SlideShare a Scribd company logo

PLNOG19 - Sławomir Janukowicz - Zestaw uzbrojenia na wyposażeniu wykonujących ataki DDoS

PROIDEA
PROIDEA

Przedstawiony zostanie zestaw ataków stosowanych obecnie w kampaniach DDoS. Jakie narzędzia są stosowane najczęściej, jakie sporadycznie. Pokazane zostanie, które elementy architektury sieciowej mogą zostać zaatakowane i z jakim skutkiem.

Software
1 of 19
Download to read offline
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY Zestaw uzbrojenia na wyposażeniu wykonujących ataki DDoS Sławomir Janukowicz sjanukowicz@arbor.net +48734453354
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 2 INFORMATION SOURCE ARBOR ATLAS
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 3 Poland max pps 0 5 10 15 20 25 30 35 40 45 50 2016 September 2016 October 2016 November 2016 December 2017 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August MAX Mpps
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 4 Poland max bandwidth 0 20 40 60 80 100 120 140 160 180 200 2016 September 2016 October 2016 November 2016 December 2017 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August MAX Gbps
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 5 Poland UDP over 6 minutes and over 1Gbps 0 200 400 600 800 1000 1200 1400 1600 1800 2000 2016 September 2016 October 2016 November 2016 December 2017 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August events per month
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 6 Poland NTP or DNS amplification over 6 minutes and over 1Gbps 0 20 40 60 80 100 120 140 160 2016 September 2016 October 2016 November 2016 December 2017 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August events per month
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 7 Poland TCP SYN over 6 minutes and over 100kpps 0 50 100 150 200 250 300 2016 September 2016 October 2016 November 2016 December 2017 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August events per month
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 8 Poland TCP RST over 6 minutes over 100kpps 0 5 10 15 20 25 30 35 40 45 2016 September 2016 October 2016 November 2016 December 2017 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August events per month
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 9 WHY
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 10 Attacks reasons 63 42 38 32 30 29 26 25 24 24 19 19 13 11 0 10 20 30 40 50 60 70
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 11 TOOLS
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 12 Google and some cash • Magic world “Network stresser” • Sign for service and pick your target
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 13 str3ssed.me
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 14 Social network • Low Orbit Ion Cannon • High Orbit Ion Cannon
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 15 Advanced ones • TCP ACK attacks • For packets generator each packet type is the same processing power • For firewall (for example) dropping UDP with random ports or dropping TCP ACK for open service – big difference
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 16 Unprecedented DDoS attack sizes IoT: Mirai 2016 Mirai infections December 2016 • 1M login attempts from 11/29 to 12/12 from 92K unique IP addresses • More than 1 attempt per minute in some regions
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 17 https://hdwallsbox.com/army-undead-fantasy-art-armor-skeletons-artwork-warriors-wallpaper-122347/ Game of Thrones 2011 IoT: Mirai next gen • The Zombie horde A single infected Windows computer has now the capability to infect and subvert the ”innocent” IoT population into zombies, all under the control of the attacker. • The attackers weapon arsenal The attacker can now use the zombies to: 1. Infect other IoT devices. 2. Launch outbound attacks against external targets. 3. Perform reconnaissance on internal networks, followed by targeted attacks against internal targets.
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 18 Call from inside the house • More attack options • Reflection attacks using UDP packets with spoofed source IP addresses • Application level attacks (HTTP/SIP attacks). • Pseudo random DNS label prefix attacks against DNS servers. • This attack traffic will quickly fill up any internal WAN links and will also will cause havoc with any stateful device on the path, including NGFWs.
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY Q&A / THANK YOU 19 Contact Information: Sławomir Janukowicz sjanukowicz@arbor.net +48734453354

Recommended

Tech w22
Tech w22Tech w22
Tech w22SelectedPresentations
 
Encode club introduction_to_libp2p
Encode club introduction_to_libp2pEncode club introduction_to_libp2p
Encode club introduction_to_libp2pVanessa Lošić
 
Decentralized possibilities with filecoin & ipfs_encode filecoin club
Decentralized possibilities with filecoin & ipfs_encode filecoin clubDecentralized possibilities with filecoin & ipfs_encode filecoin club
Decentralized possibilities with filecoin & ipfs_encode filecoin clubKlaraOrban
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Cloud Security - Product Overview
Cloud Security - Product OverviewCloud Security - Product Overview
Cloud Security - Product OverviewKenneth Chiu
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation J Hartig
 
Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018African Cyber Security Summit
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)DefCamp
 

Recommended

Tech w22
Tech w22Tech w22
Tech w22SelectedPresentations
 
Encode club introduction_to_libp2p
Encode club introduction_to_libp2pEncode club introduction_to_libp2p
Encode club introduction_to_libp2pVanessa Lošić
 
Decentralized possibilities with filecoin & ipfs_encode filecoin club
Decentralized possibilities with filecoin & ipfs_encode filecoin clubDecentralized possibilities with filecoin & ipfs_encode filecoin club
Decentralized possibilities with filecoin & ipfs_encode filecoin clubKlaraOrban
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Cloud Security - Product Overview
Cloud Security - Product OverviewCloud Security - Product Overview
Cloud Security - Product OverviewKenneth Chiu
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation J Hartig
 
Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018African Cyber Security Summit
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)DefCamp
 
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoMyNOG
 
SV-IoT Meetup!
SV-IoT Meetup!SV-IoT Meetup!
SV-IoT Meetup!Soracom Global, Inc.
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksAcquia
 
Engineering the IoT at AWS - IOT402 - re:Invent 2017
Engineering the IoT at AWS - IOT402 - re:Invent 2017Engineering the IoT at AWS - IOT402 - re:Invent 2017
Engineering the IoT at AWS - IOT402 - re:Invent 2017Amazon Web Services
 
Seguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataSeguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataCristian Garcia G.
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016Qrator Labs
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Wallarm
 
API WORLD 2017: Workshop - APIs for Cloud Connectivity and Device Management
API WORLD 2017: Workshop - APIs for Cloud Connectivity and Device Management API WORLD 2017: Workshop - APIs for Cloud Connectivity and Device Management
API WORLD 2017: Workshop - APIs for Cloud Connectivity and Device Management Soracom Global, Inc.
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud securityZscaler
 
Small Cell Forum: Security Briefing
Small Cell Forum: Security BriefingSmall Cell Forum: Security Briefing
Small Cell Forum: Security BriefingSmall Cell Forum
 
Accelerating IoT Development: Developerweek SF 2018
Accelerating IoT Development: Developerweek SF 2018Accelerating IoT Development: Developerweek SF 2018
Accelerating IoT Development: Developerweek SF 2018Soracom Global, Inc.
 
IoT, computer intelligence and javascript in the physical world
IoT, computer intelligence and javascript in the physical worldIoT, computer intelligence and javascript in the physical world
IoT, computer intelligence and javascript in the physical worldIvo Andreev
 
GraphQL distribution
GraphQL distributionGraphQL distribution
GraphQL distributionJakub Riedl
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Spoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized InternetSpoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized InternetAPNIC
 
DDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetDDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetTom Paseka
 
Bridgera enterprise IoT security
Bridgera enterprise IoT securityBridgera enterprise IoT security
Bridgera enterprise IoT securityRon Pascuzzi
 
BlackStor - World's fastest & most reliable Cloud Native Software Defined Sto...
BlackStor - World's fastest & most reliable Cloud Native Software Defined Sto...BlackStor - World's fastest & most reliable Cloud Native Software Defined Sto...
BlackStor - World's fastest & most reliable Cloud Native Software Defined Sto...Michal Němec
 
The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.All Things Open
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 

More Related Content

Similar to PLNOG19 - Sławomir Janukowicz - Zestaw uzbrojenia na wyposażeniu wykonujących ataki DDoS

The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoMyNOG
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksAcquia
 
Engineering the IoT at AWS - IOT402 - re:Invent 2017
Engineering the IoT at AWS - IOT402 - re:Invent 2017Engineering the IoT at AWS - IOT402 - re:Invent 2017
Engineering the IoT at AWS - IOT402 - re:Invent 2017Amazon Web Services
 
Seguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataSeguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataCristian Garcia G.
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016Qrator Labs
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Wallarm
 
API WORLD 2017: Workshop - APIs for Cloud Connectivity and Device Management
API WORLD 2017: Workshop - APIs for Cloud Connectivity and Device Management API WORLD 2017: Workshop - APIs for Cloud Connectivity and Device Management
API WORLD 2017: Workshop - APIs for Cloud Connectivity and Device Management Soracom Global, Inc.
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud securityZscaler
 
Small Cell Forum: Security Briefing
Small Cell Forum: Security BriefingSmall Cell Forum: Security Briefing
Small Cell Forum: Security BriefingSmall Cell Forum
 
Accelerating IoT Development: Developerweek SF 2018
Accelerating IoT Development: Developerweek SF 2018Accelerating IoT Development: Developerweek SF 2018
Accelerating IoT Development: Developerweek SF 2018Soracom Global, Inc.
 
IoT, computer intelligence and javascript in the physical world
IoT, computer intelligence and javascript in the physical worldIoT, computer intelligence and javascript in the physical world
IoT, computer intelligence and javascript in the physical worldIvo Andreev
 
GraphQL distribution
GraphQL distributionGraphQL distribution
GraphQL distributionJakub Riedl
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Spoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized InternetSpoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized InternetAPNIC
 
DDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetDDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetTom Paseka
 
Bridgera enterprise IoT security
Bridgera enterprise IoT securityBridgera enterprise IoT security
Bridgera enterprise IoT securityRon Pascuzzi
 
BlackStor - World's fastest & most reliable Cloud Native Software Defined Sto...
BlackStor - World's fastest & most reliable Cloud Native Software Defined Sto...BlackStor - World's fastest & most reliable Cloud Native Software Defined Sto...
BlackStor - World's fastest & most reliable Cloud Native Software Defined Sto...Michal Němec
 
The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.All Things Open
 

Similar to PLNOG19 - Sławomir Janukowicz - Zestaw uzbrojenia na wyposażeniu wykonujących ataki DDoS (20)

The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
 
SV-IoT Meetup!
SV-IoT Meetup!SV-IoT Meetup!
SV-IoT Meetup!
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS Attacks
 
Engineering the IoT at AWS - IOT402 - re:Invent 2017
Engineering the IoT at AWS - IOT402 - re:Invent 2017Engineering the IoT at AWS - IOT402 - re:Invent 2017
Engineering the IoT at AWS - IOT402 - re:Invent 2017
 
Seguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataSeguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable Data
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017
 
API WORLD 2017: Workshop - APIs for Cloud Connectivity and Device Management
API WORLD 2017: Workshop - APIs for Cloud Connectivity and Device Management API WORLD 2017: Workshop - APIs for Cloud Connectivity and Device Management
API WORLD 2017: Workshop - APIs for Cloud Connectivity and Device Management
 
SD-WAN plus cloud security
SD-WAN plus cloud securitySD-WAN plus cloud security
SD-WAN plus cloud security
 
Small Cell Forum: Security Briefing
Small Cell Forum: Security BriefingSmall Cell Forum: Security Briefing
Small Cell Forum: Security Briefing
 
Accelerating IoT Development: Developerweek SF 2018
Accelerating IoT Development: Developerweek SF 2018Accelerating IoT Development: Developerweek SF 2018
Accelerating IoT Development: Developerweek SF 2018
 
IoT, computer intelligence and javascript in the physical world
IoT, computer intelligence and javascript in the physical worldIoT, computer intelligence and javascript in the physical world
IoT, computer intelligence and javascript in the physical world
 
GraphQL distribution
GraphQL distributionGraphQL distribution
GraphQL distribution
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
Spoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized InternetSpoofing and Denial of Service: A risk to the decentralized Internet
Spoofing and Denial of Service: A risk to the decentralized Internet
 
DDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetDDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internet
 
Bridgera enterprise IoT security
Bridgera enterprise IoT securityBridgera enterprise IoT security
Bridgera enterprise IoT security
 
BlackStor - World's fastest & most reliable Cloud Native Software Defined Sto...
BlackStor - World's fastest & most reliable Cloud Native Software Defined Sto...BlackStor - World's fastest & most reliable Cloud Native Software Defined Sto...
BlackStor - World's fastest & most reliable Cloud Native Software Defined Sto...
 
The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.
 

Recently uploaded

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 

Recently uploaded (20)

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 

PLNOG19 - Sławomir Janukowicz - Zestaw uzbrojenia na wyposażeniu wykonujących ataki DDoS

  • 1. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY Zestaw uzbrojenia na wyposażeniu wykonujących ataki DDoS Sławomir Janukowicz sjanukowicz@arbor.net +48734453354
  • 2. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 2 INFORMATION SOURCE ARBOR ATLAS
  • 3. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 3 Poland max pps 0 5 10 15 20 25 30 35 40 45 50 2016 September 2016 October 2016 November 2016 December 2017 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August MAX Mpps
  • 4. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 4 Poland max bandwidth 0 20 40 60 80 100 120 140 160 180 200 2016 September 2016 October 2016 November 2016 December 2017 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August MAX Gbps
  • 5. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 5 Poland UDP over 6 minutes and over 1Gbps 0 200 400 600 800 1000 1200 1400 1600 1800 2000 2016 September 2016 October 2016 November 2016 December 2017 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August events per month
  • 6. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 6 Poland NTP or DNS amplification over 6 minutes and over 1Gbps 0 20 40 60 80 100 120 140 160 2016 September 2016 October 2016 November 2016 December 2017 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August events per month
  • 7. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 7 Poland TCP SYN over 6 minutes and over 100kpps 0 50 100 150 200 250 300 2016 September 2016 October 2016 November 2016 December 2017 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August events per month
  • 8. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 8 Poland TCP RST over 6 minutes over 100kpps 0 5 10 15 20 25 30 35 40 45 2016 September 2016 October 2016 November 2016 December 2017 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August events per month
  • 9. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 9 WHY
  • 10. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 10 Attacks reasons 63 42 38 32 30 29 26 25 24 24 19 19 13 11 0 10 20 30 40 50 60 70
  • 11. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 11 TOOLS
  • 12. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 12 Google and some cash • Magic world “Network stresser” • Sign for service and pick your target
  • 13. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 13 str3ssed.me
  • 14. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 14 Social network • Low Orbit Ion Cannon • High Orbit Ion Cannon
  • 15. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 15 Advanced ones • TCP ACK attacks • For packets generator each packet type is the same processing power • For firewall (for example) dropping UDP with random ports or dropping TCP ACK for open service – big difference
  • 16. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 16 Unprecedented DDoS attack sizes IoT: Mirai 2016 Mirai infections December 2016 • 1M login attempts from 11/29 to 12/12 from 92K unique IP addresses • More than 1 attempt per minute in some regions
  • 17. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 17 https://hdwallsbox.com/army-undead-fantasy-art-armor-skeletons-artwork-warriors-wallpaper-122347/ Game of Thrones 2011 IoT: Mirai next gen • The Zombie horde A single infected Windows computer has now the capability to infect and subvert the ”innocent” IoT population into zombies, all under the control of the attacker. • The attackers weapon arsenal The attacker can now use the zombies to: 1. Infect other IoT devices. 2. Launch outbound attacks against external targets. 3. Perform reconnaissance on internal networks, followed by targeted attacks against internal targets.
  • 18. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 18 Call from inside the house • More attack options • Reflection attacks using UDP packets with spoofed source IP addresses • Application level attacks (HTTP/SIP attacks). • Pseudo random DNS label prefix attacks against DNS servers. • This attack traffic will quickly fill up any internal WAN links and will also will cause havoc with any stateful device on the path, including NGFWs.
  • 19. ©2017 ARBOR® CONFIDENTIAL & PROPRIETARY Q&A / THANK YOU 19 Contact Information: Sławomir Janukowicz sjanukowicz@arbor.net +48734453354