    more  targets.   –  MulBple  can  mean  100’s  of  machine  but  could   also  mean  millions   –  Generates  more  traffic  than  the  target  can  handle,   hence  denying  service  to  legiBmate  traffic  
Source:  www.sans.org  
Just  a  small  sample  of  targets   •  2002  Root  Servers  a>acked   •  ……   •  2006  CafePress   •  2007  Estonia   •  2008  Scientology   •  2009  Twi>er   •  2010  Austalia’s  Parliament  House   •  2011  …..  ?  ?  ?  
BotNets  are  a  big  Problem   •  You  can  not  talk  about  DDoS  without   menBoning  the  hijacked  machines  that  are   used  in  the  a>acks!   •  Viruses/Worms  etc.  are  used  to  enable  control   of  poorly  secured  machines.     •  Can  be  spread  in  numerous  ways.  
How  big  is  the  BotNet  Problem?   •  We  don’t  really  know     –  Seriously!  That  is  a  sign  of  how  bad  it  is..   •  One  BotNet  is  Conficker:   –  We  can  measure  +/-­‐  6  million  unique  IP  addresses   showing  conficker  infecBons  globally….     –  However  that  does  not  count  individual  infecBons   behind  firewalls..  The  Chinese  say  that  they  see  18   million  conficker  infecBons  every  month!   Source:  h>p://www.confickerworkinggroup.org/  and  h>p://www.china.org.cn/government/whitepaper/node_7093508.htm  
Can  you  defend  against  this?   •  You  can  provision  to  deal  with  low  level   a>acks.  (bandwitdth,  system  resources)   •  You  can  have  processes  in  place  to  push  back   on  a>acks.  (Filtering  at  upstreams)   •  This  is  an  arms  raise,  one  where  we  pay  for   our  resources  but  the  “bad  guys”  don’t    
•  Infected  machines  are  not  just  used  for  DDoS,     -­‐  Also  used  to  collect,  store  and  move  data.   -­‐  (Including  peoples  IdenBBes,  money  and  other   sensiBve  data)   •  If  someone  owns  your  machine  they  can  do   anything  with  it  that  you  can  do  including   some  things  you  would  never  think  of  doing  
         “fight  the  disease  not  the  symptoms”   •  We  cannot  remove  the  threat  of  DDoS  unless   we  tackle  the  issues  that  allow  for  BotNets.   •  If  we  are  seeing  millions  of  machines  infected   then  clearly  the  way  we  are  currently  doing   things  is  not  working      
       User  awareness  and  computer  hygiene  needs   to  be  drasBcally  improved.  That  means  more   educaBon  and  be>er  user  tools.    We  must  find  ways  to  make  cybercrime  less   rewarding  and    much  higher  risk.            This  is  no  different  to  real  world  crime  problems!  
Thank  You   John  Crain   Senior  Director,     Security  Stability  and  Resiliency   ICANN   john.crain@icann.org  

Recommended

Decentralized internet
Decentralized internet Decentralized internet
Decentralized internet abhinavkeesari
 
Perspectives on Open
Perspectives on OpenPerspectives on Open
Perspectives on OpenTim O'Reilly
 
Your money or your files
Your money or your filesYour money or your files
Your money or your filesRoel Palmaers
 
The meaning of decentralization. Vadim Nareyko.
The meaning of decentralization. Vadim Nareyko.The meaning of decentralization. Vadim Nareyko.
The meaning of decentralization. Vadim Nareyko.Vadim Nareyko
 
"Cyber crime- how to combat the menace"
"Cyber crime- how to combat the menace""Cyber crime- how to combat the menace"
"Cyber crime- how to combat the menace"Dr. Sushma N Jogan
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Chapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyChapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyAnjan Mahanta
 
Risk Factory: Top 10 Risks 2013
Risk Factory: Top 10 Risks 2013Risk Factory: Top 10 Risks 2013
Risk Factory: Top 10 Risks 2013Risk Crew
 

Recommended

Decentralized internet
Decentralized internet Decentralized internet
Decentralized internet abhinavkeesari
 
Perspectives on Open
Perspectives on OpenPerspectives on Open
Perspectives on OpenTim O'Reilly
 
Your money or your files
Your money or your filesYour money or your files
Your money or your filesRoel Palmaers
 
The meaning of decentralization. Vadim Nareyko.
The meaning of decentralization. Vadim Nareyko.The meaning of decentralization. Vadim Nareyko.
The meaning of decentralization. Vadim Nareyko.Vadim Nareyko
 
"Cyber crime- how to combat the menace"
"Cyber crime- how to combat the menace""Cyber crime- how to combat the menace"
"Cyber crime- how to combat the menace"Dr. Sushma N Jogan
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Chapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyChapter 4 E-Safety and Health & Safety
Chapter 4 E-Safety and Health & SafetyAnjan Mahanta
 
Risk Factory: Top 10 Risks 2013
Risk Factory: Top 10 Risks 2013Risk Factory: Top 10 Risks 2013
Risk Factory: Top 10 Risks 2013Risk Crew
 
CTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina BuettiCTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina Buettisegughana
 
Learning Center Results 2009
Learning Center Results 2009Learning Center Results 2009
Learning Center Results 2009Lindamood-Bell Learning Processes
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowskisegughana
 
CTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-OramCTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-Oramsegughana
 
Father's day 2011
Father's day 2011Father's day 2011
Father's day 2011Brian Salisbury
 
AC&M Consulting: Russian mobile VAS market 1Q2011
AC&M Consulting: Russian mobile VAS market 1Q2011AC&M Consulting: Russian mobile VAS market 1Q2011
AC&M Consulting: Russian mobile VAS market 1Q2011Procontent.Ru Magazine
 
CTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John CarrCTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John Carrsegughana
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Glorisosegughana
 
Chapter 6 effects of ict on society
Chapter 6 effects of ict on societyChapter 6 effects of ict on society
Chapter 6 effects of ict on societyPratik Gupta
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 
MobileMiner and NervousNet
MobileMiner and NervousNetMobileMiner and NervousNet
MobileMiner and NervousNetkingsBSD
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud ComputingMitesh Katira
 
Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin
 
Brooks18
Brooks18Brooks18
Brooks18Chuck Brooks
 
The Future is Here
The Future is HereThe Future is Here
The Future is HereJeff Bramwell
 
Botnet
BotnetBotnet
BotnetJoshin Gomez
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Aniq Eastrarulkhair
 
BOTLAB excersise
BOTLAB excersiseBOTLAB excersise
BOTLAB excersiseAnthony Stamm
 
How to stop and apocalypse with second hand laptops and Open Source Software.
How to stop and apocalypse with second hand laptops and Open Source Software.How to stop and apocalypse with second hand laptops and Open Source Software.
How to stop and apocalypse with second hand laptops and Open Source Software.Emerson Tan
 
Botnets
BotnetsBotnets
BotnetsKavisha Miyan
 
Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Eoin Keary
 

More Related Content

Viewers also liked

CTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina BuettiCTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina Buettisegughana
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowskisegughana
 
CTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-OramCTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-Oramsegughana
 
AC&M Consulting: Russian mobile VAS market 1Q2011
AC&M Consulting: Russian mobile VAS market 1Q2011AC&M Consulting: Russian mobile VAS market 1Q2011
AC&M Consulting: Russian mobile VAS market 1Q2011Procontent.Ru Magazine
 
CTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John CarrCTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John Carrsegughana
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Glorisosegughana
 

Viewers also liked (8)

CTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina BuettiCTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina Buetti
 
Learning Center Results 2009
Learning Center Results 2009Learning Center Results 2009
Learning Center Results 2009
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowski
 
CTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-OramCTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-Oram
 
Father's day 2011
Father's day 2011Father's day 2011
Father's day 2011
 
AC&M Consulting: Russian mobile VAS market 1Q2011
AC&M Consulting: Russian mobile VAS market 1Q2011AC&M Consulting: Russian mobile VAS market 1Q2011
AC&M Consulting: Russian mobile VAS market 1Q2011
 
CTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John CarrCTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John Carr
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
 

Similar to DDoS Attacks Explained: Causes, Defenses and Solutions

Chapter 6 effects of ict on society
Chapter 6 effects of ict on societyChapter 6 effects of ict on society
Chapter 6 effects of ict on societyPratik Gupta
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 
MobileMiner and NervousNet
MobileMiner and NervousNetMobileMiner and NervousNet
MobileMiner and NervousNetkingsBSD
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud ComputingMitesh Katira
 
Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Aniq Eastrarulkhair
 
How to stop and apocalypse with second hand laptops and Open Source Software.
How to stop and apocalypse with second hand laptops and Open Source Software.How to stop and apocalypse with second hand laptops and Open Source Software.
How to stop and apocalypse with second hand laptops and Open Source Software.Emerson Tan
 
Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Eoin Keary
 
Digital revolution with Cloud computing
Digital revolution with Cloud computingDigital revolution with Cloud computing
Digital revolution with Cloud computingTarry Singh
 
Bots and malware
Bots and malwareBots and malware
Bots and malwareDoron Segal
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Bruce Wolfe
 
Web security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionWeb security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionEoin Keary
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationuisgslide
 

Similar to DDoS Attacks Explained: Causes, Defenses and Solutions (20)

Chapter 6 effects of ict on society
Chapter 6 effects of ict on societyChapter 6 effects of ict on society
Chapter 6 effects of ict on society
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crime
 
MobileMiner and NervousNet
MobileMiner and NervousNetMobileMiner and NervousNet
MobileMiner and NervousNet
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 
Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-keary
 
Brooks18
Brooks18Brooks18
Brooks18
 
The Future is Here
The Future is HereThe Future is Here
The Future is Here
 
Botnet
BotnetBotnet
Botnet
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1
 
BOTLAB excersise
BOTLAB excersiseBOTLAB excersise
BOTLAB excersise
 
How to stop and apocalypse with second hand laptops and Open Source Software.
How to stop and apocalypse with second hand laptops and Open Source Software.How to stop and apocalypse with second hand laptops and Open Source Software.
How to stop and apocalypse with second hand laptops and Open Source Software.
 
Botnets
BotnetsBotnets
Botnets
 
Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...
 
Digital revolution with Cloud computing
Digital revolution with Cloud computingDigital revolution with Cloud computing
Digital revolution with Cloud computing
 
Bots and malware
Bots and malwareBots and malware
Bots and malware
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?
 
Web security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionWeb security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud version
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentation
 

More from segughana

CTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-KattaniCTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-Kattanisegughana
 
CTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-ReportCTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-Reportsegughana
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Borensegughana
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhousesegughana
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Wardsegughana
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johansonsegughana
 
CTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip VictorCTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip Victorsegughana
 
CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Wardsegughana
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpsonsegughana
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francissegughana
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwesegughana
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crainsegughana
 
CTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael KatunduCTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael Katundusegughana
 
CTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe TorresCTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe Torressegughana
 
CTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will GardnerCTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will Gardnersegughana
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesingsegughana
 
CTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamsCTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamssegughana
 
CTO-Cybersecurity-Forum2010-Thomas-Machdonogh
CTO-Cybersecurity-Forum2010-Thomas-MachdonoghCTO-Cybersecurity-Forum2010-Thomas-Machdonogh
CTO-Cybersecurity-Forum2010-Thomas-Machdonoghsegughana
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmannsegughana
 

More from segughana (20)

CTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-KattaniCTO-Cybersecurity-2010-Mohamed-El-Kattani
CTO-Cybersecurity-2010-Mohamed-El-Kattani
 
CTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-ReportCTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-Report
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Boren
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouse
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Ward
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johanson
 
CTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip VictorCTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip Victor
 
CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Ward
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francis
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwe
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernando
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crain
 
CTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael KatunduCTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael Katundu
 
CTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe TorresCTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe Torres
 
CTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will GardnerCTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will Gardner
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesing
 
CTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamsCTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliams
 
CTO-Cybersecurity-Forum2010-Thomas-Machdonogh
CTO-Cybersecurity-Forum2010-Thomas-MachdonoghCTO-Cybersecurity-Forum2010-Thomas-Machdonogh
CTO-Cybersecurity-Forum2010-Thomas-Machdonogh
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmann
 

Recently uploaded

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 

Recently uploaded (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 

DDoS Attacks Explained: Causes, Defenses and Solutions

  • 1. DDoS  the  problem?   john.crain@icann.org  
  • 2. What  is  DDoS?   •  “Distributed  Denial  of  Service  A>ack”   –  Uses  mulBple  hosts  on  the  Internet  to  focus  traffic   against  one  or    more  targets.   –  MulBple  can  mean  100’s  of  machine  but  could   also  mean  millions   –  Generates  more  traffic  than  the  target  can  handle,   hence  denying  service  to  legiBmate  traffic  
  • 4. Just  a  small  sample  of  targets   •  2002  Root  Servers  a>acked   •  ……   •  2006  CafePress   •  2007  Estonia   •  2008  Scientology   •  2009  Twi>er   •  2010  Austalia’s  Parliament  House   •  2011  …..  ?  ?  ?  
  • 5. BotNets  are  a  big  Problem   •  You  can  not  talk  about  DDoS  without   menBoning  the  hijacked  machines  that  are   used  in  the  a>acks!   •  Viruses/Worms  etc.  are  used  to  enable  control   of  poorly  secured  machines.     •  Can  be  spread  in  numerous  ways.  
  • 6. How  big  is  the  BotNet  Problem?   •  We  don’t  really  know     –  Seriously!  That  is  a  sign  of  how  bad  it  is..   •  One  BotNet  is  Conficker:   –  We  can  measure  +/-­‐  6  million  unique  IP  addresses   showing  conficker  infecBons  globally….     –  However  that  does  not  count  individual  infecBons   behind  firewalls..  The  Chinese  say  that  they  see  18   million  conficker  infecBons  every  month!   Source:  h>p://www.confickerworkinggroup.org/  and  h>p://www.china.org.cn/government/whitepaper/node_7093508.htm  
  • 7. Can  you  defend  against  this?   •  You  can  provision  to  deal  with  low  level   a>acks.  (bandwitdth,  system  resources)   •  You  can  have  processes  in  place  to  push  back   on  a>acks.  (Filtering  at  upstreams)   •  This  is  an  arms  raise,  one  where  we  pay  for   our  resources  but  the  “bad  guys”  don’t    
  • 8. •  Infected  machines  are  not  just  used  for  DDoS,     -­‐  Also  used  to  collect,  store  and  move  data.   -­‐  (Including  peoples  IdenBBes,  money  and  other   sensiBve  data)   •  If  someone  owns  your  machine  they  can  do   anything  with  it  that  you  can  do  including   some  things  you  would  never  think  of  doing  
  • 9.          “fight  the  disease  not  the  symptoms”   •  We  cannot  remove  the  threat  of  DDoS  unless   we  tackle  the  issues  that  allow  for  BotNets.   •  If  we  are  seeing  millions  of  machines  infected   then  clearly  the  way  we  are  currently  doing   things  is  not  working      
  • 10.        User  awareness  and  computer  hygiene  needs   to  be  drasBcally  improved.  That  means  more   educaBon  and  be>er  user  tools.    We  must  find  ways  to  make  cybercrime  less   rewarding  and    much  higher  risk.            This  is  no  different  to  real  world  crime  problems!  
  • 11. Thank  You   John  Crain   Senior  Director,     Security  Stability  and  Resiliency   ICANN   john.crain@icann.org