0
DDoS	  the	  problem?	    john.crain@icann.org	  
What	  is	  DDoS?	  •  “Distributed	  Denial	  of	  Service	  A>ack”	     –  Uses	  mulBple	  hosts	  on	  the	  Internet	...
Source:	  www.sans.org	  
Just	  a	  small	  sample	  of	  targets	  •    2002	  Root	  Servers	  a>acked	  •    ……	  •    2006	  CafePress	  •    2...
BotNets	  are	  a	  big	  Problem	  •  You	  can	  not	  talk	  about	  DDoS	  without	     menBoning	  the	  hijacked	  m...
How	  big	  is	  the	  BotNet	  Problem?	  •  We	  don’t	  really	  know	  	      –  Seriously!	  That	  is	  a	  sign	  ...
Can	  you	  defend	  against	  this?	  •  You	  can	  provision	  to	  deal	  with	  low	  level	     a>acks.	  (bandwitdt...
•  Infected	  machines	  are	  not	  just	  used	  for	  DDoS,	  	      -­‐  Also	  used	  to	  collect,	  store	  and	  m...
 	  	  	  	  “fight	  the	  disease	  not	  the	  symptoms”	  •  We	  cannot	  remove	  the	  threat	  of	  DDoS	  unless	 ...
 	  	  	  User	  awareness	  and	  computer	  hygiene	  needs	                 to	  be	  drasBcally	  improved.	  That	  m...
Thank	  You	  John	  Crain	  Senior	  Director,	  	  Security	  Stability	  and	  Resiliency	  ICANN	  john.crain@icann.or...
Upcoming SlideShare
Loading in...5
×

CTO-Cybersecurity-Forum-2010-JohnCrain-Ddos

252

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
252
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "CTO-Cybersecurity-Forum-2010-JohnCrain-Ddos"

  1. 1. DDoS  the  problem?   john.crain@icann.org  
  2. 2. What  is  DDoS?  •  “Distributed  Denial  of  Service  A>ack”   –  Uses  mulBple  hosts  on  the  Internet  to  focus  traffic   against  one  or    more  targets.   –  MulBple  can  mean  100’s  of  machine  but  could   also  mean  millions   –  Generates  more  traffic  than  the  target  can  handle,   hence  denying  service  to  legiBmate  traffic  
  3. 3. Source:  www.sans.org  
  4. 4. Just  a  small  sample  of  targets  •  2002  Root  Servers  a>acked  •  ……  •  2006  CafePress  •  2007  Estonia  •  2008  Scientology  •  2009  Twi>er  •  2010  Austalia’s  Parliament  House  •  2011  …..  ?  ?  ?  
  5. 5. BotNets  are  a  big  Problem  •  You  can  not  talk  about  DDoS  without   menBoning  the  hijacked  machines  that  are   used  in  the  a>acks!  •  Viruses/Worms  etc.  are  used  to  enable  control   of  poorly  secured  machines.    •  Can  be  spread  in  numerous  ways.  
  6. 6. How  big  is  the  BotNet  Problem?  •  We  don’t  really  know     –  Seriously!  That  is  a  sign  of  how  bad  it  is..  •  One  BotNet  is  Conficker:   –  We  can  measure  +/-­‐  6  million  unique  IP  addresses   showing  conficker  infecBons  globally….     –  However  that  does  not  count  individual  infecBons   behind  firewalls..  The  Chinese  say  that  they  see  18   million  conficker  infecBons  every  month!   Source:  h>p://www.confickerworkinggroup.org/  and  h>p://www.china.org.cn/government/whitepaper/node_7093508.htm  
  7. 7. Can  you  defend  against  this?  •  You  can  provision  to  deal  with  low  level   a>acks.  (bandwitdth,  system  resources)  •  You  can  have  processes  in  place  to  push  back   on  a>acks.  (Filtering  at  upstreams)  •  This  is  an  arms  raise,  one  where  we  pay  for   our  resources  but  the  “bad  guys”  don’t    
  8. 8. •  Infected  machines  are  not  just  used  for  DDoS,     -­‐  Also  used  to  collect,  store  and  move  data.   -­‐  (Including  peoples  IdenBBes,  money  and  other   sensiBve  data)  •  If  someone  owns  your  machine  they  can  do   anything  with  it  that  you  can  do  including   some  things  you  would  never  think  of  doing  
  9. 9.          “fight  the  disease  not  the  symptoms”  •  We  cannot  remove  the  threat  of  DDoS  unless   we  tackle  the  issues  that  allow  for  BotNets.  •  If  we  are  seeing  millions  of  machines  infected   then  clearly  the  way  we  are  currently  doing   things  is  not  working      
  10. 10.        User  awareness  and  computer  hygiene  needs   to  be  drasBcally  improved.  That  means  more   educaBon  and  be>er  user  tools.    We  must  find  ways  to  make  cybercrime  less   rewarding  and    much  higher  risk.            This  is  no  different  to  real  world  crime  problems!  
  11. 11. Thank  You  John  Crain  Senior  Director,    Security  Stability  and  Resiliency  ICANN  john.crain@icann.org  
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×