SlideShare a Scribd company logo

DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-dots-use-cases-00

ShortestPathFirst
ShortestPathFirst

Presentation given by Roland Dobbins covering our recent draft of use case scenarios for use in DDoS Open Threat Signaling. This presentation was given on Nov. 3rd, 2015 at IETF 94 in Yokohama, Japan.

Internet
1 of 75
Download to read offline
DOTS WG draft-ietf-dots-use-cases-00 DDoS Open Threat Signaling (DOTS) Working Group Roland  Dobbins    –  Arbor  Networks   Stefan  Fouant  –  Corero  Network  Security   Daniel  Migault  –  Ericsson   Robert  Moskowitz  –  HTT  ConsulAng   Nik  Teague  –  Verisign   Liang  ‘Frank’  Xia  –  Huawei  
DOTS WG2   IntroducAon  &  Context  
DOTS WG3   draft-ietf-dots-use-cases-00 Summary •  Provides example use-cases for DOTS (actually, categories). •  All examples can be CE/PE or PE/PE. •  Room for wide variation within each category (see 4.1.1). •  All DOTS communications in each example can be directly between DOTS servers and DOTS clients, or mediated by DOTS relays. •  DOTS relays can forward messages between DOTS clients and servers using either stateless transport, stateful transport, or a combination of the two. •  DOTS relays can aggregate service requests, status messages, and responses. •  DOTS relays can filter service requests, status messages, and responses
DOTS WG4   draft-ietf-dots-use-cases-00 Summary (cont.) •  Use-cases in -00 are not exhaustive, are illustrative. •  Use-cases in -00 focus on DDoS mitigation using dedicated mitigation devices. S/RTBH, flowspec, OpenFlow, etc. can also be used to leverage network infrastructure for DDoS mitigation. •  4.1.1 use-case in this presentation illustrates full DOTS communications cycle, variants. •  Other use-cases in this presentation are summarized ‘diffs’ illustrating DOTS communications model in widely varying circumstances. •  Use-cases in this presentation focus on protecting servers under DDoS attack on destination networks. DOTS can also be used to suppress attack traffic on origin networks or as it traverses intermediary networks.
DOTS WG5   4.1  -­‐  Primary  Use  Cases  
DOTS WG6   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  CPE  or  PE  MiAgators  Request   Upstream  DDoS  MiAgaAon  
DOTS WG7  
DOTS WG8  
DOTS WG9  
DOTS WG10  
DOTS WG11   DDoS  a&ack  ini+ated.  
DOTS WG12   A&ack  mi+gated     on-­‐prem.  
DOTS WG13   On-­‐prem  mi+ga+on     capacity  exceeded.  
DOTS WG14   On-­‐prem  mi+ga+on     capacity  exceeded.  
DOTS WG15   DOTS  client  signals   for  upstream  mi+ga+on.  
DOTS WG16   DOTS  server  acknowledges     mi+ga+on  request,   mi+ga+on  ini+ated.  
DOTS WG17   Mi+ga+on  in  progress.  
DOTS WG18   Status  messages   exhanged  during   mi+ga+on  –  efficacy,   mi+ga+on  status,  etc.  
DOTS WG19   A&ack  terminated.  
DOTS WG20   Mi+ga+on  status  change   message  transmi&ed.  
DOTS WG21   Mi+ga+on  termina+on   service  request.  
DOTS WG22   Mi+ga+on  termina+on   service  acknowledgement.  
DOTS WG23   Mi+ga+on  terminated,   return  to  status  quo  ante.  
DOTS WG24   DOTS  communica+on   rela+onships.  
DOTS WG25   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  VariaAon  with  DOTS  Relay   MediaAng  CommunicaAons  
DOTS WG26  
DOTS WG27  
DOTS WG28   Mi+ga+on  in  progress.  
DOTS WG29   Mi+ga+on  in  progress.  
DOTS WG30   DOTS  communica+on   rela+onships.  
DOTS WG31   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  VariaAon  with  Overlay  DDoS   MiAgaAon  Service  Provider  
DOTS WG32  
DOTS WG33   Mi+ga+on  in  progress.  
DOTS WG34   DOTS  communica+on   rela+onships.  
DOTS WG35   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  VariaAon  with  MulAple   Upstream  DDoS  MiAgaAon  Providers  
DOTS WG36  
DOTS WG37   Mi+ga+on  in  progress.  
DOTS WG38   Mi+ga+on  status     messaging  between   providers.  
DOTS WG39   DOTS  communica+on   rela+onships.  
DOTS WG40   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.2  –  Network  Infrastructure   Device  Requests  Upstream  DDoS   MiAgaAon  
DOTS WG41  
DOTS WG42   Mi+ga+on  in  progress.  
DOTS WG43   DOTS  communica+on   rela+onships.  
DOTS WG44   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.3  –  AYack  Telemetry  DetecAon/ ClassificaAon  System  Requests  Upstream   DDoS  MiAgaAon  
DOTS WG45  
DOTS WG46   Mi+ga+on  in  progress.  
DOTS WG47   DOTS  communica+on   rela+onships.  
DOTS WG48   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.4  –  Targeted  Service/ApplicaAon   Requests  Upstream  DDoS  MiAgaAon  
DOTS WG49  
DOTS WG50   Mi+ga+on  in  progress.  
DOTS WG51   DOTS  communica+on   rela+onships.  
DOTS WG52   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.5  –  Manual  Web  Portal  Request   to  Upstream  MiAgator  
DOTS WG53  
DOTS WG54   Mi+ga+on  in  progress.   HTTP/S  between  Web   browser  &  DOTS  client   on  Web  portal.  
DOTS WG55   Mi+ga+on  in  progress.   HTTP/S  between  Web   browser  &  DOTS  client   on  Web  portal.  
DOTS WG56   Communica+on   rela+onships.  DOTS   on  upstream  mi+ga+on   network  only.  
DOTS WG57   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.6  –  Manual  Mobile  Device   ApplicaAon  Request  to  Upstream   MiAgator    
DOTS WG58  
DOTS WG59   Mi+ga+on  in  progress.  
DOTS WG60   DOTS  communica+on   rela+onships.  
DOTS WG61   s ReflecAon/AmplificaAon   DDoS  AYacks   4.1.7  –  Unsuccessful  CPE  or  PE   MiAgator  Request  for  Upstream   DDoS  MiAgaAon  
DOTS WG62  
DOTS WG63   Mi+ga+on  in     progress.  
DOTS WG64   Another  a&ack   ini+ated,  different   target.  
DOTS WG65   Mi+ga+on   service  request   refused  due  to   mi+ga+on  capacity   constraints.  
DOTS WG66   DOTS  communica+on   rela+onships.  
DOTS WG67   4.2  -­‐  Ancillary  Use  Cases  
DOTS WG68   4.2.1 – Auto-Registration •  Beyond attack mitigation requests, responses, and status messages, DOTS can also be useful for administrative tasks. •  Administrative tasks are a significant barrier to effective DDoS mitigation. •  DOTS clients with appropriate credentials can auto-register with DOTS servers on upstream mitigation networks. •  This helps with DDoS mitigation service on-boarding, moves/adds/changes.
DOTS WG69   4.2.2 – Automatic Provisioning of DDoS Countermeasures •  DDoS countermeasure provisioning today is a largely manual process, errors and inefficiency can be problematic. •  This can lead to inadequately-provisioned DDoS mitigation services which often are not optimized for the assets under DDoS protection. Mitigation rapidity, efficacy suffers. •  On-boarding organizations during an attack – an all-too- common situation – can be very challenging. •  The ‘self-descriptive’ nature of DOTS registration and mitigation status requests can be leveraged to automate the countermeasure selection, provisioning, and tuning process. •  Mitigation efficacy feedback from DOTS clients to DOTS servers during an attack can be leveraged for real-time mitigation tuning and optimization.
DOTS WG70   4.2.3 – Informational DDoS Attack Notification to Third Parties •  In addition to service requests from organizations under attack to upstream mitigators, DOTS can be used to send DDoS attack notification and status messages to interested and authorized third parties. •  It may be beneficial in some circumstances to automatically provide attack notifications and status messages econdary or tertiary ‘backup’ mitigation providers, security researchers, vendors, law enforcement agencies, regulatory agencies, etc. •  Any such sharing of information with third parties should only take place in accordance with all relevant laws, regulations, contractual obligations, privacy and confidentiality agreements.
DOTS WG71   s ReflecAon/AmplificaAon   DDoS  AYacks   Next  Steps  for  Use-­‐Cases   Drac  
DOTS WG72   To-Do List for draft-dots-ietf-use-cases-01 •  Fix typos (doh!). •  Remove duplicative verbiage. •  Wordsmith phrasing for clarity. •  Present use-cases via ‘diffs’ – i.e., refer to commonalities with other use-cases, emphasize specific factors unique to each use-case. •  Reconcile definitions of terminology with dots-ietf- requirements draft. •  Add use-cases illustrating suppression of DDoS attack traffic on origin networks, filtering on intermediate networks. •  Add use-cases illustrating specific PE-PE scenarios (e.g., ‘overflow’ requests for additional DDoS mitigation capacity, etc.).
DOTS WG73   Request for Feedback from WG Participants •  What should we add? •  What should we remove? •  What should we change? •  Should we include variations (via ‘diffs’) on each use-case similar to what was done with 4.1.1 in this presentation? •  Other input?
DOTS WG This Presentation – http://bit.ly/1N6u8za
DOTS WG Thank you! DDoS Open Threat Signaling (DOTS) Working Group Roland  Dobbins    –  Arbor  Networks   Stefan  Fouant  –  Corero  Network  Security   Daniel  Migault  –  Ericsson   Robert  Moskowitz  –  HTT  ConsulAng   Nik  Teague  –  Verisign   Liang  ‘Frank’  Xia  –  Huawei  

Recommended

10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques
IntruGuard
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
Security Session
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)
btpsec
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
jgrahamc
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDN
Chao Chen
 
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5
Bangladesh Network Operators Group
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS Attacks
Acquia
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
APNIC
 

Recommended

10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques
IntruGuard
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
Security Session
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)
btpsec
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
jgrahamc
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDN
Chao Chen
 
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5
Bangladesh Network Operators Group
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS Attacks
Acquia
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
APNIC
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
Jerod Brennen
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
Sukbum Hong
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDN
Vishal Vasudev
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017
Suzanne Aldrich
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and Mitigation
Cloudflare
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
Anil Antony
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
Seungjoo Kim
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and Mitigation
Devang Badrakiya
 
Time-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerTime-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN Controller
Lippo Group Digital
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOG
Zobair Khan
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Ahmed Ghazey
 
What is DDoS ?
What is DDoS ?What is DDoS ?
What is DDoS ?
Vikas Phonsa
 
What is ddos attack
What is ddos attackWhat is ddos attack
What is ddos attack
Dosarrest007
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
Suzanne Aldrich
 
DDoS Attack
DDoS AttackDDoS Attack
DDoS Attack
Gopi Krishnan S
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
Babak Farrokhi
 
Testing High Performance Firewalls
Testing High Performance FirewallsTesting High Performance Firewalls
Testing High Performance Firewalls
Ixia
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacks
MyNOG
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow Spec
ShortestPathFirst
 
IP Routing Tutorial
IP Routing TutorialIP Routing Tutorial
IP Routing Tutorial
ShortestPathFirst
 

More Related Content

What's hot

Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDN
Vishal Vasudev
 

What's hot (20)

DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDN
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and Mitigation
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and Mitigation
 
Time-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerTime-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN Controller
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOG
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
What is DDoS ?
What is DDoS ?What is DDoS ?
What is DDoS ?
 
What is ddos attack
What is ddos attackWhat is ddos attack
What is ddos attack
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
DDoS Attack
DDoS AttackDDoS Attack
DDoS Attack
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
Testing High Performance Firewalls
Testing High Performance FirewallsTesting High Performance Firewalls
Testing High Performance Firewalls
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacks
 

Viewers also liked

Return on Security Investment
Return on Security InvestmentReturn on Security Investment
Return on Security Investment
Conferencias FIST
 

Viewers also liked (6)

An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow Spec
 
IP Routing Tutorial
IP Routing TutorialIP Routing Tutorial
IP Routing Tutorial
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overview
 
Return on Security Investment
Return on Security InvestmentReturn on Security Investment
Return on Security Investment
 
Connecting the dots
Connecting the dotsConnecting the dots
Connecting the dots
 

Similar to DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-dots-use-cases-00

The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
Cloudflare
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
swang2010
 
The role of DDoS Providers
The role of DDoS ProvidersThe role of DDoS Providers
The role of DDoS Providers
Neil Hinton
 
DDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosDDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-Haltdos
Haltdos
 

Similar to DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-dots-use-cases-00 (20)

The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
 
Solution_Use_Case_-_DDoS_Incident_Monitoring.pdf
Solution_Use_Case_-_DDoS_Incident_Monitoring.pdfSolution_Use_Case_-_DDoS_Incident_Monitoring.pdf
Solution_Use_Case_-_DDoS_Incident_Monitoring.pdf
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
 
IMPROVING DDOS DETECTION IN IOT DEVICES
IMPROVING DDOS DETECTION IN IOT DEVICESIMPROVING DDOS DETECTION IN IOT DEVICES
IMPROVING DDOS DETECTION IN IOT DEVICES
 
The role of DDoS Providers
The role of DDoS ProvidersThe role of DDoS Providers
The role of DDoS Providers
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
DDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkDDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT Network
 
DDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxDDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptx
 
DDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosDDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-Haltdos
 
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
 
Final report
Final reportFinal report
Final report
 
DDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customersDDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customers
 
The Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThe Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and Takeaways
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)
 
DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.DDoS Mitigator. Personal control panel for each hosting clients.
DDoS Mitigator. Personal control panel for each hosting clients.
 
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyBKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
 
Data Center Trends And Network Security Impact
Data Center Trends And Network Security ImpactData Center Trends And Network Security Impact
Data Center Trends And Network Security Impact
 
Apani UK GCSx Co-Co Compliance
Apani UK GCSx Co-Co ComplianceApani UK GCSx Co-Co Compliance
Apani UK GCSx Co-Co Compliance
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
 

Recently uploaded

在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
galaxypingy
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 

Recently uploaded (20)

Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 

DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-dots-use-cases-00

  • 1. DOTS WG draft-ietf-dots-use-cases-00 DDoS Open Threat Signaling (DOTS) Working Group Roland  Dobbins    –  Arbor  Networks   Stefan  Fouant  –  Corero  Network  Security   Daniel  Migault  –  Ericsson   Robert  Moskowitz  –  HTT  ConsulAng   Nik  Teague  –  Verisign   Liang  ‘Frank’  Xia  –  Huawei  
  • 2. DOTS WG2   IntroducAon  &  Context  
  • 3. DOTS WG3   draft-ietf-dots-use-cases-00 Summary •  Provides example use-cases for DOTS (actually, categories). •  All examples can be CE/PE or PE/PE. •  Room for wide variation within each category (see 4.1.1). •  All DOTS communications in each example can be directly between DOTS servers and DOTS clients, or mediated by DOTS relays. •  DOTS relays can forward messages between DOTS clients and servers using either stateless transport, stateful transport, or a combination of the two. •  DOTS relays can aggregate service requests, status messages, and responses. •  DOTS relays can filter service requests, status messages, and responses
  • 4. DOTS WG4   draft-ietf-dots-use-cases-00 Summary (cont.) •  Use-cases in -00 are not exhaustive, are illustrative. •  Use-cases in -00 focus on DDoS mitigation using dedicated mitigation devices. S/RTBH, flowspec, OpenFlow, etc. can also be used to leverage network infrastructure for DDoS mitigation. •  4.1.1 use-case in this presentation illustrates full DOTS communications cycle, variants. •  Other use-cases in this presentation are summarized ‘diffs’ illustrating DOTS communications model in widely varying circumstances. •  Use-cases in this presentation focus on protecting servers under DDoS attack on destination networks. DOTS can also be used to suppress attack traffic on origin networks or as it traverses intermediary networks.
  • 5. DOTS WG5   4.1  -­‐  Primary  Use  Cases  
  • 6. DOTS WG6   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  CPE  or  PE  MiAgators  Request   Upstream  DDoS  MiAgaAon  
  • 11. DOTS WG11   DDoS  a&ack  ini+ated.  
  • 12. DOTS WG12   A&ack  mi+gated     on-­‐prem.  
  • 13. DOTS WG13   On-­‐prem  mi+ga+on     capacity  exceeded.  
  • 14. DOTS WG14   On-­‐prem  mi+ga+on     capacity  exceeded.  
  • 15. DOTS WG15   DOTS  client  signals   for  upstream  mi+ga+on.  
  • 16. DOTS WG16   DOTS  server  acknowledges     mi+ga+on  request,   mi+ga+on  ini+ated.  
  • 17. DOTS WG17   Mi+ga+on  in  progress.  
  • 18. DOTS WG18   Status  messages   exhanged  during   mi+ga+on  –  efficacy,   mi+ga+on  status,  etc.  
  • 19. DOTS WG19   A&ack  terminated.  
  • 20. DOTS WG20   Mi+ga+on  status  change   message  transmi&ed.  
  • 21. DOTS WG21   Mi+ga+on  termina+on   service  request.  
  • 22. DOTS WG22   Mi+ga+on  termina+on   service  acknowledgement.  
  • 23. DOTS WG23   Mi+ga+on  terminated,   return  to  status  quo  ante.  
  • 24. DOTS WG24   DOTS  communica+on   rela+onships.  
  • 25. DOTS WG25   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  VariaAon  with  DOTS  Relay   MediaAng  CommunicaAons  
  • 28. DOTS WG28   Mi+ga+on  in  progress.  
  • 29. DOTS WG29   Mi+ga+on  in  progress.  
  • 30. DOTS WG30   DOTS  communica+on   rela+onships.  
  • 31. DOTS WG31   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  VariaAon  with  Overlay  DDoS   MiAgaAon  Service  Provider  
  • 33. DOTS WG33   Mi+ga+on  in  progress.  
  • 34. DOTS WG34   DOTS  communica+on   rela+onships.  
  • 35. DOTS WG35   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.1  –  VariaAon  with  MulAple   Upstream  DDoS  MiAgaAon  Providers  
  • 37. DOTS WG37   Mi+ga+on  in  progress.  
  • 38. DOTS WG38   Mi+ga+on  status     messaging  between   providers.  
  • 39. DOTS WG39   DOTS  communica+on   rela+onships.  
  • 40. DOTS WG40   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.2  –  Network  Infrastructure   Device  Requests  Upstream  DDoS   MiAgaAon  
  • 42. DOTS WG42   Mi+ga+on  in  progress.  
  • 43. DOTS WG43   DOTS  communica+on   rela+onships.  
  • 44. DOTS WG44   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.3  –  AYack  Telemetry  DetecAon/ ClassificaAon  System  Requests  Upstream   DDoS  MiAgaAon  
  • 46. DOTS WG46   Mi+ga+on  in  progress.  
  • 47. DOTS WG47   DOTS  communica+on   rela+onships.  
  • 48. DOTS WG48   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.4  –  Targeted  Service/ApplicaAon   Requests  Upstream  DDoS  MiAgaAon  
  • 50. DOTS WG50   Mi+ga+on  in  progress.  
  • 51. DOTS WG51   DOTS  communica+on   rela+onships.  
  • 52. DOTS WG52   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.5  –  Manual  Web  Portal  Request   to  Upstream  MiAgator  
  • 54. DOTS WG54   Mi+ga+on  in  progress.   HTTP/S  between  Web   browser  &  DOTS  client   on  Web  portal.  
  • 55. DOTS WG55   Mi+ga+on  in  progress.   HTTP/S  between  Web   browser  &  DOTS  client   on  Web  portal.  
  • 56. DOTS WG56   Communica+on   rela+onships.  DOTS   on  upstream  mi+ga+on   network  only.  
  • 57. DOTS WG57   ReflecAon/AmplificaAon   DDoS  AYacks   4.1.6  –  Manual  Mobile  Device   ApplicaAon  Request  to  Upstream   MiAgator    
  • 59. DOTS WG59   Mi+ga+on  in  progress.  
  • 60. DOTS WG60   DOTS  communica+on   rela+onships.  
  • 61. DOTS WG61   s ReflecAon/AmplificaAon   DDoS  AYacks   4.1.7  –  Unsuccessful  CPE  or  PE   MiAgator  Request  for  Upstream   DDoS  MiAgaAon  
  • 63. DOTS WG63   Mi+ga+on  in     progress.  
  • 64. DOTS WG64   Another  a&ack   ini+ated,  different   target.  
  • 65. DOTS WG65   Mi+ga+on   service  request   refused  due  to   mi+ga+on  capacity   constraints.  
  • 66. DOTS WG66   DOTS  communica+on   rela+onships.  
  • 67. DOTS WG67   4.2  -­‐  Ancillary  Use  Cases  
  • 68. DOTS WG68   4.2.1 – Auto-Registration •  Beyond attack mitigation requests, responses, and status messages, DOTS can also be useful for administrative tasks. •  Administrative tasks are a significant barrier to effective DDoS mitigation. •  DOTS clients with appropriate credentials can auto-register with DOTS servers on upstream mitigation networks. •  This helps with DDoS mitigation service on-boarding, moves/adds/changes.
  • 69. DOTS WG69   4.2.2 – Automatic Provisioning of DDoS Countermeasures •  DDoS countermeasure provisioning today is a largely manual process, errors and inefficiency can be problematic. •  This can lead to inadequately-provisioned DDoS mitigation services which often are not optimized for the assets under DDoS protection. Mitigation rapidity, efficacy suffers. •  On-boarding organizations during an attack – an all-too- common situation – can be very challenging. •  The ‘self-descriptive’ nature of DOTS registration and mitigation status requests can be leveraged to automate the countermeasure selection, provisioning, and tuning process. •  Mitigation efficacy feedback from DOTS clients to DOTS servers during an attack can be leveraged for real-time mitigation tuning and optimization.
  • 70. DOTS WG70   4.2.3 – Informational DDoS Attack Notification to Third Parties •  In addition to service requests from organizations under attack to upstream mitigators, DOTS can be used to send DDoS attack notification and status messages to interested and authorized third parties. •  It may be beneficial in some circumstances to automatically provide attack notifications and status messages econdary or tertiary ‘backup’ mitigation providers, security researchers, vendors, law enforcement agencies, regulatory agencies, etc. •  Any such sharing of information with third parties should only take place in accordance with all relevant laws, regulations, contractual obligations, privacy and confidentiality agreements.
  • 71. DOTS WG71   s ReflecAon/AmplificaAon   DDoS  AYacks   Next  Steps  for  Use-­‐Cases   Drac  
  • 72. DOTS WG72   To-Do List for draft-dots-ietf-use-cases-01 •  Fix typos (doh!). •  Remove duplicative verbiage. •  Wordsmith phrasing for clarity. •  Present use-cases via ‘diffs’ – i.e., refer to commonalities with other use-cases, emphasize specific factors unique to each use-case. •  Reconcile definitions of terminology with dots-ietf- requirements draft. •  Add use-cases illustrating suppression of DDoS attack traffic on origin networks, filtering on intermediate networks. •  Add use-cases illustrating specific PE-PE scenarios (e.g., ‘overflow’ requests for additional DDoS mitigation capacity, etc.).
  • 73. DOTS WG73   Request for Feedback from WG Participants •  What should we add? •  What should we remove? •  What should we change? •  Should we include variations (via ‘diffs’) on each use-case similar to what was done with 4.1.1 in this presentation? •  Other input?
  • 74. DOTS WG This Presentation – http://bit.ly/1N6u8za
  • 75. DOTS WG Thank you! DDoS Open Threat Signaling (DOTS) Working Group Roland  Dobbins    –  Arbor  Networks   Stefan  Fouant  –  Corero  Network  Security   Daniel  Migault  –  Ericsson   Robert  Moskowitz  –  HTT  ConsulAng   Nik  Teague  –  Verisign   Liang  ‘Frank’  Xia  –  Huawei