Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DDoS - unstoppable menace


Published on

DDoS myths and mitigation

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DDoS - unstoppable menace

  1. 1. DDoS : The menace By Aravind Anbazhagan
  2. 2. Outline ● What is DoS/DDoS ? ● Why DDoS is a popular choice ? ● What is the motive behind the attacks ? ● Potential DDoS targets ● Impact of DDoS attack ● Myths in DDoS protection ● DDoS mitigation techniques
  3. 3. Why DDoS is a popular choice ? ● DDoS tools are readily available (hping,juno,Trinoo,StachleDraht,LOIC) ● DDOS is being offerd as a service at a low cost ● Botnets are available for hire to launch a DDoS attack ● Many organizations do not apply any form of DDOS protection ● DDOS solutions are not able to detect all types of attacks ● Difficult for Security professionals to traceback the source of the attack due to spoofed IP address and covert channels ● Organizations rely entirely on ISP for DDOS protection without considering an on premise solution
  4. 4. What is the motive behind DDoS attack ? ● Hacktivism (ideological and political differences) to gain media attention ● Ransom/Extortion ● Take down a competitive player in an online game (host booting) ● Disgruntled customer or former employee ● To divert attention from the real attack or keep the incidence responce team busy ● Cause loss in revenue ● spoil brand reputation ● Boredom ● Annoyance ● Revenge
  5. 5. Potential DDoS targets
  6. 6. Impact of DDoS attack ● Loss of revenue ● Organization reputation damage ● E-commerce credibility ● Lost Productivity ● Contractual Violations ● Incident handling and recovery costs ● Disatisfied customers
  7. 7. Types Of DDoS attacks ● Volumetric attack (magnitude are measured in bits per second (Bps)) SYN flood UDP flood ICMP/Ping flood ● Protocol Attacks (magnitude is measured in Packets per second (PPS)) Ping of death Smurf attack Fragmented packet attack ● Application attack (magnitude are measured in Requests per second (Rps)) HTTP Get (Tools : LOIC (Low Orbit Ion Canon),HULK (HTTP Unbearable Load King), Slowloris) HTTP POST (Tools : RUDY (R-U-Dead-Yet), Tor's Hammer) DNS flood
  8. 8. Myths in DDoS protection ● It only happens for others ! ● Firewalls and IDS will protect me from DDoS ● Software fixes can solve DDoS attack issues ● IPTables can stop DDoS attacks ● ISP or Webhost will take care of DDoS attacks ● ACLs on switches/routers can stop DDoS attacks
  9. 9. DDoS Mitigation techniques ● Have a incidence response plan ready and know whom to contact. ● Monitor to understand normal network traffic and create a baseline. Feed this info to coreleation engine. Ex: Cisco Anamony Detector XT and Arbor Peakflow SP. ● Over provisioning : Buying excess bandwidth or redundant network devices to handle any spikes in demand. ● IP reputation database based blocking : Database contains a list of known or frequest genuine users by IP address ● Geo IP location based blocking : Blocking IP's based on geographical location ● ACL on border routers ● Implement Load balancers ● Aggressive aging of idle connection from the connection table ● Install patches and harden your systems so that they will not be compromised and added to a botnet ● Change default settings and harden the device by disabling unwanted services and ports.
  10. 10. DDoS Mitigation techniques – Cont. ● Implement unicast reverse path forwarding : Stops spoofed IP address by blocking outbound traffic if the IP address does not belong to the same subnet ● Implement TCP Intercept: Protects against TCP SYN flood attack by replying back on behalf of the intended destination. ● Implement high capcity Web Application Firewall (WAF) and IPS ● Rate limiting: Control the rate of traffic sent or received by a network interface controller ● Black Holing/null routing with the aid from ISP: Sending all requests to a non-existent server ● Sink holing: Sends all requests to a logger that logs some statistics and then drops the requests ● Use Clean pipes from ISP or cloud based IP scrubbing to defend against volumetric attacks ● Use dedicated and always on DDoS mitigation appliance ● Implement ingress and egress filtering ● Split services on to different hosts.Dont use a single host as a DNS server and also as a Web server ● For home network, contact ISP and request for dynamic IP address or use VPN
  11. 11. Thank you Questions ?