CTO-Cybersecurity-Forum-2010-JohnCrain-Ddos

  • 222 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
222
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
2
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. DDoS  the  problem?   john.crain@icann.org  
  • 2. What  is  DDoS?  •  “Distributed  Denial  of  Service  A>ack”   –  Uses  mulBple  hosts  on  the  Internet  to  focus  traffic   against  one  or    more  targets.   –  MulBple  can  mean  100’s  of  machine  but  could   also  mean  millions   –  Generates  more  traffic  than  the  target  can  handle,   hence  denying  service  to  legiBmate  traffic  
  • 3. Source:  www.sans.org  
  • 4. Just  a  small  sample  of  targets  •  2002  Root  Servers  a>acked  •  ……  •  2006  CafePress  •  2007  Estonia  •  2008  Scientology  •  2009  Twi>er  •  2010  Austalia’s  Parliament  House  •  2011  …..  ?  ?  ?  
  • 5. BotNets  are  a  big  Problem  •  You  can  not  talk  about  DDoS  without   menBoning  the  hijacked  machines  that  are   used  in  the  a>acks!  •  Viruses/Worms  etc.  are  used  to  enable  control   of  poorly  secured  machines.    •  Can  be  spread  in  numerous  ways.  
  • 6. How  big  is  the  BotNet  Problem?  •  We  don’t  really  know     –  Seriously!  That  is  a  sign  of  how  bad  it  is..  •  One  BotNet  is  Conficker:   –  We  can  measure  +/-­‐  6  million  unique  IP  addresses   showing  conficker  infecBons  globally….     –  However  that  does  not  count  individual  infecBons   behind  firewalls..  The  Chinese  say  that  they  see  18   million  conficker  infecBons  every  month!   Source:  h>p://www.confickerworkinggroup.org/  and  h>p://www.china.org.cn/government/whitepaper/node_7093508.htm  
  • 7. Can  you  defend  against  this?  •  You  can  provision  to  deal  with  low  level   a>acks.  (bandwitdth,  system  resources)  •  You  can  have  processes  in  place  to  push  back   on  a>acks.  (Filtering  at  upstreams)  •  This  is  an  arms  raise,  one  where  we  pay  for   our  resources  but  the  “bad  guys”  don’t    
  • 8. •  Infected  machines  are  not  just  used  for  DDoS,     -­‐  Also  used  to  collect,  store  and  move  data.   -­‐  (Including  peoples  IdenBBes,  money  and  other   sensiBve  data)  •  If  someone  owns  your  machine  they  can  do   anything  with  it  that  you  can  do  including   some  things  you  would  never  think  of  doing  
  • 9.          “fight  the  disease  not  the  symptoms”  •  We  cannot  remove  the  threat  of  DDoS  unless   we  tackle  the  issues  that  allow  for  BotNets.  •  If  we  are  seeing  millions  of  machines  infected   then  clearly  the  way  we  are  currently  doing   things  is  not  working      
  • 10.        User  awareness  and  computer  hygiene  needs   to  be  drasBcally  improved.  That  means  more   educaBon  and  be>er  user  tools.    We  must  find  ways  to  make  cybercrime  less   rewarding  and    much  higher  risk.            This  is  no  different  to  real  world  crime  problems!  
  • 11. Thank  You  John  Crain  Senior  Director,    Security  Stability  and  Resiliency  ICANN  john.crain@icann.org