SlideShare a Scribd company logo
1 of 21
Download to read offline
Application Level DoS,
The Rise of CDNs
And The End of
The Free Internet
Christian Folini / @ChrFolini
Christian Folini: The Boring Bio
• Co-Lead OWASP CRS Project
• Author of the ModSecurity Handbook 2ed
• Program Chair Swiss Cyber Storm Conf
• Vice-President Swiss Cyber Experts
Christian Folini / @ChrFolini
Table of Contents
• Intro to DoS
• DoS Trends
• Limits of Traditional Defense Methods
• Local Announcement as Alternative
• Collateral Damage: The Internet
Christian Folini / @ChrFolini
Craziness
Confidentiality • Integrity • Availability
CIA
CPU • Storage • Bandwidth
DoS Targets
Postfinance • Protonmail • Digitec
DDoS Attacks in CH
Trend I
GROWTH
Trend II
Application Level DDoS
Trend III
Encryption
Decentralization • Centralization • Consolidation
CDNs
Christian Folini / @ChrFolini
“In a not-so-distant future, if we're not there
already, it may be that if you're going to
put content on the Internet you'll need to
use a company with a giant network like
Cloudflare, Google, Microsoft, Facebook,
Amazon, or Alibaba.”
Matthew Prince, CEO Cloudflare
“Within 2-3 years, there will be only 2-3
players in the world that are able to
withstand the biggest DDoS attacks and
protect websites on a global scale.”
Damian Menscher, Google,
Usenix Enigma Conference, February 2017
Christian Folini / @ChrFolini
“I think we are going to see a future where people
will accept to pay money in extortion. It will be part
of the costs of doing business. As an alternative,
there will be a handful of expensive services that
can protect you from DDoS attacks and these
services effectively control what new startups will
be allowed to operate on the internet.”
Dr. Paul Vixie, April 2017 in Zurich
Christian Folini / @ChrFolini
Integration • Directories • Encryption Keys
CDN Limits
Local Userbase • ACL • Control
GeoIP
Size of ACL • Carrier Bandwidth
GeoIP Limits
BGP • Peering • No Route Export
Local Route Announcement
Jurisdiction • IP Space as Territory • Balkanization
Dystopia
• Trend I: DDoS Attacks Are Getting Bigger All The Time
• Trend II: More and More Attacks are Application Level DDoS
• Trend III: Widspread Use of Encryption Make Defense Harder
• CDNs Are Here To Help And They Rule The Internet
• Limiting BGP Route Announc. Can Guarantee Ultimate GeoIP
• States May Fail To Protect Traffic Outside Their Jurisdictions
Christian Folini / @ChrFolini
Summary
• https://www.flickr.com/photos/nirak/29124106183
• https://www.flickr.com/photos/timdorr/63630545
• https://www.flickr.com/photos/the_ewan/3772847639
• https://www.flickr.com/photos/3336/
• https://www.flickr.com/photos/barsen/5484256163/
• https://twitter.com/letsencrypt/status/1020058447922978816
• https://www.yicaiglobal.com/news/tencent-cloud-puts-its-seoul-data-center-online
• https://www.youtube.com/watch?v=aE1kA0Jy0Xg
• https://alt929boston.com/2017/12/07/canadian-postal-worker-laughing-driving-recklessly/
• https://blog.cloudflare.com/why-we-terminated-daily-stormer/
Christian Folini / @ChrFolini
Sources for Slides (Mostly CC)
Christian Folini / @ChrFolini
• christian.folini@netnea.com
• @ChrFolini
• https://christian-folini.ch
Christian Folini / @ChrFolini
Thank you for
attending my talk

More Related Content

What's hot (6)

Privacy Concerns related to Verifiable Claims
Privacy Concerns related to Verifiable ClaimsPrivacy Concerns related to Verifiable Claims
Privacy Concerns related to Verifiable Claims
 
Deep Web
Deep WebDeep Web
Deep Web
 
Deep web
Deep webDeep web
Deep web
 
Is the Internet Fragmenting?
Is the Internet Fragmenting?Is the Internet Fragmenting?
Is the Internet Fragmenting?
 
The Idea Behind Blockchain Technology
The Idea Behind Blockchain TechnologyThe Idea Behind Blockchain Technology
The Idea Behind Blockchain Technology
 
Inter Lab06 Bebo White 1
Inter Lab06 Bebo White 1Inter Lab06 Bebo White 1
Inter Lab06 Bebo White 1
 

Similar to Black alps 2018-folini-d-dos

Andy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for itAndy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for it
Nordic Infrastructure Conference
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016
Melissa Krasnow
 

Similar to Black alps 2018-folini-d-dos (20)

Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...
 
Quant & Crypto Gold
Quant & Crypto GoldQuant & Crypto Gold
Quant & Crypto Gold
 
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New ...
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New...
 The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New... The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New...
The Future Paradigm Shifts of the Cloud and Big Data: Security Impacts & New...
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
 
Exploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial InstitutionsExploring DDoS Attacks: Impact to Community Financial Institutions
Exploring DDoS Attacks: Impact to Community Financial Institutions
 
Network Security in the Age of the Third Platform
Network Security in the Age of the Third PlatformNetwork Security in the Age of the Third Platform
Network Security in the Age of the Third Platform
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0  ThreatsMitigating Web 2.0  Threats
Mitigating Web 2.0 Threats
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
ICTSA v2
ICTSA v2ICTSA v2
ICTSA v2
 
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
 
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
 Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re... Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
 
Andy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for itAndy Malone - Keynote: the cloud one small step for man one giant leap for it
Andy Malone - Keynote: the cloud one small step for man one giant leap for it
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivity
 
Progam slides | December 17, 2013 | Federal Cloud Computing Summit
Progam slides | December 17, 2013 | Federal Cloud Computing SummitProgam slides | December 17, 2013 | Federal Cloud Computing Summit
Progam slides | December 17, 2013 | Federal Cloud Computing Summit
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAF
 

More from Christian Folini

More from Christian Folini (18)

OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy end
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's land
 
Never Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectNever Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP Project
 
What’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS projectWhat’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS project
 
The Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandThe Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in Switzerland
 
EVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanEVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein Fortsetzungsroman
 
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetSecuring Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
 
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
 
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetIntroduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule Set
 
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerGedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für Datenschützer
 
Medieval Castles and Modern Servers
Medieval Castles and Modern ServersMedieval Castles and Modern Servers
Medieval Castles and Modern Servers
 
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenE-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der Experten
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX Plus
 
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017
 
Introducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetIntroducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule Set
 
OWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeOWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia Mode
 

Recently uploaded

一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
B
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样
A
 
一比一定制波士顿学院毕业证学位证书
一比一定制波士顿学院毕业证学位证书一比一定制波士顿学院毕业证学位证书
一比一定制波士顿学院毕业证学位证书
A
 
一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理
AS
 
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
AS
 
一比一原版美国北卡罗莱纳大学毕业证如何办理
一比一原版美国北卡罗莱纳大学毕业证如何办理一比一原版美国北卡罗莱纳大学毕业证如何办理
一比一原版美国北卡罗莱纳大学毕业证如何办理
A
 
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
AS
 
一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理
AS
 
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
AS
 
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
Fi
 

Recently uploaded (20)

一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
 
GOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdfGOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdf
 
TOP 100 Vulnerabilities Step-by-Step Guide Handbook
TOP 100 Vulnerabilities Step-by-Step Guide HandbookTOP 100 Vulnerabilities Step-by-Step Guide Handbook
TOP 100 Vulnerabilities Step-by-Step Guide Handbook
 
Free scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsFree scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirts
 
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
 
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at  CaribNOG 27APNIC Updates presented by Paul Wilson at  CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
 
AI Generated 3D Models | AI 3D Model Generator
AI Generated 3D Models | AI 3D Model GeneratorAI Generated 3D Models | AI 3D Model Generator
AI Generated 3D Models | AI 3D Model Generator
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样
 
一比一定制波士顿学院毕业证学位证书
一比一定制波士顿学院毕业证学位证书一比一定制波士顿学院毕业证学位证书
一比一定制波士顿学院毕业证学位证书
 
一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理
 
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
 
一比一原版美国北卡罗莱纳大学毕业证如何办理
一比一原版美国北卡罗莱纳大学毕业证如何办理一比一原版美国北卡罗莱纳大学毕业证如何办理
一比一原版美国北卡罗莱纳大学毕业证如何办理
 
Lowongan Kerja LC Yogyakarta Terbaru 085746015303
Lowongan Kerja LC Yogyakarta Terbaru 085746015303Lowongan Kerja LC Yogyakarta Terbaru 085746015303
Lowongan Kerja LC Yogyakarta Terbaru 085746015303
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
 
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
 
一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理
 
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
 
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
 
Discovering OfficialUSA.com Your Go-To Resource.pdf
Discovering OfficialUSA.com Your Go-To Resource.pdfDiscovering OfficialUSA.com Your Go-To Resource.pdf
Discovering OfficialUSA.com Your Go-To Resource.pdf
 

Black alps 2018-folini-d-dos

  • 1. Application Level DoS, The Rise of CDNs And The End of The Free Internet Christian Folini / @ChrFolini
  • 2. Christian Folini: The Boring Bio • Co-Lead OWASP CRS Project • Author of the ModSecurity Handbook 2ed • Program Chair Swiss Cyber Storm Conf • Vice-President Swiss Cyber Experts Christian Folini / @ChrFolini
  • 3. Table of Contents • Intro to DoS • DoS Trends • Limits of Traditional Defense Methods • Local Announcement as Alternative • Collateral Damage: The Internet Christian Folini / @ChrFolini Craziness
  • 4. Confidentiality • Integrity • Availability CIA
  • 5. CPU • Storage • Bandwidth DoS Targets
  • 6. Postfinance • Protonmail • Digitec DDoS Attacks in CH
  • 10. Decentralization • Centralization • Consolidation CDNs
  • 11. Christian Folini / @ChrFolini “In a not-so-distant future, if we're not there already, it may be that if you're going to put content on the Internet you'll need to use a company with a giant network like Cloudflare, Google, Microsoft, Facebook, Amazon, or Alibaba.” Matthew Prince, CEO Cloudflare
  • 12. “Within 2-3 years, there will be only 2-3 players in the world that are able to withstand the biggest DDoS attacks and protect websites on a global scale.” Damian Menscher, Google, Usenix Enigma Conference, February 2017 Christian Folini / @ChrFolini
  • 13. “I think we are going to see a future where people will accept to pay money in extortion. It will be part of the costs of doing business. As an alternative, there will be a handful of expensive services that can protect you from DDoS attacks and these services effectively control what new startups will be allowed to operate on the internet.” Dr. Paul Vixie, April 2017 in Zurich Christian Folini / @ChrFolini
  • 14. Integration • Directories • Encryption Keys CDN Limits
  • 15. Local Userbase • ACL • Control GeoIP
  • 16. Size of ACL • Carrier Bandwidth GeoIP Limits
  • 17. BGP • Peering • No Route Export Local Route Announcement
  • 18. Jurisdiction • IP Space as Territory • Balkanization Dystopia
  • 19. • Trend I: DDoS Attacks Are Getting Bigger All The Time • Trend II: More and More Attacks are Application Level DDoS • Trend III: Widspread Use of Encryption Make Defense Harder • CDNs Are Here To Help And They Rule The Internet • Limiting BGP Route Announc. Can Guarantee Ultimate GeoIP • States May Fail To Protect Traffic Outside Their Jurisdictions Christian Folini / @ChrFolini Summary
  • 20. • https://www.flickr.com/photos/nirak/29124106183 • https://www.flickr.com/photos/timdorr/63630545 • https://www.flickr.com/photos/the_ewan/3772847639 • https://www.flickr.com/photos/3336/ • https://www.flickr.com/photos/barsen/5484256163/ • https://twitter.com/letsencrypt/status/1020058447922978816 • https://www.yicaiglobal.com/news/tencent-cloud-puts-its-seoul-data-center-online • https://www.youtube.com/watch?v=aE1kA0Jy0Xg • https://alt929boston.com/2017/12/07/canadian-postal-worker-laughing-driving-recklessly/ • https://blog.cloudflare.com/why-we-terminated-daily-stormer/ Christian Folini / @ChrFolini Sources for Slides (Mostly CC) Christian Folini / @ChrFolini
  • 21. • christian.folini@netnea.com • @ChrFolini • https://christian-folini.ch Christian Folini / @ChrFolini Thank you for attending my talk