IPTP's Distributed Mitigation Managed Service (DMMS) provides superior DDoS mitigation compared to traditional clean pipe solutions. DMMS mitigates attacks across IPTP's global network of firewalls with no reaction time, no added latency, higher bandwidth limits, and no extra charges. Clean pipe solutions increase latency, have reaction times of 30 minutes to an hour, lower bandwidth capacity, and can incur extra costs for exceeding bandwidth limits.
DDoS attacks make headlines everyday, but how do they work and how can you defend against them? DDoS attacks can be high volume UDP traffic floods, SYN floods, DNS amplification, or Layer 7 HTTP attacks. Understanding how to protect yourself from DDoS is critical to doing business on the internet today. Suzanne Aldrich, a lead Solutions Engineer at Cloudflare, will cover how these attacks work, what is being targeted by the attackers, and how you can protect against the different attack types. She will cap the session with the rise in IoT attacks, and expectations for the future of web security.
DDoS attacks make headlines everyday, but how do they work and how can you defend against them? DDoS attacks can be high volume UDP traffic floods, SYN floods, DNS amplification, or Layer 7 HTTP attacks. Understanding how to protect yourself from DDoS is critical to doing business on the internet today. Suzanne Aldrich, a lead Solutions Engineer at Cloudflare, will cover how these attacks work, what is being targeted by the attackers, and how you can protect against the different attack types. She will cap the session with the rise in IoT attacks, and expectations for the future of web security.
https://2017.badcamp.net/session/devops-performance-security-privacy/beginner/anatomy-ddos-attack
High performance browser networking ch1,2,3Seung-Bum Lee
Presentation material including summary of "High Performance Browser Networking" by Ilya Grigorik. This book includes very good summary of computer network not only for internet browsing but also multimedia streaming.
APNIC Chief Scientist Geoff Huston presented on TCP and BBR at RIPE 76 in Marseille, France, calling for more research and testing of TCP experiments and scalibility of BBR in the face of important unsolved problems and unknowns.
DDoS attacks make headlines everyday, but how do they work and how can you defend against them? DDoS attacks can be high volume UDP traffic floods, SYN floods, DNS amplification, or Layer 7 HTTP attacks. Understanding how to protect yourself from DDoS is critical to doing business on the internet today. Suzanne Aldrich, a lead Solutions Engineer at Cloudflare, will cover how these attacks work, what is being targeted by the attackers, and how you can protect against the different attack types. She will cap the session with the rise in IoT attacks, and expectations for the future of web security.
DDoS attacks make headlines everyday, but how do they work and how can you defend against them? DDoS attacks can be high volume UDP traffic floods, SYN floods, DNS amplification, or Layer 7 HTTP attacks. Understanding how to protect yourself from DDoS is critical to doing business on the internet today. Suzanne Aldrich, a lead Solutions Engineer at Cloudflare, will cover how these attacks work, what is being targeted by the attackers, and how you can protect against the different attack types. She will cap the session with the rise in IoT attacks, and expectations for the future of web security.
https://2017.badcamp.net/session/devops-performance-security-privacy/beginner/anatomy-ddos-attack
High performance browser networking ch1,2,3Seung-Bum Lee
Presentation material including summary of "High Performance Browser Networking" by Ilya Grigorik. This book includes very good summary of computer network not only for internet browsing but also multimedia streaming.
APNIC Chief Scientist Geoff Huston presented on TCP and BBR at RIPE 76 in Marseille, France, calling for more research and testing of TCP experiments and scalibility of BBR in the face of important unsolved problems and unknowns.
Congestion control and quality of servicesJawad Ghumman
It explain the need for congestion control and quality of service.Congestion control refers to the mechanisms and techniques to control the congestion and keep the load below the capacity.
Techniques of achieving google quality of serviceSatya P. Joshi
Techniques of achieving google quality of service in multimedia and communication, Techniques of achieving google quality of service, Techniques of achieving google quality of service,
Congestion control and quality of servicesJawad Ghumman
It explain the need for congestion control and quality of service.Congestion control refers to the mechanisms and techniques to control the congestion and keep the load below the capacity.
Techniques of achieving google quality of serviceSatya P. Joshi
Techniques of achieving google quality of service in multimedia and communication, Techniques of achieving google quality of service, Techniques of achieving google quality of service,
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
This presentation cracks the code on devastating DDoS attacks, equipping you with insights and strategies to shield your systems and emerge victorious. Learn the devious tricks attackers use, explore robust defense mechanisms, and discover how to stay ahead of the curve in the ever-evolving cyber-warfare landscape. Prepare to turn the tables on malicious actors and ensure your operations run smoothly, even under siege!
This is a presentation i made about Denial of Service or a Distributed Denial of Service (DoS / DDoS) and the latest methods used to crash anything online and the future of such attacks which can disrupt the whole internet . Such attacks which are in TB's and can be launched from just single computer. And, there is not much that can be done to prevent them.
Scaling service provider business with DDoS-mitigation-as-a-serviceCloudflare
During the webinar, Vivek Ganti, Product Marketing Manager for Cloudflare, & Jim Hodges, Chief Analyst of Cloud and Security at Heavy Reading, discussed how service providers are regular targets of DDoS attacks, and how these attacks directly impact their uptime, availability, and revenue.
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...Amazon Web Services
Distributed denial of service (DDoS) attack mitigation has traditionally been a challenge for those hosting on fixed infrastructure. In the cloud, users can build applications on elastic infrastructure that is capable of mitigating and absorbing DDoS attacks. What once required overprovisioning, additional infrastructure, or third-party services is now an inherent capability of many cloud-based applications. This session explains common DDoS attack vectors and how AWS customers with different use cases are addressing these challenges. As part of the session, we show you how to build applications that are resilient to DDoS and demonstrate how they work in practice.
"In this session, we will address the current threat landscape, present DDoS attacks that we have seen on AWS, and discuss the methods and technologies we use to protect AWS services. You will leave this session with a better understanding of:
DDoS attacks on AWS as well as the actual threats and volumes that we typically see.
What AWS does to protect our services from these attacks.
How this all relates to the AWS Shared Responsibility Model."
Rethinking Security: Corsa Red Armor Network Security EnforcementCorsa Technology
Service providers, including Content Distribution Networks (CDN) and Internet Service Providers (ISP) are rapidly building 100G connections to meet customer and business needs. Meanwhile IoT has become real, enabling high-bandwidth DDoS attacks to explode. Protecting the network has become even more critical but finding the right mitigation solution is difficult.
Corsa’s new Red Armor NSE7000 Network Security Enforcement engine delivers scalable 100G DDoS protection at a considerable cost savings. This high-performance enforcement engine installs into existing DDoS architectures in 10 minutes and interoperates with existing DDOS detection technology providing the necessary 100G line rate enforcement as a bump in the wire.
2. In this presentation we are going to compare two ways of mitigating a volumetric DDoS attack:
a traditional and more commonly used Clean Pipe, Scrubbing or Cleaning Center Solution and
Distributed Mitigation Managed Service (DMMS) against DDoS based on Cleaning Network by IPTP Networks.
The comparison will be based on four key aspects associated with volumetric DDoS Mitigation:
CLEAN
PIPE
IPTP
DMMS
NetwoRK
VS
Latency
Reaction Time
1 Bandwidth
Expenses
3
42
www.iptp.net
3. Volumetric distributed Denial-of-Service (DDoS) is a special type of denial of service attack where the malicious
traffic is generated from multiple sources (for example, botnets or remotely controlled computers also known as
'zombies'). These attacks can come in different forms: DNS amplification, Reflexion attacks, SMURF and etc.
What is volumetric DDoS?
ISP2
ISP3
ISP1
50m
s
50 m
s
50 ms
Global
Internet
TARGET
SERVER
Error 504 Gateway Timeout
Error 504 Gateway Timeout
www.iptp.net
Malicious traffic
Legitimate traffic
Malicious traffic source
Legitimate traffic source
Router
High traffic load
4. Dangers of DDoS
Error 504
Gateway timeout
The message received when the user is
unable to reach web resources
under the Denial-of-Service attack.
www.iptp.net
600
550
500
450
400
350
300
250
200
150
100
50
0
2009 2010 2011 2012 2013 2014 2015 2016
100 Gbps
60 Gbps
500 Gbps
602 GbpsSurvey of DDoS attacks size peak over the years
Successful DDoS attack causes the target
system to stop responding, which can
degrade network in several ways:
• Slowing down access and network performance
by overloading it with malicious traffic.
• Causing unavailability of a targeted network
resource.
• Limiting the ability to access certain resources
such as servers, cloud and etc.
• Creating a diversion for network administrators
and using this to obtain unauthorized access to con-
fidential or sensitive information (A data breach).
6. How Clean Pipe solution works?www.iptp.net
ISP2
ISP3
DDoS
Mitigation
Service Provider
ISP1
50m
s
50 ms
50 ms
Global
Internet
TARGET
SERVER
CLEANING
CENTER
EXTRA BANDWIDTH
REQUIRED! ADDITIONAL
CHARGES OR LIMIT MAY APPLY
50 ms
FALSE TARGET
50 ms
Latency increased!
Latency increased!
A tunnel (Clean pipe)
Malicious traffic
Legitimate traffic
Malicious traffic source
Legitimate traffic source
Router
Low traffic load
High traffic load
Mitigation of volumetric DDoS on
limited network nodes.
Up to 3600 seconds
of reaction time.
Latency added
to the service.
Limited bandwidth capacity.
Extra charges for
bandwidth overload.
7. IPTP DMMS Networkwww.iptp.net
ISP2
ISP3
ISP1
50
m
s
50 ms
Global
Internet
IPTP Networks
global MPLS network
TARGET
SERVER
IPTP DMMS Firewalls
Malicious traffic
Legitimate traffic
Malicious traffic source
Legitimate traffic source
Router
High traffic load
Distributed mitigation on a global network perimeter.
No reaction time.
No added latency.
Bandwidth limits higher
by an order of magnitude.
No extra charges for
bandwidth overload.
8. 1.1 Latency
ISP1 ISP2 CLEANING
CENTER
ISP3 TARGET
SERVER
WEB-SITE
VISITOR
50 ms 50 ms 50 ms 50 ms 50 ms
www.iptp.net
Clean Pipe or Cleaning Center
The route of an IP packet during a volumetric DDoS attack,
when redirected through the Cleaning Center.
• The traffic is routed through the Cleaning Center in both directions, which increases the number of
network nodes between the user and protected server.
• The created route results in additional distance for the IP packets to travel through, slowing down
the burst rate and dramatically increasing the latency.
9. 1.2 Latency
• IP packets do not go any extra distances. Instead they move from the web-site visitor to the Target
Server and back exclusively via our distributed firewalls.
• All our firewalls are geographically-dispersed across the globe, applying distributed protection
against volumetric DDoS while adding no latency.
• This allows the traffic to be mitigated on the closest available firewalls, balancing the traffic load.
www.iptp.net
The route of an IP packet during a volumetric DDoS attack,
when protected by IPTP DMMS Network
IPTP
NETWORKS
IPTP
FIREWALL
TARGET
SERVER
WEB-SITE
VISITOR
IPTP DMMS Network
10. 2.1 Reaction Time
Reaction time is the time from detection of a DDoS attack to a counter-reaction against it. From
when the first malicious packets arrive at the customer's doorstep to when they start being filtered
by a DDoS Mitigation Service Provider is also the period when the target infrastructure suffers
service unavailability, which if prolonged could lead to severe consequences.
3600sec
up to
sec
≈VS
Cleaning
Center
IPTP DMMS
Network
www.iptp.net
0
11. 2.2 Reaction Time
• The time to recognise the problem, report to the provider and establish a tunnel results in delay
for the mitigation.
• Setting up a new tunnel every time DDoS attack occurs can be extremely time-consuming.
• It can take from 30 minutes to 1 hour and even longer for the mitigation to begin.
www.iptp.net
DDoS
Detect Report
to provider
Establish
a tunnel
Clean pipe or Cleaning Center
12. 2.3 Reaction Timewww.iptp.net
• No time consumption for setting up a tunnel, instead the traffic is filtered directly at the border of
IPTP DMMS Network.
• No manual set-up.
• No tunnel required, the mitigation is carried out on the closest network equipment.
ROUTER IPTP
FIREWALL
TARGET
SERVER
WEB-SITE
VISITOR
“ZOMBIE”“ZOMBIE” “ZOMBIE”
Global Internet
IPTP GLOBAL
MPLS NETWORK
BOTNET
IPTP DMMS Network
IPTP
FIREWALL
13. www.iptp.net 3.1 Bandwidth
• Cleaning Center is normally located within one geographical point, normally this means a
restricted number of communications channels and a limited internet capacity.
• When the attack size exceeds Cleaning Centers capacity it results in channel aggregation as the
ports cease to withstand the traffic load.
Clean Pipe or Cleaning Center
Global
Internet
ISP1
ISP2
ISP3
CLEANING
CENTER
DDOS
MITIGATION
SERVICE PROVIDER
TARGET
SERVER
ISP4
14. IPTP DMMS Network
www.iptp.net 3.2 Bandwidth
• 1500 10 Gbps ports distributed across the globe and the total network capacity of over 30 Tb/s
allows to withstand heavy-bandwidth DDoS attacks, without the risk of service degradation.
• No cleaning centers, no additional tunnels and no limited network nodes.
• Distribution of traffic among multiple points in our network - no combined volume of traffic on one
network node.
OVER
150010 Gbps
ports
total
network capacity
30Tbps
DATA
CENTERS IN
22countries
worldwide
15. • When additional bandwidth is required, the ISP will charge the DDoS Mitigation Service Provider,
increasing the mitigation costs.
• The established tunnel and the attack traffic are often redirected through the routers of the same
ISP, escalating the traffic load. This results in extra-charges for the bandwidth.
www.iptp.net
Clean pipe or Cleaning Center
4.1 Expenses
Global
Internet
ISP1
ISP2
ISP3
CLEANING
CENTER
DDOS
MITIGATION
SERVICE PROVIDER
TARGET
SERVER
ISP4
$
BILL
$
BILL
Bill for extra bandwidth
Bill for extra traffic
16. 4.2 Expenseswww.iptp.net
IPTP DMMS Network
• Can mitigate bandwidth-heavy DDoS attacks while applying no additional charges for the traffic.
• Advanced firewalls can handle multi-gigabits of traffic and filter any types of floods
(ICMP, UDP, SYN and others).
• As a One-Stop-IT-Shop we help to save costs for service provision, management and maintenance.
Limassol Dubai
Istanbul
Amsterdam
Helsinki
London
Slough
Paris
Marseille
Kiev
Stockholm
Zürich
Milan
Madrid
Frankfurt
Moscow
St.Petersburg
Novosibirsk
Vladivostok
Ashburn
Atlanta Dallas
Denver
ChicagoMiami
New York
Los Angeles
San Jose
Seattle
Washington
Toronto
São Paulo
Beijing
Hong Kong
Taipei
Singapore
Seoul
Tokyo
Mumbai Johannesburg
Nicosia
0USD
extra
traffic CHARGE
17. Summary
No reaction time.
No added latency
Bandwidth limits higher
by an order of magnitude
No extra charges for bandwidth overload
No volumetric DDoS
To summarise, Distributed Mitigation Managed Service
against DDoS by IPTP Networks covers
all the main aspects associated with DDoS Mitigation,
leaving you with:
www.iptp.net
Geographical
destribution
Advanced
firewalls
Highnetwork
capacity
Zeroreactiontime
Noextra
trafficcharges
No additional
latency
IPTP
DMMS
Network