Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Black alps 2018-folini-d-dos


Published on

Application Level DDoS, the Rise of CDNs and the End of the Free Internet

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Black alps 2018-folini-d-dos

  1. 1. Application Level DoS, The Rise of CDNs And The End of The Free Internet Christian Folini / @ChrFolini
  2. 2. Christian Folini: The Boring Bio • Co-Lead OWASP CRS Project • Author of the ModSecurity Handbook 2ed • Program Chair Swiss Cyber Storm Conf • Vice-President Swiss Cyber Experts Christian Folini / @ChrFolini
  3. 3. Table of Contents • Intro to DoS • DoS Trends • Limits of Traditional Defense Methods • Local Announcement as Alternative • Collateral Damage: The Internet Christian Folini / @ChrFolini Craziness
  4. 4. Confidentiality • Integrity • Availability CIA
  5. 5. CPU • Storage • Bandwidth DoS Targets
  6. 6. Postfinance • Protonmail • Digitec DDoS Attacks in CH
  7. 7. Trend I GROWTH
  8. 8. Trend II Application Level DDoS
  9. 9. Trend III Encryption
  10. 10. Decentralization • Centralization • Consolidation CDNs
  11. 11. Christian Folini / @ChrFolini “In a not-so-distant future, if we're not there already, it may be that if you're going to put content on the Internet you'll need to use a company with a giant network like Cloudflare, Google, Microsoft, Facebook, Amazon, or Alibaba.” Matthew Prince, CEO Cloudflare
  12. 12. “Within 2-3 years, there will be only 2-3 players in the world that are able to withstand the biggest DDoS attacks and protect websites on a global scale.” Damian Menscher, Google, Usenix Enigma Conference, February 2017 Christian Folini / @ChrFolini
  13. 13. “I think we are going to see a future where people will accept to pay money in extortion. It will be part of the costs of doing business. As an alternative, there will be a handful of expensive services that can protect you from DDoS attacks and these services effectively control what new startups will be allowed to operate on the internet.” Dr. Paul Vixie, April 2017 in Zurich Christian Folini / @ChrFolini
  14. 14. Integration • Directories • Encryption Keys CDN Limits
  15. 15. Local Userbase • ACL • Control GeoIP
  16. 16. Size of ACL • Carrier Bandwidth GeoIP Limits
  17. 17. BGP • Peering • No Route Export Local Route Announcement
  18. 18. Jurisdiction • IP Space as Territory • Balkanization Dystopia
  19. 19. • Trend I: DDoS Attacks Are Getting Bigger All The Time • Trend II: More and More Attacks are Application Level DDoS • Trend III: Widspread Use of Encryption Make Defense Harder • CDNs Are Here To Help And They Rule The Internet • Limiting BGP Route Announc. Can Guarantee Ultimate GeoIP • States May Fail To Protect Traffic Outside Their Jurisdictions Christian Folini / @ChrFolini Summary
  20. 20. • • • • • • • • • • Christian Folini / @ChrFolini Sources for Slides (Mostly CC) Christian Folini / @ChrFolini
  21. 21. • • @ChrFolini • Christian Folini / @ChrFolini Thank you for attending my talk