Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to Monitor Your Network During a DDoS Attack


Published on

Distributed Denial of Service attacks (DDoS) are getting larger and more sophisticated causing stress on even the largest networks and applications. ThousandEyes helps security and network operations teams to gain in-depth DNS, network and BGP visibility into DDoS events as they’re happening. Reviewing actual DDoS attacks on leading online services, we share how to:

- Visualize impact of an ongoing DDoS Attack.

- Ensure DDoS mitigation is correctly configured and working as expected.

- Provide insight into your DDoS vendor's performance, including isolating specific scrubbing centers that may be problematic.

Watch the recorded webinar with live demo here:

Published in: Technology
  • Be the first to comment

  • Be the first to like this

How to Monitor Your Network During a DDoS Attack

  1. 1. Monitoring Your Network During a DDoS Attack Archana Kesavan, Product Marketing Manager
  2. 2. 1 About ThousandEyes ThousandEyes delivers visibility into every network your organization relies on. Founded by network experts; strong investor backing Relied on for critical operations by leading enterprises Recognized as an innovative new approach 31 Fortune 500 5 top 5 SaaS Companies 4 top 6 US Banks
  3. 3. 2 • Saturate bandwidth of the target. • Amplification attacks. • Easy to generate. • Examples: TCP Flood, NTP Amplification Distributed Denial of Service • Target Layer 7 of the protocol stack • Monopolize application transactions • Sophisticated & challenging • Examples: HTTP Flood, Attack on DNS Volumetric Application • Exploit a Layer 3 or Layer 4 weakness • Consume processing capacity of the target • Examples: Syn Flood, Ping of Death Protocol
  4. 4. 3 Impact of DDoS Attacks • The target of the attack. – Attacking critical infrastructure can bring down the entire Internet – Load-balancer/firewalls • The type of attack. • Network architecture • Anycast networks are more resilient • Redundancy • Mitigation strategies Well, it depends!
  5. 5. 4 Visibility Across Critical Services Enterprise Agents Branch Data Center Hosting / SaaS Provider ConsumersCloud Agents Internet Visibility across ISPs, DNS, online DDOS mitigation, and corporate networks
  6. 6. 5 Mitigation Strategy 1:On-Premise Chicago, IL YourBank.comLondon Tokyo Atlanta Portland, OR Sydney Appliance at network edge monitors and mitigates application-layer attacks Internet EnterpriseOn-Premises DDoS Mitigation Appliance
  7. 7. 6 Mitigation Strategy 2: ISP Collaboration Chicago, IL YourBank.comLondon Tokyo Atlanta Portland, OR Sydney Attack traffic is routed by ISPs to a remote-triggered black hole Internet EnterpriseRemote-Triggered Black Hole ISP 1 ISP 2
  8. 8. 7 Mitigation Strategy 3: Cloud-based Chicago, IL London Tokyo Atlanta Portland, OR Sydney Traffic is rerouted, using DNS or BGP, to cloud-based scrubbing centers and ‘real’ traffic is routed back to your network Internet EnterpriseScrubbing Center
  9. 9. 8 Monitor For DDoS Attacks Global Availability Layered Error Detection Identify Bottlenecks Mitigation Performance
  10. 10. 9 Demo
  11. 11. 10 Understand Global Availability and Faults Availability dip to 0% Global Availability Issues Problems at TCP connection and HTTP receive phases
  12. 12. 11 Understand Network Connectivity Metrics Loss, latency & jitter Loss during the height of attack
  13. 13. 12 Find Congested Nodes and Links Bank website under attackPacket loss in upstream ISPs High packet loss from all testing points
  14. 14. 13 Monitor and Visualize Mitigation Performance Highlighted nodes indicate mitigation vendor networks Search for specific networks Quickly select interesting data points
  15. 15. 14 Confirm Mitigation Handoff Using BGP New Autonomous System (Verisign) Prior autonomous system (HSBC) Mitigation vendor in the forefront of the attack by altering BGP routes to Bank’s prefix under attack
  16. 16. 15 See what you’re missing. Watch the webinar