Your SlideShare is downloading. ×
Distributed Denial Of Service Introduction
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Distributed Denial Of Service Introduction

347
views

Published on

presentation on DDoS and potential countermeasures for enterprise applications.

presentation on DDoS and potential countermeasures for enterprise applications.

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
347
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Distributed Denial of Service attacks (DDoS) 101
  • 2. AGENDA ry to is H Pr o What is it? Next Step s Ba sic te ct ion ed nc va ion Ad ct te ro P
  • 3. s ple m Exa DNS root servers attacked 2002 DNS attacks Estonia attacks 2007 commercial targets 2010 2012
  • 4. t? is i hat W too many requests...can t handle * this actually happened at a CCC congress in Berlin
  • 5. t? is i hat W L2 application L2 infrastructure L1 backup infrastructure L1 Level 1 : Network-based (D)DoS Level 2 : Application-level (D)DoS Level 2 : Economic (D)DoS Process (D)DoS L2
  • 6. t? is i hat W c c c c c c c c c c c c c c some terminology: •node •command&control •recruitment •attrition •rate of growth/decay: @ L1 infrastucture main s s backup s s s s
  • 7. t? is i hat W L2 application db server server db web server db <?xml version="1.0"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz>&lol9;</lolz> app app
  • 8. c asi B tion ec rot P c c c c c c c c c c c c c c CDN @ content distribution network + no hardware limitations + no bandwidth limits + intelligence ISP main ON PREMISE backup s s s s - hardware limitations + (some) control over bandwidth + increased ‘intelligence’ s s - hardware limitations - no control over bandwidth - limited ‘intelligence’
  • 9. d nce dva A tion ec rot P Web Application Firewall db server server web server db db app secure config secure config - cloud - devops centralized mgmt secure config app SDLC secure config
  • 10. DN L SS S d nce dva A tion ec rot P APP XML
  • 11. t Nex ? eps St process Incident Response • Prepare • Integrate service providers • “know your enemy” During an attack • Containment • Communications • Business Continuity After the attack • Return to normal operations • lessons learned • forensics
  • 12. t Nex ? eps St quick wins ★ Build standard security components ★ encryption ★ AuthN/AuthZ ★ Logging ★ Input/Output validation ★ ... ★ Automate standardized processes (leverage tech) ★ deployment (including vuln scanning) ★ load balancing
  • 13. Q&A
  • 14. some terminology: •node •a computer recruited to the botnet and controlled by the botnet owner. •command&control (C2) •a central authority controlling the botnet, providing the nodes with instructions. •recruitment •the methods used by the botnet owner to add nodes to his botnet. •attrition •the loss of nodes from the botnet. •rate of growth/decay: size + recruitment - attrition