SlideShare a Scribd company logo

DMMS presentation25

Yuri Alimov
Yuri Alimov

IPTP's Distributed Mitigation Managed Service (DMMS) provides superior DDoS mitigation compared to traditional clean pipe solutions. DMMS mitigates attacks across IPTP's global network of firewalls with no reaction time, no added latency, higher bandwidth limits, and no extra charges. Clean pipe solutions increase latency, have reaction times of 30 minutes to an hour, lower bandwidth capacity, and can incur extra costs for exceeding bandwidth limits.

1 of 17
Download to read offline
Distributed Mitigation Managed Service against DDoS (DMMS) www.iptp.net Better network, not just a bigger one.
In this presentation we are going to compare two ways of mitigating a volumetric DDoS attack: a traditional and more commonly used Clean Pipe, Scrubbing or Cleaning Center Solution and Distributed Mitigation Managed Service (DMMS) against DDoS based on Cleaning Network by IPTP Networks. The comparison will be based on four key aspects associated with volumetric DDoS Mitigation: CLEAN PIPE IPTP DMMS NetwoRK VS Latency Reaction Time 1 Bandwidth Expenses 3 42 www.iptp.net
Volumetric distributed Denial-of-Service (DDoS) is a special type of denial of service attack where the malicious traffic is generated from multiple sources (for example, botnets or remotely controlled computers also known as 'zombies'). These attacks can come in different forms: DNS amplification, Reflexion attacks, SMURF and etc. What is volumetric DDoS? ISP2 ISP3 ISP1 50m s 50 m s 50 ms Global Internet TARGET SERVER Error 504 Gateway Timeout Error 504 Gateway Timeout www.iptp.net Malicious traffic Legitimate traffic Malicious traffic source Legitimate traffic source Router High traffic load
Dangers of DDoS Error 504 Gateway timeout The message received when the user is unable to reach web resources under the Denial-of-Service attack. www.iptp.net 600 550 500 450 400 350 300 250 200 150 100 50 0 2009 2010 2011 2012 2013 2014 2015 2016 100 Gbps 60 Gbps 500 Gbps 602 GbpsSurvey of DDoS attacks size peak over the years Successful DDoS attack causes the target system to stop responding, which can degrade network in several ways: • Slowing down access and network performance by overloading it with malicious traffic. • Causing unavailability of a targeted network resource. • Limiting the ability to access certain resources such as servers, cloud and etc. • Creating a diversion for network administrators and using this to obtain unauthorized access to con- fidential or sensitive information (A data breach).
Loss in revenue 1% 8% 12% 15% 5% 5% 7% 11% 21% 15% Estimated loss in revenue for each minute of downtime. * * — Ponemon Institute© Research Report $1—10 $10—100 $100—1 000 $1 000—5 000 $5 000—10 000 $10 000—25 000 $25 000—50 000 $50 000—100 000 over $100 000 hard to determine Average total loss per minute $21, 699 www.iptp.net
How Clean Pipe solution works?www.iptp.net ISP2 ISP3 DDoS Mitigation Service Provider ISP1 50m s 50 ms 50 ms Global Internet TARGET SERVER CLEANING CENTER EXTRA BANDWIDTH REQUIRED! ADDITIONAL CHARGES OR LIMIT MAY APPLY 50 ms FALSE TARGET 50 ms Latency increased! Latency increased! A tunnel (Clean pipe) Malicious traffic Legitimate traffic Malicious traffic source Legitimate traffic source Router Low traffic load High traffic load Mitigation of volumetric DDoS on limited network nodes. Up to 3600 seconds of reaction time. Latency added to the service. Limited bandwidth capacity. Extra charges for bandwidth overload.
IPTP DMMS Networkwww.iptp.net ISP2 ISP3 ISP1 50 m s 50 ms Global Internet IPTP Networks global MPLS network TARGET SERVER IPTP DMMS Firewalls Malicious traffic Legitimate traffic Malicious traffic source Legitimate traffic source Router High traffic load Distributed mitigation on a global network perimeter. No reaction time. No added latency. Bandwidth limits higher by an order of magnitude. No extra charges for bandwidth overload.
1.1 Latency ISP1 ISP2 CLEANING CENTER ISP3 TARGET SERVER WEB-SITE VISITOR 50 ms 50 ms 50 ms 50 ms 50 ms www.iptp.net Clean Pipe or Cleaning Center The route of an IP packet during a volumetric DDoS attack, when redirected through the Cleaning Center. • The traffic is routed through the Cleaning Center in both directions, which increases the number of network nodes between the user and protected server. • The created route results in additional distance for the IP packets to travel through, slowing down the burst rate and dramatically increasing the latency.
1.2 Latency • IP packets do not go any extra distances. Instead they move from the web-site visitor to the Target Server and back exclusively via our distributed firewalls. • All our firewalls are geographically-dispersed across the globe, applying distributed protection against volumetric DDoS while adding no latency. • This allows the traffic to be mitigated on the closest available firewalls, balancing the traffic load. www.iptp.net The route of an IP packet during a volumetric DDoS attack, when protected by IPTP DMMS Network IPTP NETWORKS IPTP FIREWALL TARGET SERVER WEB-SITE VISITOR IPTP DMMS Network
2.1 Reaction Time Reaction time is the time from detection of a DDoS attack to a counter-reaction against it. From when the first malicious packets arrive at the customer's doorstep to when they start being filtered by a DDoS Mitigation Service Provider is also the period when the target infrastructure suffers service unavailability, which if prolonged could lead to severe consequences. 3600sec up to sec ≈VS Cleaning Center IPTP DMMS Network www.iptp.net 0
2.2 Reaction Time • The time to recognise the problem, report to the provider and establish a tunnel results in delay for the mitigation. • Setting up a new tunnel every time DDoS attack occurs can be extremely time-consuming. • It can take from 30 minutes to 1 hour and even longer for the mitigation to begin. www.iptp.net DDoS Detect Report to provider Establish a tunnel Clean pipe or Cleaning Center
2.3 Reaction Timewww.iptp.net • No time consumption for setting up a tunnel, instead the traffic is filtered directly at the border of IPTP DMMS Network. • No manual set-up. • No tunnel required, the mitigation is carried out on the closest network equipment. ROUTER IPTP FIREWALL TARGET SERVER WEB-SITE VISITOR “ZOMBIE”“ZOMBIE” “ZOMBIE” Global Internet IPTP GLOBAL MPLS NETWORK BOTNET IPTP DMMS Network IPTP FIREWALL
www.iptp.net 3.1 Bandwidth • Cleaning Center is normally located within one geographical point, normally this means a restricted number of communications channels and a limited internet capacity. • When the attack size exceeds Cleaning Centers capacity it results in channel aggregation as the ports cease to withstand the traffic load. Clean Pipe or Cleaning Center Global Internet ISP1 ISP2 ISP3 CLEANING CENTER DDOS MITIGATION SERVICE PROVIDER TARGET SERVER ISP4
IPTP DMMS Network www.iptp.net 3.2 Bandwidth • 1500 10 Gbps ports distributed across the globe and the total network capacity of over 30 Tb/s allows to withstand heavy-bandwidth DDoS attacks, without the risk of service degradation. • No cleaning centers, no additional tunnels and no limited network nodes. • Distribution of traffic among multiple points in our network - no combined volume of traffic on one network node. OVER 150010 Gbps ports total network capacity 30Tbps DATA CENTERS IN 22countries worldwide
• When additional bandwidth is required, the ISP will charge the DDoS Mitigation Service Provider, increasing the mitigation costs. • The established tunnel and the attack traffic are often redirected through the routers of the same ISP, escalating the traffic load. This results in extra-charges for the bandwidth. www.iptp.net Clean pipe or Cleaning Center 4.1 Expenses Global Internet ISP1 ISP2 ISP3 CLEANING CENTER DDOS MITIGATION SERVICE PROVIDER TARGET SERVER ISP4 $ BILL $ BILL Bill for extra bandwidth Bill for extra traffic
4.2 Expenseswww.iptp.net IPTP DMMS Network • Can mitigate bandwidth-heavy DDoS attacks while applying no additional charges for the traffic. • Advanced firewalls can handle multi-gigabits of traffic and filter any types of floods (ICMP, UDP, SYN and others). • As a One-Stop-IT-Shop we help to save costs for service provision, management and maintenance. Limassol Dubai Istanbul Amsterdam Helsinki London Slough Paris Marseille Kiev Stockholm Zürich Milan Madrid Frankfurt Moscow St.Petersburg Novosibirsk Vladivostok Ashburn Atlanta Dallas Denver ChicagoMiami New York Los Angeles San Jose Seattle Washington Toronto São Paulo Beijing Hong Kong Taipei Singapore Seoul Tokyo Mumbai Johannesburg Nicosia 0USD extra traffic CHARGE
Summary No reaction time. No added latency Bandwidth limits higher by an order of magnitude No extra charges for bandwidth overload No volumetric DDoS To summarise, Distributed Mitigation Managed Service against DDoS by IPTP Networks covers all the main aspects associated with DDoS Mitigation, leaving you with: www.iptp.net Geographical destribution Advanced firewalls Highnetwork capacity Zeroreactiontime Noextra trafficcharges No additional latency IPTP DMMS Network

Recommended

DMMS presentation29
DMMS presentation29DMMS presentation29
DMMS presentation29Yuri Alimov
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
APNIC
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
Suzanne Aldrich
 
BADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSBADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoS
Suzanne Aldrich
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoS
Vihari Piratla
 
High performance browser networking ch1,2,3
High performance browser networking ch1,2,3High performance browser networking ch1,2,3
High performance browser networking ch1,2,3
Seung-Bum Lee
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDNVishal Vasudev
 
RIPE 76: TCP and BBR
RIPE 76: TCP and BBRRIPE 76: TCP and BBR
RIPE 76: TCP and BBR
APNIC
 

Recommended

DMMS presentation29
DMMS presentation29DMMS presentation29
DMMS presentation29Yuri Alimov
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
APNIC
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
Suzanne Aldrich
 
BADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSBADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoS
Suzanne Aldrich
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoS
Vihari Piratla
 
High performance browser networking ch1,2,3
High performance browser networking ch1,2,3High performance browser networking ch1,2,3
High performance browser networking ch1,2,3
Seung-Bum Lee
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDNVishal Vasudev
 
RIPE 76: TCP and BBR
RIPE 76: TCP and BBRRIPE 76: TCP and BBR
RIPE 76: TCP and BBR
APNIC
 
Chap24
Chap24Chap24
Chap24
Waqas !!!!
 
Congestion control and quality of services
Congestion control and quality of servicesCongestion control and quality of services
Congestion control and quality of services
Jawad Ghumman
 
Congestion control
Congestion control Congestion control
Congestion control
arkaarka3
 
Congestion control
Congestion controlCongestion control
Congestion control
Madhusudhan G
 
Congestion on computer network
Congestion on computer networkCongestion on computer network
Congestion on computer networkDisi Dc
 
Congestion avoidance in TCP
Congestion avoidance in TCPCongestion avoidance in TCP
Congestion avoidance in TCP
selvakumar_b1985
 
Congestion Control
Congestion ControlCongestion Control
Congestion Control
Ram Dutt Shukla
 
Congestion control
Congestion controlCongestion control
Congestion control
Noushad Hasan
 
QoS (quality of service)
QoS (quality of service)QoS (quality of service)
QoS (quality of service)
Sri Safrina
 
Server Load Balancer Test Methodology
Server Load Balancer Test MethodologyServer Load Balancer Test Methodology
Server Load Balancer Test Methodology
Ixia
 
Vpn intro by dongshuzhao
Vpn intro by dongshuzhaoVpn intro by dongshuzhao
Vpn intro by dongshuzhao
fantasy zheng
 
Techniques of achieving google quality of service
Techniques of achieving google quality of serviceTechniques of achieving google quality of service
Techniques of achieving google quality of service
Satya P. Joshi
 
powerpoint
powerpointpowerpoint
powerpointVideoguy
 
Congestion Control
Congestion ControlCongestion Control
Congestion Control
VaishnaviVaishnavi17
 
Time-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerTime-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN Controller
Lippo Group Digital
 
Quality of Service
Quality of ServiceQuality of Service
Quality of Service
silenceIT Inc.
 
Congestion control and quality of service
Congestion control and quality of serviceCongestion control and quality of service
Congestion control and quality of service
JUW Jinnah University for Women
 
Quality of service(qos) by M.BILAL.SATTI
Quality of service(qos) by M.BILAL.SATTIQuality of service(qos) by M.BILAL.SATTI
Quality of service(qos) by M.BILAL.SATTI
Muhammad Bilal Satti
 
Cvc2009 Moscow Repeater+Ica Fabian Kienle Final
Cvc2009 Moscow Repeater+Ica Fabian Kienle FinalCvc2009 Moscow Repeater+Ica Fabian Kienle Final
Cvc2009 Moscow Repeater+Ica Fabian Kienle FinalLiudmila Li
 
Picturetel RSVP and Weighted Fair Queuing
Picturetel RSVP and Weighted Fair QueuingPicturetel RSVP and Weighted Fair Queuing
Picturetel RSVP and Weighted Fair QueuingVideoguy
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptx
dawitTerefe5
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga
 

More Related Content

What's hot

Chap24
Chap24Chap24
Chap24
Waqas !!!!
 
Congestion control and quality of services
Congestion control and quality of servicesCongestion control and quality of services
Congestion control and quality of services
Jawad Ghumman
 
Congestion control
Congestion control Congestion control
Congestion control
arkaarka3
 
Congestion control
Congestion controlCongestion control
Congestion control
Madhusudhan G
 
Congestion on computer network
Congestion on computer networkCongestion on computer network
Congestion on computer networkDisi Dc
 
Congestion avoidance in TCP
Congestion avoidance in TCPCongestion avoidance in TCP
Congestion avoidance in TCP
selvakumar_b1985
 
Congestion Control
Congestion ControlCongestion Control
Congestion Control
Ram Dutt Shukla
 
Congestion control
Congestion controlCongestion control
Congestion control
Noushad Hasan
 
QoS (quality of service)
QoS (quality of service)QoS (quality of service)
QoS (quality of service)
Sri Safrina
 
Server Load Balancer Test Methodology
Server Load Balancer Test MethodologyServer Load Balancer Test Methodology
Server Load Balancer Test Methodology
Ixia
 
Vpn intro by dongshuzhao
Vpn intro by dongshuzhaoVpn intro by dongshuzhao
Vpn intro by dongshuzhao
fantasy zheng
 
Techniques of achieving google quality of service
Techniques of achieving google quality of serviceTechniques of achieving google quality of service
Techniques of achieving google quality of service
Satya P. Joshi
 
powerpoint
powerpointpowerpoint
powerpointVideoguy
 
Congestion Control
Congestion ControlCongestion Control
Congestion Control
VaishnaviVaishnavi17
 
Time-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerTime-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN Controller
Lippo Group Digital
 
Quality of Service
Quality of ServiceQuality of Service
Quality of Service
silenceIT Inc.
 
Congestion control and quality of service
Congestion control and quality of serviceCongestion control and quality of service
Congestion control and quality of service
JUW Jinnah University for Women
 
Quality of service(qos) by M.BILAL.SATTI
Quality of service(qos) by M.BILAL.SATTIQuality of service(qos) by M.BILAL.SATTI
Quality of service(qos) by M.BILAL.SATTI
Muhammad Bilal Satti
 
Cvc2009 Moscow Repeater+Ica Fabian Kienle Final
Cvc2009 Moscow Repeater+Ica Fabian Kienle FinalCvc2009 Moscow Repeater+Ica Fabian Kienle Final
Cvc2009 Moscow Repeater+Ica Fabian Kienle FinalLiudmila Li
 
Picturetel RSVP and Weighted Fair Queuing
Picturetel RSVP and Weighted Fair QueuingPicturetel RSVP and Weighted Fair Queuing
Picturetel RSVP and Weighted Fair QueuingVideoguy
 

What's hot (20)

Chap24
Chap24Chap24
Chap24
 
Congestion control and quality of services
Congestion control and quality of servicesCongestion control and quality of services
Congestion control and quality of services
 
Congestion control
Congestion control Congestion control
Congestion control
 
Congestion control
Congestion controlCongestion control
Congestion control
 
Congestion on computer network
Congestion on computer networkCongestion on computer network
Congestion on computer network
 
Congestion avoidance in TCP
Congestion avoidance in TCPCongestion avoidance in TCP
Congestion avoidance in TCP
 
Congestion Control
Congestion ControlCongestion Control
Congestion Control
 
Congestion control
Congestion controlCongestion control
Congestion control
 
QoS (quality of service)
QoS (quality of service)QoS (quality of service)
QoS (quality of service)
 
Server Load Balancer Test Methodology
Server Load Balancer Test MethodologyServer Load Balancer Test Methodology
Server Load Balancer Test Methodology
 
Vpn intro by dongshuzhao
Vpn intro by dongshuzhaoVpn intro by dongshuzhao
Vpn intro by dongshuzhao
 
Techniques of achieving google quality of service
Techniques of achieving google quality of serviceTechniques of achieving google quality of service
Techniques of achieving google quality of service
 
powerpoint
powerpointpowerpoint
powerpoint
 
Congestion Control
Congestion ControlCongestion Control
Congestion Control
 
Time-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerTime-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN Controller
 
Quality of Service
Quality of ServiceQuality of Service
Quality of Service
 
Congestion control and quality of service
Congestion control and quality of serviceCongestion control and quality of service
Congestion control and quality of service
 
Quality of service(qos) by M.BILAL.SATTI
Quality of service(qos) by M.BILAL.SATTIQuality of service(qos) by M.BILAL.SATTI
Quality of service(qos) by M.BILAL.SATTI
 
Cvc2009 Moscow Repeater+Ica Fabian Kienle Final
Cvc2009 Moscow Repeater+Ica Fabian Kienle FinalCvc2009 Moscow Repeater+Ica Fabian Kienle Final
Cvc2009 Moscow Repeater+Ica Fabian Kienle Final
 
Picturetel RSVP and Weighted Fair Queuing
Picturetel RSVP and Weighted Fair QueuingPicturetel RSVP and Weighted Fair Queuing
Picturetel RSVP and Weighted Fair Queuing
 

Similar to DMMS presentation25

UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptx
dawitTerefe5
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PROIDEA
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
PriyadharshiniHemaku
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
APNIC
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
Gaurav Sharma
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014Raleigh ISSA
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1
InfoSec Girls
 
9534715
95347159534715
9534715
Pavel Odintsov
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
Cloudflare
 
Lec 3(Isp and Security)
Lec 3(Isp and Security)Lec 3(Isp and Security)
Lec 3(Isp and Security)
maamir farooq
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
Amazon Web Services
 
Ntp in Amplification Inferno
Ntp in Amplification InfernoNtp in Amplification Inferno
Ntp in Amplification Inferno
Sriram Krishnan
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)
Infradata
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PROIDEA
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
Amazon Web Services
 
Rethinking Security: Corsa Red Armor Network Security Enforcement
Rethinking Security: Corsa Red Armor Network Security EnforcementRethinking Security: Corsa Red Armor Network Security Enforcement
Rethinking Security: Corsa Red Armor Network Security Enforcement
Corsa Technology
 
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...
Indonesia Network Operators Group
 
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...Sergiy Pitel
 

Similar to DMMS presentation25 (20)

UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptx
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1
 
9534715
95347159534715
9534715
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
 
Lec 3(Isp and Security)
Lec 3(Isp and Security)Lec 3(Isp and Security)
Lec 3(Isp and Security)
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
 
Ntp in Amplification Inferno
Ntp in Amplification InfernoNtp in Amplification Inferno
Ntp in Amplification Inferno
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
Rethinking Security: Corsa Red Armor Network Security Enforcement
Rethinking Security: Corsa Red Armor Network Security EnforcementRethinking Security: Corsa Red Armor Network Security Enforcement
Rethinking Security: Corsa Red Armor Network Security Enforcement
 
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...
 
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
 

DMMS presentation25

  • 1. Distributed Mitigation Managed Service against DDoS (DMMS) www.iptp.net Better network, not just a bigger one.
  • 2. In this presentation we are going to compare two ways of mitigating a volumetric DDoS attack: a traditional and more commonly used Clean Pipe, Scrubbing or Cleaning Center Solution and Distributed Mitigation Managed Service (DMMS) against DDoS based on Cleaning Network by IPTP Networks. The comparison will be based on four key aspects associated with volumetric DDoS Mitigation: CLEAN PIPE IPTP DMMS NetwoRK VS Latency Reaction Time 1 Bandwidth Expenses 3 42 www.iptp.net
  • 3. Volumetric distributed Denial-of-Service (DDoS) is a special type of denial of service attack where the malicious traffic is generated from multiple sources (for example, botnets or remotely controlled computers also known as 'zombies'). These attacks can come in different forms: DNS amplification, Reflexion attacks, SMURF and etc. What is volumetric DDoS? ISP2 ISP3 ISP1 50m s 50 m s 50 ms Global Internet TARGET SERVER Error 504 Gateway Timeout Error 504 Gateway Timeout www.iptp.net Malicious traffic Legitimate traffic Malicious traffic source Legitimate traffic source Router High traffic load
  • 4. Dangers of DDoS Error 504 Gateway timeout The message received when the user is unable to reach web resources under the Denial-of-Service attack. www.iptp.net 600 550 500 450 400 350 300 250 200 150 100 50 0 2009 2010 2011 2012 2013 2014 2015 2016 100 Gbps 60 Gbps 500 Gbps 602 GbpsSurvey of DDoS attacks size peak over the years Successful DDoS attack causes the target system to stop responding, which can degrade network in several ways: • Slowing down access and network performance by overloading it with malicious traffic. • Causing unavailability of a targeted network resource. • Limiting the ability to access certain resources such as servers, cloud and etc. • Creating a diversion for network administrators and using this to obtain unauthorized access to con- fidential or sensitive information (A data breach).
  • 5. Loss in revenue 1% 8% 12% 15% 5% 5% 7% 11% 21% 15% Estimated loss in revenue for each minute of downtime. * * — Ponemon Institute© Research Report $1—10 $10—100 $100—1 000 $1 000—5 000 $5 000—10 000 $10 000—25 000 $25 000—50 000 $50 000—100 000 over $100 000 hard to determine Average total loss per minute $21, 699 www.iptp.net
  • 6. How Clean Pipe solution works?www.iptp.net ISP2 ISP3 DDoS Mitigation Service Provider ISP1 50m s 50 ms 50 ms Global Internet TARGET SERVER CLEANING CENTER EXTRA BANDWIDTH REQUIRED! ADDITIONAL CHARGES OR LIMIT MAY APPLY 50 ms FALSE TARGET 50 ms Latency increased! Latency increased! A tunnel (Clean pipe) Malicious traffic Legitimate traffic Malicious traffic source Legitimate traffic source Router Low traffic load High traffic load Mitigation of volumetric DDoS on limited network nodes. Up to 3600 seconds of reaction time. Latency added to the service. Limited bandwidth capacity. Extra charges for bandwidth overload.
  • 7. IPTP DMMS Networkwww.iptp.net ISP2 ISP3 ISP1 50 m s 50 ms Global Internet IPTP Networks global MPLS network TARGET SERVER IPTP DMMS Firewalls Malicious traffic Legitimate traffic Malicious traffic source Legitimate traffic source Router High traffic load Distributed mitigation on a global network perimeter. No reaction time. No added latency. Bandwidth limits higher by an order of magnitude. No extra charges for bandwidth overload.
  • 8. 1.1 Latency ISP1 ISP2 CLEANING CENTER ISP3 TARGET SERVER WEB-SITE VISITOR 50 ms 50 ms 50 ms 50 ms 50 ms www.iptp.net Clean Pipe or Cleaning Center The route of an IP packet during a volumetric DDoS attack, when redirected through the Cleaning Center. • The traffic is routed through the Cleaning Center in both directions, which increases the number of network nodes between the user and protected server. • The created route results in additional distance for the IP packets to travel through, slowing down the burst rate and dramatically increasing the latency.
  • 9. 1.2 Latency • IP packets do not go any extra distances. Instead they move from the web-site visitor to the Target Server and back exclusively via our distributed firewalls. • All our firewalls are geographically-dispersed across the globe, applying distributed protection against volumetric DDoS while adding no latency. • This allows the traffic to be mitigated on the closest available firewalls, balancing the traffic load. www.iptp.net The route of an IP packet during a volumetric DDoS attack, when protected by IPTP DMMS Network IPTP NETWORKS IPTP FIREWALL TARGET SERVER WEB-SITE VISITOR IPTP DMMS Network
  • 10. 2.1 Reaction Time Reaction time is the time from detection of a DDoS attack to a counter-reaction against it. From when the first malicious packets arrive at the customer's doorstep to when they start being filtered by a DDoS Mitigation Service Provider is also the period when the target infrastructure suffers service unavailability, which if prolonged could lead to severe consequences. 3600sec up to sec ≈VS Cleaning Center IPTP DMMS Network www.iptp.net 0
  • 11. 2.2 Reaction Time • The time to recognise the problem, report to the provider and establish a tunnel results in delay for the mitigation. • Setting up a new tunnel every time DDoS attack occurs can be extremely time-consuming. • It can take from 30 minutes to 1 hour and even longer for the mitigation to begin. www.iptp.net DDoS Detect Report to provider Establish a tunnel Clean pipe or Cleaning Center
  • 12. 2.3 Reaction Timewww.iptp.net • No time consumption for setting up a tunnel, instead the traffic is filtered directly at the border of IPTP DMMS Network. • No manual set-up. • No tunnel required, the mitigation is carried out on the closest network equipment. ROUTER IPTP FIREWALL TARGET SERVER WEB-SITE VISITOR “ZOMBIE”“ZOMBIE” “ZOMBIE” Global Internet IPTP GLOBAL MPLS NETWORK BOTNET IPTP DMMS Network IPTP FIREWALL
  • 13. www.iptp.net 3.1 Bandwidth • Cleaning Center is normally located within one geographical point, normally this means a restricted number of communications channels and a limited internet capacity. • When the attack size exceeds Cleaning Centers capacity it results in channel aggregation as the ports cease to withstand the traffic load. Clean Pipe or Cleaning Center Global Internet ISP1 ISP2 ISP3 CLEANING CENTER DDOS MITIGATION SERVICE PROVIDER TARGET SERVER ISP4
  • 14. IPTP DMMS Network www.iptp.net 3.2 Bandwidth • 1500 10 Gbps ports distributed across the globe and the total network capacity of over 30 Tb/s allows to withstand heavy-bandwidth DDoS attacks, without the risk of service degradation. • No cleaning centers, no additional tunnels and no limited network nodes. • Distribution of traffic among multiple points in our network - no combined volume of traffic on one network node. OVER 150010 Gbps ports total network capacity 30Tbps DATA CENTERS IN 22countries worldwide
  • 15. • When additional bandwidth is required, the ISP will charge the DDoS Mitigation Service Provider, increasing the mitigation costs. • The established tunnel and the attack traffic are often redirected through the routers of the same ISP, escalating the traffic load. This results in extra-charges for the bandwidth. www.iptp.net Clean pipe or Cleaning Center 4.1 Expenses Global Internet ISP1 ISP2 ISP3 CLEANING CENTER DDOS MITIGATION SERVICE PROVIDER TARGET SERVER ISP4 $ BILL $ BILL Bill for extra bandwidth Bill for extra traffic
  • 16. 4.2 Expenseswww.iptp.net IPTP DMMS Network • Can mitigate bandwidth-heavy DDoS attacks while applying no additional charges for the traffic. • Advanced firewalls can handle multi-gigabits of traffic and filter any types of floods (ICMP, UDP, SYN and others). • As a One-Stop-IT-Shop we help to save costs for service provision, management and maintenance. Limassol Dubai Istanbul Amsterdam Helsinki London Slough Paris Marseille Kiev Stockholm Zürich Milan Madrid Frankfurt Moscow St.Petersburg Novosibirsk Vladivostok Ashburn Atlanta Dallas Denver ChicagoMiami New York Los Angeles San Jose Seattle Washington Toronto São Paulo Beijing Hong Kong Taipei Singapore Seoul Tokyo Mumbai Johannesburg Nicosia 0USD extra traffic CHARGE
  • 17. Summary No reaction time. No added latency Bandwidth limits higher by an order of magnitude No extra charges for bandwidth overload No volumetric DDoS To summarise, Distributed Mitigation Managed Service against DDoS by IPTP Networks covers all the main aspects associated with DDoS Mitigation, leaving you with: www.iptp.net Geographical destribution Advanced firewalls Highnetwork capacity Zeroreactiontime Noextra trafficcharges No additional latency IPTP DMMS Network