SlideShare a Scribd company logo

Community tools to fight against DDoS

Fakrul Alam
Fakrul Alam

Fighting against DDoS specially with volumetric attack is always challenging for an ISP or transit provider. There isn't any single solution which help us to filter out bad traffic; it's require collaboration with upstream and related organization. Beside this fining out the target is also time consuming; where most the the provider struggles. In this presentation I talk about my experience implementing few community based effort which help me to better fight against volumetric DDoS attack.

1 of 28
Download to read offline
Community tools to fight against DDoS Fakrul Alam bdHUB Limited fakrul@bdhub.com
bdNOG3 Conference | 18th May 2015 | Dhaka
DDoS •  Distributed denial-of-service (DDoS) attacks target network infrastructures or computer services by sending overwhelming number of service requests to the server from many sources. •  Server resources are used up in serving the fake requests resulting in denial or degradation of legitimate service requests to be served bdNOG3 Conference | 18th May 2015 | Dhaka
Addressing DDoS attacks •  Detection –  Detect incoming fake requests •  Mitigation –  Diversion : Send traffic to a specialized device that removes the fake packets from the traffic stream while retaining the legitimate packets –  Return : Send back the clean traffic to the server bdNOG3 Conference | 18th May 2015 | Dhaka
3 Community tools from Team Cymru •  Bogon Filter –  https://www.team-cymru.org/bogon-reference.html •  Flow Sonar –  https://www.team-cymru.org/Flow-Sonar.html •  UTRS (Unwanted Traffic Removal Service) –  https://www.team-cymru.org/UTRS/index.html bdNOG3 Conference | 18th May 2015 | Dhaka
1. Bogon Filter
Bogon Filter •  A bogon prefix is a route that should never appear in the Internet routing table –  Bogons are defined as Martians (private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated to a RIR by the IANA •  These are commonly found as the source addresses of DDoS attacks •  Study shows 60% of the naughty packets were obvious bogons •  Bogon and fullbogon lists are NOT static lists bdNOG3 Conference | 18th May 2015 | Dhaka
Bogon Filter : Configuration IPv4 bdNOG3 Conference | 18th May 2015 | Dhaka / you can forward these traffic and analyze /
Bogon Filter : Configuration IPv6 bdNOG3 Conference | 18th May 2015 | Dhaka / you can forward these traffic and analyze /
Bogon Filter : Output bdNOG3 Conference | 18th May 2015 | Dhaka
Bogon Filter : Status •  The IPv4 traditional bogons list is currently 13 prefixes. •  fullbogons list is approximately 3,618 prefixes. •  The IPv6 fullbogons list is approximately 58,401 prefixes. –  [date : 18th May 2015] bdNOG3 Conference | 18th May 2015 | Dhaka
Bogon Filter : Peering •  Contact bogonrs@cymru.com 1.  Which bogon types you wish to receive (traditional IPv4 bogons, IPv4 fullbogons, and/or IPv6 fullbogons) 2.  Your AS number 3.  The IP address(es) you want us to peer with 4.  Does your equipment support MD5 passwords for BGP sessions? 5.  Optional: your GPG/PGP public key •  https://www.team-cymru.org/bogon-reference- bgp.html bdNOG3 Conference | 18th May 2015 | Dhaka
2. Flow Sonar
Flow Sonar •  The Team Cymru Flow Sonar system is a powerful tool for network managers to visually identify and understand what is happening on their network at any given time •  Leveraging the free and open-source framework provided by Peter Haag of SWITCH •  Special plugins "dosrannu" developed by Team Cymru to track malicious activity on your network •  Unique dosrannu feeds alerted to DDoS attacks, compromised machines, and the presence of connections to C&C hosts bdNOG3 Conference | 18th May 2015 | Dhaka
Flow Sonar It’s  nfsens/nfdump!!!   bdNOG3 Conference | 18th May 2015 | Dhaka
Flow Sonar : Get It •  Contact outreach@cymru.com 1.  Team Cymru will send hardware •  1 Server •  1 Router •  https://www.team-cymru.org/Flow-Sonar.html bdNOG3 Conference | 18th May 2015 | Dhaka
3. UTRS (Unwanted Traffic Removal Service)
RTBH 101 CE IP : 1.2.3.4 BGP : 1.2.3.0/24 PE Transit I Transit II Provider InfraCustomer Infra Website Internet bdNOG3 Conference | 18th May 2015 | Dhaka
RTBH 101 CE IP : 1.2.3.4 BGP : 1.2.3.0/24 PE Transit I Transit II Provider InfraCustomer Infra Website Internet DDoS Traffic DDoS Traffic DDoS Traffic bdNOG3 Conference | 18th May 2015 | Dhaka
RTBH 101 CE IP : 1.2.3.4 BGP : 1.2.3.0/24 PE Transit I Transit II Provider InfraCustomer Infra Website Internet DDoS Traffic DDoS Traffic DDoS Traffic BGP : 1.2.3.4/32 COM : 65420:666 bdNOG3 Conference | 18th May 2015 | Dhaka
RTBH 101 CE IP : 1.2.3.4 BGP : 1.2.3.0/24 PE Transit I Transit II Provider InfraCustomer Infra Website Internet DDoS Traffic BGP : 1.2.3.4/32 COM : 65420:666 IP : 1.2.3.4/32 -> discard IP : 1.2.3.4/32 -> discard bdNOG3 Conference | 18th May 2015 | Dhaka
RTBH Upstream •  Check whether your upsteam provider support RTBH •  Configure & Test RTBH before incident •  Only announce IPv4 /32's from address space you originate or your customer bdNOG3 Conference | 18th May 2015 | Dhaka
UTRS •  It’s based on the basic principle of DDoS filtering; Remotely Triggered Black Hole Filtering •  UTRS is a system that helps mitigate large infrastructure attacks by leveraging an existing network of cooperating BGP speakers such as ISPs, hosting providers and educational institutions that automatically distributes verified BGP-based filter rules from victim to cooperating networks bdNOG3 Conference | 18th May 2015 | Dhaka
UTRS : Configuration bdNOG3 Conference | 18th May 2015 | Dhaka Make sure you tag the route properly
UTRS : Apply •  Newly launched service –  Quite picky to choose whom to peer –  Do organization verification •  https://www.team-cymru.org/UTRS/index.html bdNOG3 Conference | 18th May 2015 | Dhaka
How UTRS varies from RTBH with upstream!
Other Efforts •  NANOG BCOP : DDoS-DoS-attack-BCOP –  http://bcop.nanog.org/index.php/DDoS-DoS-attack-BCOP bdNOG3 Conference | 18th May 2015 | Dhaka
Thank You

Recommended

RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
Fakrul Alam
 
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
apidays
 
bdNOG Report
bdNOG ReportbdNOG Report
bdNOG Report
Bangladesh Network Operators Group
 
Apnic update
Apnic updateApnic update
Apnic update
Bangladesh Network Operators Group
 
Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment
Bangladesh Network Operators Group
 
BKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSBKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoS
APNIC
 
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
Worteks
 
Introduction to RPKI
Introduction to RPKIIntroduction to RPKI
Introduction to RPKI
APNIC
 

Recommended

RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
Fakrul Alam
 
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
APIdays Barcelona 2019 - Introduction to Onion Services to secure APIs with P...
apidays
 
bdNOG Report
bdNOG ReportbdNOG Report
bdNOG Report
Bangladesh Network Operators Group
 
Apnic update
Apnic updateApnic update
Apnic update
Bangladesh Network Operators Group
 
Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment
Bangladesh Network Operators Group
 
BKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSBKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoS
APNIC
 
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
Worteks
 
Introduction to RPKI
Introduction to RPKIIntroduction to RPKI
Introduction to RPKI
APNIC
 
Large BGP Communities
Large BGP CommunitiesLarge BGP Communities
Large BGP Communities
APNIC
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
Sanjeev Mishra
 
Fortinet FortiGate 100D
Fortinet FortiGate 100DFortinet FortiGate 100D
Fortinet FortiGate 100D
Hoai Duyen
 
RPKI Trust Anchor
RPKI Trust AnchorRPKI Trust Anchor
RPKI Trust Anchor
APNIC
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
MyNOG
 
RPKI Tutorial
RPKI Tutorial RPKI Tutorial
RPKI Tutorial
Bangladesh Network Operators Group
 
MobilityFirst FIA in OpenFlow SDNs
MobilityFirst FIA in OpenFlow SDNsMobilityFirst FIA in OpenFlow SDNs
MobilityFirst FIA in OpenFlow SDNs
US-Ignite
 
MongoDB 2.8 bug hunt
MongoDB 2.8 bug huntMongoDB 2.8 bug hunt
MongoDB 2.8 bug hunt
Quentin Conner
 
Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI)
Bangladesh Network Operators Group
 
Routing security - Budapest 2011
Routing security - Budapest 2011Routing security - Budapest 2011
Routing security - Budapest 2011
Wardner Maia
 
What is a blockchain
What is a blockchainWhat is a blockchain
What is a blockchain
Len Bass
 
Securing BGP
Securing BGPSecuring BGP
Securing BGP
RIPE NCC
 
LACNIC Update
LACNIC UpdateLACNIC Update
LACNIC Update
APNIC
 
A week with analysing RPKI status
A week with analysing RPKI statusA week with analysing RPKI status
A week with analysing RPKI status
Fakrul Alam
 
Bangladesh Cyber Incident Trends 2013 & bdCERT Update
Bangladesh Cyber Incident Trends 2013 & bdCERT UpdateBangladesh Cyber Incident Trends 2013 & bdCERT Update
Bangladesh Cyber Incident Trends 2013 & bdCERT Update
Fakrul Alam
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27
APNIC
 
DNSSec
DNSSecDNSSec
DNSSec
Julien Pivotto
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
Men and Mice
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
Men and Mice
 
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Fakrul Alam
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
Men and Mice
 
Linux14 Dynamic DNS
Linux14 Dynamic DNSLinux14 Dynamic DNS
Linux14 Dynamic DNS
Jainul Musani
 

More Related Content

What's hot

Large BGP Communities
Large BGP CommunitiesLarge BGP Communities
Large BGP Communities
APNIC
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
Sanjeev Mishra
 
Fortinet FortiGate 100D
Fortinet FortiGate 100DFortinet FortiGate 100D
Fortinet FortiGate 100D
Hoai Duyen
 
RPKI Trust Anchor
RPKI Trust AnchorRPKI Trust Anchor
RPKI Trust Anchor
APNIC
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
MyNOG
 
MobilityFirst FIA in OpenFlow SDNs
MobilityFirst FIA in OpenFlow SDNsMobilityFirst FIA in OpenFlow SDNs
MobilityFirst FIA in OpenFlow SDNs
US-Ignite
 
MongoDB 2.8 bug hunt
MongoDB 2.8 bug huntMongoDB 2.8 bug hunt
MongoDB 2.8 bug hunt
Quentin Conner
 
Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI)
Bangladesh Network Operators Group
 
Routing security - Budapest 2011
Routing security - Budapest 2011Routing security - Budapest 2011
Routing security - Budapest 2011
Wardner Maia
 
What is a blockchain
What is a blockchainWhat is a blockchain
What is a blockchain
Len Bass
 
Securing BGP
Securing BGPSecuring BGP
Securing BGP
RIPE NCC
 
LACNIC Update
LACNIC UpdateLACNIC Update
LACNIC Update
APNIC
 

What's hot (13)

Large BGP Communities
Large BGP CommunitiesLarge BGP Communities
Large BGP Communities
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
 
Fortinet FortiGate 100D
Fortinet FortiGate 100DFortinet FortiGate 100D
Fortinet FortiGate 100D
 
RPKI Trust Anchor
RPKI Trust AnchorRPKI Trust Anchor
RPKI Trust Anchor
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
 
RPKI Tutorial
RPKI Tutorial RPKI Tutorial
RPKI Tutorial
 
MobilityFirst FIA in OpenFlow SDNs
MobilityFirst FIA in OpenFlow SDNsMobilityFirst FIA in OpenFlow SDNs
MobilityFirst FIA in OpenFlow SDNs
 
MongoDB 2.8 bug hunt
MongoDB 2.8 bug huntMongoDB 2.8 bug hunt
MongoDB 2.8 bug hunt
 
Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI)
 
Routing security - Budapest 2011
Routing security - Budapest 2011Routing security - Budapest 2011
Routing security - Budapest 2011
 
What is a blockchain
What is a blockchainWhat is a blockchain
What is a blockchain
 
Securing BGP
Securing BGPSecuring BGP
Securing BGP
 
LACNIC Update
LACNIC UpdateLACNIC Update
LACNIC Update
 

Viewers also liked

A week with analysing RPKI status
A week with analysing RPKI statusA week with analysing RPKI status
A week with analysing RPKI status
Fakrul Alam
 
Bangladesh Cyber Incident Trends 2013 & bdCERT Update
Bangladesh Cyber Incident Trends 2013 & bdCERT UpdateBangladesh Cyber Incident Trends 2013 & bdCERT Update
Bangladesh Cyber Incident Trends 2013 & bdCERT Update
Fakrul Alam
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27
APNIC
 
DNSSec
DNSSecDNSSec
DNSSec
Julien Pivotto
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
Men and Mice
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
Men and Mice
 
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Fakrul Alam
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
Men and Mice
 
Linux14 Dynamic DNS
Linux14 Dynamic DNSLinux14 Dynamic DNS
Linux14 Dynamic DNS
Jainul Musani
 
Linux15 dynamic dns-2
Linux15 dynamic dns-2Linux15 dynamic dns-2
Linux15 dynamic dns-2
Jainul Musani
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collectionFakrul Alam
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
Men and Mice
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
Men and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
Men and Mice
 
DDoS Attacks : Preparation Detection Mitigation
DDoS Attacks : Preparation Detection MitigationDDoS Attacks : Preparation Detection Mitigation
DDoS Attacks : Preparation Detection Mitigation
Fakrul Alam
 

Viewers also liked (15)

A week with analysing RPKI status
A week with analysing RPKI statusA week with analysing RPKI status
A week with analysing RPKI status
 
Bangladesh Cyber Incident Trends 2013 & bdCERT Update
Bangladesh Cyber Incident Trends 2013 & bdCERT UpdateBangladesh Cyber Incident Trends 2013 & bdCERT Update
Bangladesh Cyber Incident Trends 2013 & bdCERT Update
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27
 
DNSSec
DNSSecDNSSec
DNSSec
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
 
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Global Cyber Security trend & impact of Internet on the society of Bangladesh...
Global Cyber Security trend & impact of Internet on the society of Bangladesh...
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
 
Linux14 Dynamic DNS
Linux14 Dynamic DNSLinux14 Dynamic DNS
Linux14 Dynamic DNS
 
Linux15 dynamic dns-2
Linux15 dynamic dns-2Linux15 dynamic dns-2
Linux15 dynamic dns-2
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collection
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
 
DDoS Attacks : Preparation Detection Mitigation
DDoS Attacks : Preparation Detection MitigationDDoS Attacks : Preparation Detection Mitigation
DDoS Attacks : Preparation Detection Mitigation
 

Similar to Community tools to fight against DDoS

MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
Bangladesh Network Operators Group
 
LKNOG3-Keynote
LKNOG3-KeynoteLKNOG3-Keynote
LKNOG3-Keynote
LKNOG
 
LkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
LkNOG 3: Strengthening the Internet infrastructure in Sri LankaLkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
LkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
APNIC
 
Manrs 7_sept__indonesia
Manrs 7_sept__indonesiaManrs 7_sept__indonesia
Manrs 7_sept__indonesia
NaveenLakshman
 
BGP
BGPBGP
BGP
KHNOG
 
Detecting BGP Instability Using RQA
Detecting BGP Instability Using RQADetecting BGP Instability Using RQA
Detecting BGP Instability Using RQA
University of Kufa
 
Connecting Last Mile ISPs to Internet Exchange Points- BKNIX Case Study
Connecting Last Mile ISPs to Internet Exchange Points- BKNIX Case StudyConnecting Last Mile ISPs to Internet Exchange Points- BKNIX Case Study
Connecting Last Mile ISPs to Internet Exchange Points- BKNIX Case Study
Kittinan Sriprasert
 
Routing Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaRouting Security - its importance and status in South Asia
Routing Security - its importance and status in South Asia
Bangladesh Network Operators Group
 
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of BangladeshION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
Deploy360 Programme (Internet Society)
 
Secure BGP and Operational Report of Bangladesh
Secure BGP and Operational Report of BangladeshSecure BGP and Operational Report of Bangladesh
Secure BGP and Operational Report of Bangladesh
Bangladesh Network Operators Group
 
presentation_6352_1548734037.pdf
presentation_6352_1548734037.pdfpresentation_6352_1548734037.pdf
presentation_6352_1548734037.pdf
DaudSulaeman2
 
Routing Security, Another Elephant in the Room
Routing Security, Another Elephant in the RoomRouting Security, Another Elephant in the Room
Routing Security, Another Elephant in the Room
RIPE NCC
 
Where are we now: IPv6 deployment update - Brunei National IPv6 Day Conference
Where are we now: IPv6 deployment update - Brunei National IPv6 Day ConferenceWhere are we now: IPv6 deployment update - Brunei National IPv6 Day Conference
Where are we now: IPv6 deployment update - Brunei National IPv6 Day Conference
APNIC
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
APNIC
 
MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)
Rofiq Fauzi
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRT
APNIC
 
CATNIX: Desafíos y experiencia
CATNIX: Desafíos y experienciaCATNIX: Desafíos y experiencia
CATNIX: Desafíos y experiencia
CSUC - Consorci de Serveis Universitaris de Catalunya
 
Myanmar Member Gathering
Myanmar Member GatheringMyanmar Member Gathering
Myanmar Member Gathering
APNIC
 
RIPE NCC RIS (Routing Information Service)
RIPE NCC RIS (Routing Information Service)RIPE NCC RIS (Routing Information Service)
RIPE NCC RIS (Routing Information Service)
RIPE NCC
 

Similar to Community tools to fight against DDoS (20)

MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
LKNOG3-Keynote
LKNOG3-KeynoteLKNOG3-Keynote
LKNOG3-Keynote
 
LkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
LkNOG 3: Strengthening the Internet infrastructure in Sri LankaLkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
LkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
 
Manrs 7_sept__indonesia
Manrs 7_sept__indonesiaManrs 7_sept__indonesia
Manrs 7_sept__indonesia
 
BGP
BGPBGP
BGP
 
Detecting BGP Instability Using RQA
Detecting BGP Instability Using RQADetecting BGP Instability Using RQA
Detecting BGP Instability Using RQA
 
Connecting Last Mile ISPs to Internet Exchange Points- BKNIX Case Study
Connecting Last Mile ISPs to Internet Exchange Points- BKNIX Case StudyConnecting Last Mile ISPs to Internet Exchange Points- BKNIX Case Study
Connecting Last Mile ISPs to Internet Exchange Points- BKNIX Case Study
 
Routing Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaRouting Security - its importance and status in South Asia
Routing Security - its importance and status in South Asia
 
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of BangladeshION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
 
Secure BGP and Operational Report of Bangladesh
Secure BGP and Operational Report of BangladeshSecure BGP and Operational Report of Bangladesh
Secure BGP and Operational Report of Bangladesh
 
presentation_6352_1548734037.pdf
presentation_6352_1548734037.pdfpresentation_6352_1548734037.pdf
presentation_6352_1548734037.pdf
 
Routing Security, Another Elephant in the Room
Routing Security, Another Elephant in the RoomRouting Security, Another Elephant in the Room
Routing Security, Another Elephant in the Room
 
Where are we now: IPv6 deployment update - Brunei National IPv6 Day Conference
Where are we now: IPv6 deployment update - Brunei National IPv6 Day ConferenceWhere are we now: IPv6 deployment update - Brunei National IPv6 Day Conference
Where are we now: IPv6 deployment update - Brunei National IPv6 Day Conference
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRT
 
CATNIX: Desafíos y experiencia
CATNIX: Desafíos y experienciaCATNIX: Desafíos y experiencia
CATNIX: Desafíos y experiencia
 
Kinber ipv6-education-healthcare
Kinber ipv6-education-healthcareKinber ipv6-education-healthcare
Kinber ipv6-education-healthcare
 
Myanmar Member Gathering
Myanmar Member GatheringMyanmar Member Gathering
Myanmar Member Gathering
 
RIPE NCC RIS (Routing Information Service)
RIPE NCC RIS (Routing Information Service)RIPE NCC RIS (Routing Information Service)
RIPE NCC RIS (Routing Information Service)
 

More from Fakrul Alam

bdNOG Update in APRICOT 2015
bdNOG Update in APRICOT 2015bdNOG Update in APRICOT 2015
bdNOG Update in APRICOT 2015
Fakrul Alam
 
Bangladesh Cyber Security Status in Global Perspective
Bangladesh Cyber Security Status in Global PerspectiveBangladesh Cyber Security Status in Global Perspective
Bangladesh Cyber Security Status in Global Perspective
Fakrul Alam
 
Bangladesh Cyber Incident Trends 2012 & bdCERT Update
Bangladesh Cyber Incident Trends 2012 & bdCERT UpdateBangladesh Cyber Incident Trends 2012 & bdCERT Update
Bangladesh Cyber Incident Trends 2012 & bdCERT Update
Fakrul Alam
 
RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)
Fakrul Alam
 
bdNOG Update (APRICOT 2014)
bdNOG Update (APRICOT 2014)bdNOG Update (APRICOT 2014)
bdNOG Update (APRICOT 2014)
Fakrul Alam
 
IPv6 deployment status in Bangladesh
IPv6 deployment status in BangladeshIPv6 deployment status in Bangladesh
IPv6 deployment status in Bangladesh
Fakrul Alam
 

More from Fakrul Alam (6)

bdNOG Update in APRICOT 2015
bdNOG Update in APRICOT 2015bdNOG Update in APRICOT 2015
bdNOG Update in APRICOT 2015
 
Bangladesh Cyber Security Status in Global Perspective
Bangladesh Cyber Security Status in Global PerspectiveBangladesh Cyber Security Status in Global Perspective
Bangladesh Cyber Security Status in Global Perspective
 
Bangladesh Cyber Incident Trends 2012 & bdCERT Update
Bangladesh Cyber Incident Trends 2012 & bdCERT UpdateBangladesh Cyber Incident Trends 2012 & bdCERT Update
Bangladesh Cyber Incident Trends 2012 & bdCERT Update
 
RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)
 
bdNOG Update (APRICOT 2014)
bdNOG Update (APRICOT 2014)bdNOG Update (APRICOT 2014)
bdNOG Update (APRICOT 2014)
 
IPv6 deployment status in Bangladesh
IPv6 deployment status in BangladeshIPv6 deployment status in Bangladesh
IPv6 deployment status in Bangladesh
 

Community tools to fight against DDoS

  • 1. Community tools to fight against DDoS Fakrul Alam bdHUB Limited fakrul@bdhub.com
  • 2. bdNOG3 Conference | 18th May 2015 | Dhaka
  • 3. DDoS •  Distributed denial-of-service (DDoS) attacks target network infrastructures or computer services by sending overwhelming number of service requests to the server from many sources. •  Server resources are used up in serving the fake requests resulting in denial or degradation of legitimate service requests to be served bdNOG3 Conference | 18th May 2015 | Dhaka
  • 4. Addressing DDoS attacks •  Detection –  Detect incoming fake requests •  Mitigation –  Diversion : Send traffic to a specialized device that removes the fake packets from the traffic stream while retaining the legitimate packets –  Return : Send back the clean traffic to the server bdNOG3 Conference | 18th May 2015 | Dhaka
  • 5. 3 Community tools from Team Cymru •  Bogon Filter –  https://www.team-cymru.org/bogon-reference.html •  Flow Sonar –  https://www.team-cymru.org/Flow-Sonar.html •  UTRS (Unwanted Traffic Removal Service) –  https://www.team-cymru.org/UTRS/index.html bdNOG3 Conference | 18th May 2015 | Dhaka
  • 7. Bogon Filter •  A bogon prefix is a route that should never appear in the Internet routing table –  Bogons are defined as Martians (private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated to a RIR by the IANA •  These are commonly found as the source addresses of DDoS attacks •  Study shows 60% of the naughty packets were obvious bogons •  Bogon and fullbogon lists are NOT static lists bdNOG3 Conference | 18th May 2015 | Dhaka
  • 8. Bogon Filter : Configuration IPv4 bdNOG3 Conference | 18th May 2015 | Dhaka / you can forward these traffic and analyze /
  • 9. Bogon Filter : Configuration IPv6 bdNOG3 Conference | 18th May 2015 | Dhaka / you can forward these traffic and analyze /
  • 10. Bogon Filter : Output bdNOG3 Conference | 18th May 2015 | Dhaka
  • 11. Bogon Filter : Status •  The IPv4 traditional bogons list is currently 13 prefixes. •  fullbogons list is approximately 3,618 prefixes. •  The IPv6 fullbogons list is approximately 58,401 prefixes. –  [date : 18th May 2015] bdNOG3 Conference | 18th May 2015 | Dhaka
  • 12. Bogon Filter : Peering •  Contact bogonrs@cymru.com 1.  Which bogon types you wish to receive (traditional IPv4 bogons, IPv4 fullbogons, and/or IPv6 fullbogons) 2.  Your AS number 3.  The IP address(es) you want us to peer with 4.  Does your equipment support MD5 passwords for BGP sessions? 5.  Optional: your GPG/PGP public key •  https://www.team-cymru.org/bogon-reference- bgp.html bdNOG3 Conference | 18th May 2015 | Dhaka
  • 14. Flow Sonar •  The Team Cymru Flow Sonar system is a powerful tool for network managers to visually identify and understand what is happening on their network at any given time •  Leveraging the free and open-source framework provided by Peter Haag of SWITCH •  Special plugins "dosrannu" developed by Team Cymru to track malicious activity on your network •  Unique dosrannu feeds alerted to DDoS attacks, compromised machines, and the presence of connections to C&C hosts bdNOG3 Conference | 18th May 2015 | Dhaka
  • 15. Flow Sonar It’s  nfsens/nfdump!!!   bdNOG3 Conference | 18th May 2015 | Dhaka
  • 16. Flow Sonar : Get It •  Contact outreach@cymru.com 1.  Team Cymru will send hardware •  1 Server •  1 Router •  https://www.team-cymru.org/Flow-Sonar.html bdNOG3 Conference | 18th May 2015 | Dhaka
  • 17. 3. UTRS (Unwanted Traffic Removal Service)
  • 18. RTBH 101 CE IP : 1.2.3.4 BGP : 1.2.3.0/24 PE Transit I Transit II Provider InfraCustomer Infra Website Internet bdNOG3 Conference | 18th May 2015 | Dhaka
  • 19. RTBH 101 CE IP : 1.2.3.4 BGP : 1.2.3.0/24 PE Transit I Transit II Provider InfraCustomer Infra Website Internet DDoS Traffic DDoS Traffic DDoS Traffic bdNOG3 Conference | 18th May 2015 | Dhaka
  • 20. RTBH 101 CE IP : 1.2.3.4 BGP : 1.2.3.0/24 PE Transit I Transit II Provider InfraCustomer Infra Website Internet DDoS Traffic DDoS Traffic DDoS Traffic BGP : 1.2.3.4/32 COM : 65420:666 bdNOG3 Conference | 18th May 2015 | Dhaka
  • 21. RTBH 101 CE IP : 1.2.3.4 BGP : 1.2.3.0/24 PE Transit I Transit II Provider InfraCustomer Infra Website Internet DDoS Traffic BGP : 1.2.3.4/32 COM : 65420:666 IP : 1.2.3.4/32 -> discard IP : 1.2.3.4/32 -> discard bdNOG3 Conference | 18th May 2015 | Dhaka
  • 22. RTBH Upstream •  Check whether your upsteam provider support RTBH •  Configure & Test RTBH before incident •  Only announce IPv4 /32's from address space you originate or your customer bdNOG3 Conference | 18th May 2015 | Dhaka
  • 23. UTRS •  It’s based on the basic principle of DDoS filtering; Remotely Triggered Black Hole Filtering •  UTRS is a system that helps mitigate large infrastructure attacks by leveraging an existing network of cooperating BGP speakers such as ISPs, hosting providers and educational institutions that automatically distributes verified BGP-based filter rules from victim to cooperating networks bdNOG3 Conference | 18th May 2015 | Dhaka
  • 24. UTRS : Configuration bdNOG3 Conference | 18th May 2015 | Dhaka Make sure you tag the route properly
  • 25. UTRS : Apply •  Newly launched service –  Quite picky to choose whom to peer –  Do organization verification •  https://www.team-cymru.org/UTRS/index.html bdNOG3 Conference | 18th May 2015 | Dhaka
  • 26. How UTRS varies from RTBH with upstream!
  • 27. Other Efforts •  NANOG BCOP : DDoS-DoS-attack-BCOP –  http://bcop.nanog.org/index.php/DDoS-DoS-attack-BCOP bdNOG3 Conference | 18th May 2015 | Dhaka