Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DDoS 101: Attack Types and Mitigation

744 views

Published on

Cloudflare protects and accelerates any web property online. We stop hackers from reaching your web property and knocking it offline. In addition, we help your site visitors access your content as fast as possible no matter their location. Join us as we discuss evolving DDoS attack types and trends to be aware about in 2018.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DDoS 101: Attack Types and Mitigation

  1. 1. DDoS 101: Attack types and mitigations
  2. 2. • Launched: 2010 • Offices: 8 (San Francisco, Austin, London, Champaign, IL, Boston, Singapore, Washington, D.C., New York) • Employees: Approximately 500 • Data centres: 120 in 58 countries • Domains: 7 million+; 15,000+ new domains sign up for Cloudflare daily • Percent of Internet (HTTP/S) requests flowing through our network each month: 10 percent • DNS queries: We consistently do around 1.2 million DNS queries per second. That's around 103.68 billion queries per day, and 3.11 trillion queries a month. About us
  3. 3. Contacts David Fenton Regional Sales Manager Australia / New Zealand Mobile: +61 (0) 413 438 412 Email: dfenton@cloudflare.com Manu Sharma Account Manager Australia / New Zealand Mobile: + 61 (0) 422 953 979 Email: manu@cloudflare.com Naveen Singh Solutions Engineer Australia / New Zealand Mobile: +61 (0) 416 428 925 Email: naveen@cloudflare.com
  4. 4. Live Data Center In Progress/Planned 95% of internet users will live in a country with a Cloudflare data center 15 Tbps Capacity and 120 Data Centre Global Footprint ANZ Local PoPs: • Sydney • Brisbane • Melbourne • Perth • Auckland
  5. 5. DDoS Attacks are evolving in size and complexity
  6. 6. OSI model
  7. 7. DDoS attacks per day against Cloudflare customers Graph courtesy of John Graham-Cumming
  8. 8. Cloudflare’s benefits PERFORMANCE CDN Load Balancing Web Optimization SECURITY DDoS WAF SSL Rate Limiting RELIABILITY DNS China INSIGHT Threat Analytics Enterprise logs
  9. 9. Volumetric DNS Flood Bots DNS Server DNS Server Server Amplification (Layer 3 & 4) HTTP Flood (Layer 7) 1 2 Bots 3 Bots Degrades availability and performance of applications, websites, and APIs HTTP Application Application/Login Types of DDoS Attack Traffic
  10. 10. How to perform a DDoS attack Get a cool costume
  11. 11. How to stop a DDoS attack Get an even cooler costume
  12. 12. Mitigations • Volumetric DNS Flood DNS Flood – bad DNS requests are dropped by our large and highly distributed DNS. Cloudflare's anycast DNS will absorb any DNS DDoS attack and keep your DNS up and running all time. • Amplification (Layer 3 & 4) Layer 3,4 and 7 are mitigated through the PoPs Layer 3 is mitigated by IP Reputation database and IP Firewall, for Layer 4 traffic is dropped automatically at the edge node. • HTTP Flood (Layer 7) Layer 7 additional mitigation is provided by the WAF and Rate Limiting. Cloudflare Caching of static assets help offload attack traffic off your origin as well.
  13. 13. Network Architectures (HTTP Traffic) Unicast • Geo-routing done using DNS • Allows for traffic control but can be bypassed • Handover/failover needs DNS cache to expire From seconds to hours Anycast • Geo-routing done using shortest path to a same IP (generally to the geographically closest PoP / the network operators decide) • Immediate failover • Automatic DDOS attack repartition over all our network
  14. 14. Attack Mitigation • Data processing services analyse attack patterns • Finding correlations intelligently • Bad bot detection • HTTP headers/IP Data • Services create rules • Rules deployed to the Cloudflare Edge network • Changes measured
  15. 15. Gatebot!
  16. 16. ● It’s cheaper than ever to run a DDoS Attack ○ Using Botnets with fast household internet ○ Using breached IoT devices (i.e. security cameras) ● Application (Layer 7) attacks are efficient ○ It costs more resources for a web app to load a page than to make a request ● Presentation (Layer 6) attacks can complement ○ Using slow crypto operations to increase damage The Long Tail of DDoS Attacks
  17. 17. David Fenton Regional Sales Manager Australia / New Zealand Mobile: +61 (0) 413 438 412 Email: dfenton@cloudflare.com Manu Sharma Account Manager Australia / New Zealand Mobile: + 61 (0) 422 953 979 Email: manu@cloudflare.com Naveen Singh Solutions Engineer Australia / New Zealand Mobile: +61 (0) 416 428 925 Email: naveen@cloudflare.com

×