SlideShare a Scribd company logo

DDoS Mitigation Tools and Techniques

Babak Farrokhi
Babak Farrokhi

This document discusses techniques for mitigating distributed denial of service (DDoS) attacks, including remotely triggered black hole filtering (RTBH) and BGP FlowSpec. It provides an overview of DDoS attack trends, types, and impacts. It also introduces the open-source FastNetMon tool for DDoS detection using network telemetry and introducing mitigation actions like flow blocking through integration with tools like ExaBGP.

Internet
1 of 40
DDoS Mitigation Tools and Techniques Babak Farrokhi MENOG 16
Introduction
What is a DDoS Attack? • A distributed attack that makes your online infrastructure totally inaccessible • Performed by a large number of infected hosts (zombies) • Complicated to defend Upstream Provider Your Infrastructure Your Connection Bots Bots Users
Attack Types Network Layer Attacks Exhausting your uplink Application Layer Attacks Overloading your servers Upstream Provider Your Infrastructure Your Connection Upstream Provider L7 Requests Your Infrastructure Your Connection
But I am not affected… ATTACKED MORE THAN ONCE 75% ATTACKED ON A WEEKLY BASIS 10% ATTACKED IN PAST 12 MONTHS 91% ORGANIZATIONS ATTACKED 45% Source: Imperva Q2 2015 DDoS Threat Landscape Report [1]
DDoS Attack Trends • 2014 vs. 2013 : Number of Attacked Doubled • Average DDoS Attack Size in 2014: 15Gbps • Average Damage of DDoS Attack: $40,000 /hour • Largest Application Layer Attack: ~180,000 RPS Source: Imperva Q2 2015 DDoS Threat Landscape Report [1]
Where are we going? • DDoS attacks may last for days or weeks • Attacks usually reappear • Network layer attacks are getting bigger (so, your defense should scale proportionally) • Operators should be equipped with appropriate equipment (and knowledge)
How it affects operators • Your customers cannot defend themselves (once attack hits a customer’s firewall, its too late) • Attack on one customer may affect the other customers, or the whole infrastructure • Loss of revenue • Loss of reputation • Legal Issues • Service Level degradation, missing SLA targets
Dealing with DDoS • Detection • Tools and Techniques • Mitigation • Best Practices
Mitigation
Mitigation Best Practices • S/RTBH [2] , D/RTBH [3] • FlowSpec [4] • Co-operative DDoS Mitigation [5] (IETF dots WG draft) • PBR
RTBH • Remotely Triggered Blackhole • D/RTBH: Based on destination address • S/RTBH: Based on source address • Widely in use by operators • Injecting routes to edge routers using iBGP to discard or redirect traffic to a sinkhole/scrubber • Blackholes all incoming traffic for a given host/network
D/RTBH • Victim’s (destination) address will be totally unreachable during attack • Makes victim unreachable to protect rest of the infrastructure / customers
S/RTBH • Uses uRPF (loose mode) to filter out traffic based on source address • Victim will be still reachable • Only effective in case of DoS or DDoS with limited number of source addresses
RTBH Upstream A Upstream B IXP A IXP B Customer Network Target Trigger Router NOC
RTBH Upstream A Upstream B IXP A IXP B Customer Network Target Trigger Router NOC
RTBH Upstream A Upstream B IXP A IXP B Customer Network Target Trigger Router NOC iBGP Advertise Blackhole Prefixes
Where should attack traffic go? • Discard • null0 on edge routers • Sinkhole • For further analysis / forensics • Scrubber • Clean malicious traffic
RTBH Problems • Discarding will keep target visible for local networks, but will be unavailable for others • Isn’t this what attackers wanted? • Scrubbing as an alternative to black-holing • It is usually done manually
BGP FlowSpec • Defined in RFC 5575 (IPv4) • Largely a work in progress - many extensions are proposed as IETF drafts • IPv6 support is still in draft state [6] (IETF idr WG) • Fairly new, not widely in use • JunOS 7.3 • IOS 15.5 , XE 3.14 • Defines a new BGP NLRI (Network Layer Reachability Information) format • Granular traffic flow matching based on L3/L4 information
FlowSpec use cases • Traffic Filter List / ACL distribution • Filtering harmful traffic based on Traffic Flow information • Replacement for classic S/RTBH and D/RTBH for DDoS mitigation
Flow Specification criteria • L3 Source / Destination Prefix • L4 Protocol (e.g. TCP, UDP, etc) • L4 Source / Destination Port • ICMP Types and Codes • TCP Flags • Packet Length • DSCP • Fragment
Traffic Filtering Actions • Defined as extended community attributes: • 0x8006 - traffic-rate (Rate Limiting or Discarding) • 0x8007 - traffic-action (Sampling) • 0x8008 - redirect (Redirecting to a VRF) • 0x8009 - traffic-marking (DSCP Tagging) • Additional actions are proposed [7]: • 0x8108 - redirect to IPv4 • 0x8208 - redirect to AS
ExaBGP • Open Source BGP Swiss Army Knife [8] • Supports many extensions, including IPv6, ASN4, MPLS, BMP and FlowSpec • Easy to use and extend (Show your Python / BASH mastery!) • Easily integrates with your existing tools/scripts (e.g. FastNetMon) to automate route/policy injection
Detection
DDoS Detection • Network Telemetry • Passive traffic flow information collection • NetFlow • sFLOW • IPFIX • Real-time analysis • Baselining • Pattern Matching
Detection Toolbox • Commercial (Arbor, Juniper, F5, RadWare, Checkpoint, etc) • OpenSource: FastNetMon [9]
FastNetMon • Flow Data Analysis • NetFlow (v5, v9) • sFlow (v4, v5) • IPFIX • High Performance Traffic Capture • PF_RING • netmap • SnabbSwitch
• Watches hosts for traffic anomalies • High bits/second • High packets/second • High flows/second • Runs External Trigger (e.g. custom script)
• Integration with ExaBGP (FlowSpec injection) • Integration with GoBGP (Unicast announces) • Custom thresholds • L2TP Decapsulation • MPLS untagging and VLAN processing • Supports major network attack types (TCP SYN, UDP, ICMP and IP Fragmentation floods) • Write your own plugin!
Sample Configuration ## action in case of attack
 
 enable_ban = on
 ban_time = 3600
 
 ## Different approaches to attack detection
 
 ban_for_pps = on
 ban_for_bandwidth = on
 ban_for_flows = off
 
 ## Limits for Dos/DDoS attacks
 
 threshold_pps = 20000
 threshold_mbps = 1000
 threshold_flows = 3500
Sample Configuration ## traffic capture method
 
 mirror = off
 mirror_netmap = off
 pcap = off
 netflow = on
 sflow = on
 
 netflow_port = 2055
 netflow_host = 0.0.0.0
 
 sflow_port = 6343
 sflow_host = 0.0.0.0
Sample Configuration ## action !!!
 
 notify_script_path = /usr/local/bin/ban.sh
 
 
 # ExaBGP could announce blocked IPs with BGP
 
 exabgp = on
 exabgp_command_pipe = /var/run/exabgp/exabgp.cmd
 exabgp_community = 65001:666
 exabgp_next_hop = 10.0.3.114
 exabgp_announce_whole_subnet = no

Upstream A Upstream B IXP A IXP B Customer Network Target NOCExaBGP FastNetMon NetFlow/sFlow Incoming DDoS
Upstream A Upstream B IXP A IXP B Customer Network Target NOC iBGP Advertise Blackhole Prefixes ExaBGP FastNetMon Block
FastNetMon at work
Questions?
References
• [1] http://lp.incapsula.com/ddos-report-2015.html • [2] RFC 3882 - Configuring BGP to Block Denial-of-Service Attacks • [3] RFC 5635 - Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF) • [4] RFC 5575 - Dissemination of Flow Specification Rules • [5] draft-reddy-dots-transport-00 - Co-operative DDoS Mitigation • [6] draft-ietf-idr-flow-spec-v6 - Dissemination of Flow Specification Rules for IPv6
• [7] RFC 7674 - Clarification of the Flowspec Redirect Extended Community • [8] https://github.com/Exa-Networks/exabgp • [9] https://github.com/pavel-odintsov/fastnetmon

Recommended

FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecОбеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecCisco Russia
 
9534715
95347159534715
9534715Pavel Odintsov
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
BGP Update Source
BGP Update Source BGP Update Source
BGP Update Source NetProtocol Xpert
 

Recommended

FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecОбеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecCisco Russia
 
9534715
95347159534715
9534715Pavel Odintsov
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
BGP Update Source
BGP Update Source BGP Update Source
BGP Update Source NetProtocol Xpert
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdPavel Odintsov
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRBangladesh Network Operators Group
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceBertrand Duvivier
 
DMVPN
DMVPNDMVPN
DMVPNNetProtocol Xpert
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesFebrian ‎
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedPavel Odintsov
 
Netmanias L2,L3 Training (3) L2, L3 QoS
Netmanias L2,L3 Training (3) L2, L3 QoSNetmanias L2,L3 Training (3) L2, L3 QoS
Netmanias L2,L3 Training (3) L2, L3 QoSChris Changmo Yoo
 
Sipwise rtpengine
Sipwise rtpengineSipwise rtpengine
Sipwise rtpengineAndreas Granig
 
BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotikAchmad Mardiansyah
 
Implementing IPv6 Segment Routing in the Linux kernel
Implementing IPv6 Segment Routing in the Linux kernelImplementing IPv6 Segment Routing in the Linux kernel
Implementing IPv6 Segment Routing in the Linux kernelOlivier Bonaventure
 
Ospf routing protocol
Ospf routing protocolOspf routing protocol
Ospf routing protocolEdgardo Scrimaglia
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISPWahyu Nasution
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
 
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANMUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANGLC Networks
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiPavel Odintsov
 

More Related Content

What's hot

FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdPavel Odintsov
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceBertrand Duvivier
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesFebrian ‎
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedPavel Odintsov
 
Netmanias L2,L3 Training (3) L2, L3 QoS
Netmanias L2,L3 Training (3) L2, L3 QoSNetmanias L2,L3 Training (3) L2, L3 QoS
Netmanias L2,L3 Training (3) L2, L3 QoSChris Changmo Yoo
 
Implementing IPv6 Segment Routing in the Linux kernel
Implementing IPv6 Segment Routing in the Linux kernelImplementing IPv6 Segment Routing in the Linux kernel
Implementing IPv6 Segment Routing in the Linux kernelOlivier Bonaventure
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
 
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANMUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANGLC Networks
 

What's hot (20)

FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection tool
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPd
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
 
DMVPN
DMVPNDMVPN
DMVPN
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow Spec
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & James
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume Based
 
Netmanias L2,L3 Training (3) L2, L3 QoS
Netmanias L2,L3 Training (3) L2, L3 QoSNetmanias L2,L3 Training (3) L2, L3 QoS
Netmanias L2,L3 Training (3) L2, L3 QoS
 
Sipwise rtpengine
Sipwise rtpengineSipwise rtpengine
Sipwise rtpengine
 
BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotik
 
Implementing IPv6 Segment Routing in the Linux kernel
Implementing IPv6 Segment Routing in the Linux kernelImplementing IPv6 Segment Routing in the Linux kernel
Implementing IPv6 Segment Routing in the Linux kernel
 
Ospf routing protocol
Ospf routing protocolOspf routing protocol
Ospf routing protocol
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking Walkthrough
 
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANMUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
 

Viewers also liked

Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiPavel Odintsov
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSPavel Odintsov
 
Lekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_flLekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_flPavel Odintsov
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonPavel Odintsov
 
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersLekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersPavel Odintsov
 

Viewers also liked (8)

Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simple
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka Ishizaki
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPS
 
Lekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_flLekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_fl
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solution
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
 
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersLekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
 

Similar to DDoS Mitigation Tools and Techniques

Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewMarketingArrowECS_CZ
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesSagi Brody
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPROIDEA
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesLogan Best
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?APNIC
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationWilson Rogerio Lopes
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPROIDEA
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7allanjude
 
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldHKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldTom Paseka
 
Export flows, group traffic, map application traffic and more: NetFlow Analyz...
Export flows, group traffic, map application traffic and more: NetFlow Analyz...Export flows, group traffic, map application traffic and more: NetFlow Analyz...
Export flows, group traffic, map application traffic and more: NetFlow Analyz...ManageEngine, Zoho Corporation
 
Practice of large Hadoop cluster in China Mobile
Practice of large Hadoop cluster in China MobilePractice of large Hadoop cluster in China Mobile
Practice of large Hadoop cluster in China MobileDataWorks Summit
 

Similar to DDoS Mitigation Tools and Techniques (20)

Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
 
DDoS - unstoppable menace
DDoS - unstoppable menaceDDoS - unstoppable menace
DDoS - unstoppable menace
 
DDoS - unstoppable menace
DDoS - unstoppable menaceDDoS - unstoppable menace
DDoS - unstoppable menace
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
 
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldHKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 World
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhs
 
Addios!
Addios!Addios!
Addios!
 
Export flows, group traffic, map application traffic and more: NetFlow Analyz...
Export flows, group traffic, map application traffic and more: NetFlow Analyz...Export flows, group traffic, map application traffic and more: NetFlow Analyz...
Export flows, group traffic, map application traffic and more: NetFlow Analyz...
 
Practice of large Hadoop cluster in China Mobile
Practice of large Hadoop cluster in China MobilePractice of large Hadoop cluster in China Mobile
Practice of large Hadoop cluster in China Mobile
 

Recently uploaded

On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 

DDoS Mitigation Tools and Techniques

  • 1. DDoS Mitigation Tools and Techniques Babak Farrokhi MENOG 16
  • 3. What is a DDoS Attack? • A distributed attack that makes your online infrastructure totally inaccessible • Performed by a large number of infected hosts (zombies) • Complicated to defend Upstream Provider Your Infrastructure Your Connection Bots Bots Users
  • 4. Attack Types Network Layer Attacks Exhausting your uplink Application Layer Attacks Overloading your servers Upstream Provider Your Infrastructure Your Connection Upstream Provider L7 Requests Your Infrastructure Your Connection
  • 5. But I am not affected… ATTACKED MORE THAN ONCE 75% ATTACKED ON A WEEKLY BASIS 10% ATTACKED IN PAST 12 MONTHS 91% ORGANIZATIONS ATTACKED 45% Source: Imperva Q2 2015 DDoS Threat Landscape Report [1]
  • 6. DDoS Attack Trends • 2014 vs. 2013 : Number of Attacked Doubled • Average DDoS Attack Size in 2014: 15Gbps • Average Damage of DDoS Attack: $40,000 /hour • Largest Application Layer Attack: ~180,000 RPS Source: Imperva Q2 2015 DDoS Threat Landscape Report [1]
  • 7. Where are we going? • DDoS attacks may last for days or weeks • Attacks usually reappear • Network layer attacks are getting bigger (so, your defense should scale proportionally) • Operators should be equipped with appropriate equipment (and knowledge)
  • 8. How it affects operators • Your customers cannot defend themselves (once attack hits a customer’s firewall, its too late) • Attack on one customer may affect the other customers, or the whole infrastructure • Loss of revenue • Loss of reputation • Legal Issues • Service Level degradation, missing SLA targets
  • 9. Dealing with DDoS • Detection • Tools and Techniques • Mitigation • Best Practices
  • 11. Mitigation Best Practices • S/RTBH [2] , D/RTBH [3] • FlowSpec [4] • Co-operative DDoS Mitigation [5] (IETF dots WG draft) • PBR
  • 12. RTBH • Remotely Triggered Blackhole • D/RTBH: Based on destination address • S/RTBH: Based on source address • Widely in use by operators • Injecting routes to edge routers using iBGP to discard or redirect traffic to a sinkhole/scrubber • Blackholes all incoming traffic for a given host/network
  • 13. D/RTBH • Victim’s (destination) address will be totally unreachable during attack • Makes victim unreachable to protect rest of the infrastructure / customers
  • 14. S/RTBH • Uses uRPF (loose mode) to filter out traffic based on source address • Victim will be still reachable • Only effective in case of DoS or DDoS with limited number of source addresses
  • 15. RTBH Upstream A Upstream B IXP A IXP B Customer Network Target Trigger Router NOC
  • 16. RTBH Upstream A Upstream B IXP A IXP B Customer Network Target Trigger Router NOC
  • 17. RTBH Upstream A Upstream B IXP A IXP B Customer Network Target Trigger Router NOC iBGP Advertise Blackhole Prefixes
  • 18. Where should attack traffic go? • Discard • null0 on edge routers • Sinkhole • For further analysis / forensics • Scrubber • Clean malicious traffic
  • 19. RTBH Problems • Discarding will keep target visible for local networks, but will be unavailable for others • Isn’t this what attackers wanted? • Scrubbing as an alternative to black-holing • It is usually done manually
  • 20. BGP FlowSpec • Defined in RFC 5575 (IPv4) • Largely a work in progress - many extensions are proposed as IETF drafts • IPv6 support is still in draft state [6] (IETF idr WG) • Fairly new, not widely in use • JunOS 7.3 • IOS 15.5 , XE 3.14 • Defines a new BGP NLRI (Network Layer Reachability Information) format • Granular traffic flow matching based on L3/L4 information
  • 21. FlowSpec use cases • Traffic Filter List / ACL distribution • Filtering harmful traffic based on Traffic Flow information • Replacement for classic S/RTBH and D/RTBH for DDoS mitigation
  • 22. Flow Specification criteria • L3 Source / Destination Prefix • L4 Protocol (e.g. TCP, UDP, etc) • L4 Source / Destination Port • ICMP Types and Codes • TCP Flags • Packet Length • DSCP • Fragment
  • 23. Traffic Filtering Actions • Defined as extended community attributes: • 0x8006 - traffic-rate (Rate Limiting or Discarding) • 0x8007 - traffic-action (Sampling) • 0x8008 - redirect (Redirecting to a VRF) • 0x8009 - traffic-marking (DSCP Tagging) • Additional actions are proposed [7]: • 0x8108 - redirect to IPv4 • 0x8208 - redirect to AS
  • 24. ExaBGP • Open Source BGP Swiss Army Knife [8] • Supports many extensions, including IPv6, ASN4, MPLS, BMP and FlowSpec • Easy to use and extend (Show your Python / BASH mastery!) • Easily integrates with your existing tools/scripts (e.g. FastNetMon) to automate route/policy injection
  • 26. DDoS Detection • Network Telemetry • Passive traffic flow information collection • NetFlow • sFLOW • IPFIX • Real-time analysis • Baselining • Pattern Matching
  • 27. Detection Toolbox • Commercial (Arbor, Juniper, F5, RadWare, Checkpoint, etc) • OpenSource: FastNetMon [9]
  • 28. FastNetMon • Flow Data Analysis • NetFlow (v5, v9) • sFlow (v4, v5) • IPFIX • High Performance Traffic Capture • PF_RING • netmap • SnabbSwitch
  • 29. • Watches hosts for traffic anomalies • High bits/second • High packets/second • High flows/second • Runs External Trigger (e.g. custom script)
  • 30. • Integration with ExaBGP (FlowSpec injection) • Integration with GoBGP (Unicast announces) • Custom thresholds • L2TP Decapsulation • MPLS untagging and VLAN processing • Supports major network attack types (TCP SYN, UDP, ICMP and IP Fragmentation floods) • Write your own plugin!
  • 31. Sample Configuration ## action in case of attack
 
 enable_ban = on
 ban_time = 3600
 
 ## Different approaches to attack detection
 
 ban_for_pps = on
 ban_for_bandwidth = on
 ban_for_flows = off
 
 ## Limits for Dos/DDoS attacks
 
 threshold_pps = 20000
 threshold_mbps = 1000
 threshold_flows = 3500
  • 32. Sample Configuration ## traffic capture method
 
 mirror = off
 mirror_netmap = off
 pcap = off
 netflow = on
 sflow = on
 
 netflow_port = 2055
 netflow_host = 0.0.0.0
 
 sflow_port = 6343
 sflow_host = 0.0.0.0
  • 33. Sample Configuration ## action !!!
 
 notify_script_path = /usr/local/bin/ban.sh
 
 
 # ExaBGP could announce blocked IPs with BGP
 
 exabgp = on
 exabgp_command_pipe = /var/run/exabgp/exabgp.cmd
 exabgp_community = 65001:666
 exabgp_next_hop = 10.0.3.114
 exabgp_announce_whole_subnet = no

  • 34. Upstream A Upstream B IXP A IXP B Customer Network Target NOCExaBGP FastNetMon NetFlow/sFlow Incoming DDoS
  • 35. Upstream A Upstream B IXP A IXP B Customer Network Target NOC iBGP Advertise Blackhole Prefixes ExaBGP FastNetMon Block
  • 39. • [1] http://lp.incapsula.com/ddos-report-2015.html • [2] RFC 3882 - Configuring BGP to Block Denial-of-Service Attacks • [3] RFC 5635 - Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF) • [4] RFC 5575 - Dissemination of Flow Specification Rules • [5] draft-reddy-dots-transport-00 - Co-operative DDoS Mitigation • [6] draft-ietf-idr-flow-spec-v6 - Dissemination of Flow Specification Rules for IPv6
  • 40. • [7] RFC 7674 - Clarification of the Flowspec Redirect Extended Community • [8] https://github.com/Exa-Networks/exabgp • [9] https://github.com/pavel-odintsov/fastnetmon