SlideShare a Scribd company logo

Allot ServiceProtector - DDos Mitigation

Allot Communications
Allot Communications

This document contains frequently asked questions about Allot ServiceProtector and how it detects and mitigates cyberattacks such as DDoS attacks and outgoing spam. It discusses how Allot ServiceProtector uses network behavior anomaly detection and host behavior anomaly detection to identify attacks without relying on signatures. It also addresses questions around false positives, differences from IPS systems, ability to detect different attack types, and typical deployment considerations.

Technology
1 of 7
Download to read offline
© 2014 Allot Communications Ltd. All rights reserved. Specifications are subject to change without notice. Allot Communications, Sigma and NetEnforcer and the Allot logo are trademarks of Allot Communications. All other brand or product names are the trademarks of their respective holders. The material contained herein is proprietary, privileged, and confidential and owned by Allot or its third party licensors. No disclosure of the content of this document will be made to third parties without the express written permission of Allot Communications. FAQ 2014 Stopping DDoS attacks and Outgoing Spam with Allot ServiceProtector
Allot ServiceProtector Frequently Asked Questions 2 © 2014 Allot Communications, Ltd. All Rights Reserved. Contents Frequently Asked Question about Detection........................................................................................................... 3 Frequently Asked Question about Mitigation.......................................................................................................... 5 Frequently Asked Questions about Deployment ................................................................................................... 6
Allot ServiceProtector Frequently Asked Questions 3 © 2014 Allot Communications, Ltd. All Rights Reserved. Frequently Asked Question about Detection 1. What kind of attacks does Allot ServiceProtector detect and identify? Allot ServiceProtector is part of Allot’s portfolio of security services for the Digital Lifestyle and Workstyle. It provides a highly effective first-line system of defense against DoS/DDoS, worm and Zero Day attacks. It also detects and prevents outbound spam (that can lead to operator blacklisting) and cleanup of infected hosts (spammers). 2. How does Allot ServiceProtector detect and identify attacks? Two detection technologies are used. Network level attacks (DoS/DDoS/worm/Zero Day) are identified using Network Behavior Anomaly Detection (NBAD) technology. First, the network is modeled at a very granular level where the various types of IP traffic are tracked and compared in ratios (such as incoming TCP SYN packet rate to the outgoing TCP FIN packet rate). Ratios are important for eliminating variance due to natural traffic surges and spikes. Ratio comparison also enables the system to detect attacks that are not identified by less sophisticated threshold/baseline approaches. For example, during a large SYN flood attack (small SYN floods are worthless as attacks), the modeled incoming SYN packet rate is significantly out of balance with the corresponding FIN packet rate. This behavior is treated as anomalous. Large NBAD behavioral anomalies have been found to be more often than not large DoS/DDoS attacks. Subscriber attacks (i.e., outgoing spam from infected hosts) are identified using Host Behavior Anomaly Detection (HBAD) technology. At its most basic level, HBAD identifies subscriber attacks by the anomalously high connection rates sustained by an individual host. For example, a subscriber sending spam is identified by the fact that it is highly unlikely that a single host is capable of sending 20 emails every second sustained for the last 5 minutes. Behaviorally this is highly indicative of a spambot. Experience has proven that to be the case. In addition to these two detection approaches, Allot ServiceProtector also supports a rich set of user-definable notification parameters that permit the operator to customize the elements which pre-determine whether an alarm is sent, which further enhances the quality and relevance of the alarms. 3. How does Allot ServiceProtector handle false positives? When used properly (for detecting network level attacks and subscriber based attacks) and deployed on target networks – namely high-performance, high-throughput GE and 10GE networks, Allot ServiceProtector has proven to be extremely reliable and immune to false positives. The reason for this is the nature of the threats that it aims to identify and the superior detection methods it uses. 4. What about IPS systems? Can they detect DoS/DDoS attacks? Intrusion Detection System (IPS) vendors use a variety of methods for identifying security threats on the network, including DDoS attacks. IPS methods of detection are less sophisticated than Allot ServiceProtector for detecting network level attacks and typically rely on known signatures and rate-based thresholds with traffic baselining which suffer from false alarms or false negatives (not detecting at all). IPS devices were originally intended for preventing “intrusion” into a host rather than network level attacks. Their signature and RFC violation-based detection are vulnerable to
Allot ServiceProtector Frequently Asked Questions 4 © 2014 Allot Communications, Ltd. All Rights Reserved. not detecting network level attacks and their stateful nature makes them vulnerable to high volume network attacks. IPS solutions are not suitable for network level attacks predominantly due to their tendency to fail or to increase network latency under heavy loads (as is the case with network level attacks) and because they may not have appropriate behavior-based detection algorithms that are more suited to reliable network-level attack detection. 5. Can Allot ServiceProtector detect slow scanning worms? Yes. Allot ServiceProtector can detect slow scanning worms. However, Allot ServiceProtector tends to be used for higher volume connection attempts (spam, worm, DoS) because this kind of subscriber behavior that causes greater concern for management of a service provider’s public network. 6. Can Allot ServiceProtector detect single packet attacks or application level attacks? No. Single-packet and Application-level attacks are designed to target a host or to “intrude” and compromise a host. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are more suitable for these kinds of attacks since they utilize detection by signatures of known malicious packets, detection by violation of RFC specifications for applications and stateful inspection of connection behavior. Allot ServiceProtector operates at a different layer of security and is focused on protecting against network level attacks (DoS/DDoS, worm and Zero Day attacks) and subscriber originated attacks (spam, worm, DoS). These kinds of attacks undermine the stability and performance of the network upon which high value applications are being delivered. Attacks against an individual host are not in Allot ServiceProtector’s solution scope. 7. Can Allot ServiceProtector detect and stop viruses? No. Viruses are out of scope of Allot ServiceProtector. Viruses are security threats against a host and are best addressed with host, server and network based anti-virus solutions. Allot ServiceProtector is designed to protect against network level attacks (DoS/DDoS, worm and Zero Day attacks) and subscriber originated attacks (spam, worm, DoS). 8. What kind of attacks does Allot ServiceProtector detect? Using NBAD technology, which identifies generic TCP/IP based behavioral anomalies, Allot ServiceProtector detects all variations of known and unknown DoS/DDoS, worms and Zero Day attacks. Against Allot ServiceProtector, attackers have been unsuccessful in evading detection by using legitimate packets or modifying packets, using extremely large packets, setting the fragment offset (and not sending the remaining packets), setting all (or other unusual combinations) of TCP flags, by using unusual IP protocol numbers such as protocol 0 or protocol 255, by using dark space source IP addresses, by reflecting the attack from intermediate devices and so on Using HBAD technology, Allot ServiceProtector detects subscriber-originated attacks such as outgoing spam, worm propagation, DoS and port scanning. These are normally perpetrated by infected subscribers who unwittingly participants in a botnet. 9. If source IP addresses are spoofed, how is that info useful? The source IP address, whether it is spoofed or not, is potentially a characteristic that can be used to filter traffic.
Allot ServiceProtector Frequently Asked Questions 5 © 2014 Allot Communications, Ltd. All Rights Reserved. 10. Does Allot ServiceProtector perform event correlation? Not currently. However higher-order data correlation and representation is planned for near-future release. 11. How does Allot ServiceProtector handle asymmetric links? Firstly this depends upon the particular behavioral detection algorithm used by Allot ServiceProtector. Allot ServiceProtector uses HBAD and NBAD detection technologies. HBAD is immune to asymmetric traffic since it only looks at outbound connection behavior from a defined domain (for example an ISP’s subscriber CIDR). HBAD is used for identifying outbound attacks or spammers inside an ISP’s customer base. This requires a view of outbound traffic only. NBAD is relatively immune to asymmetric traffic. It is only concerned with the overall balance of inbound and outbound flows of various TCP/IP statistics and does not care about sessions and state. This means, for example, that while it tracks inbound SYN packet- rate and compares that with outbound FIN packet-rate, it does not care whether the FIN packets are a direct response to the SYN packets. Experience has shown that anomalies created by asymmetric traffic flows are orders of magnitude smaller than genuine DDoS attacks. Only in the extreme case that there is only ever traffic in one direction that NBAD technology cannot be used. In this case, a traffic “threshold” based approach can be employed which does not rely on the NBAD algorithms. 12. Does Allot ServiceProtector sample traffic? For the purpose of detection, every single packet is used, even at 1Gbps and 10Gbps throughput. As a result, there is no loss of accuracy in the process of formulating the behavioral models. However, for the process of extracting a Deep Packet Signature (DPS), packets are sampled from the anomalous traffic in order to determine the filterable packet characteristics in the attack. 13. Does Allot ServiceProtector use known signatures? No. The reason is that pure signature based detection relies on the predetermined knowledge of malicious packets and this approach has been found to be inadequate for handling DoS/DDoS, worms and Zero Day network attacks because there are often no pre- determined signatures. In fact, attackers often use legitimately formed packets to deliberately evade the signature-based detection systems. 14. I block TCP port 25 to all my subscribers to avoid blacklisting. What benefit is Allot ServiceProtector to me? This approach punishes the innocent as well as the guilty and probably causes annoyance. By using Allot ServiceProtector you can enhance email services and customer satisfaction by both avoiding blacklisting and keeping network services open to those who deserve it. In addition, the customers that you notify as sending spam may be unwittingly infected. Once their computers are disinfected, they will experience better Internet experience because less of their upstream connection will be consumed by spam or worm traffic. Frequently Asked Question about Mitigation 15. How does Allot ServiceProtector mitigate the attack? Allot ServiceProtector interoperates seamlessly with Allot NetEnforcer and Service Gateway platforms which mitigate the attack by blocking, limiting or isolating the traffic.
Allot ServiceProtector Frequently Asked Questions 6 © 2014 Allot Communications, Ltd. All Rights Reserved. Allot ServiceProtector also supports mitigation with third-party devices such as routers, firewalls, IPS, and DDoS filtering devices. 16. What happens if the attack uses completely random source and destination IP addresses, random ports and random payload patterns so that there is no signature with which to block the attack? Conceptually this is possible and clearly disastrous if the attack is in large volumes! This highlights even more the need to plan strategic implementation of an automatic network security system that can programmatically correlate multiple packets sampled out of 1Gbps and 10Gbps traffic streams and to pick-out “any” packet features that can be used to mitigate the attack. In fact, assuming that the packets are completely random, the VLAN or source MAC address will be readily identified and can be used as a mechanism to at least isolate the attack at a coarse level. 17. What happens if the signature describes a normal SYN packet? Should I block that? Attackers may use legitimately formed packets in order to evade signature based detection techniques. However, the context and event behavior provide clues in which to determine the true intent of the packet. This includes the nature of the target (is it web site and if so, has it attracted attacks before), the impact on the network (network congestion, increased latency) and whether the event is sustained at extremely high rates beyond a brief spike lasting more than a minute or so. Empirically, these have been found to be DDoS attacks rather than transient spikes due to sudden reconnections. 18. How can you block a DDoS attack when the source addresses are spoofed? It does not matter whether the source address is spoofed or not. The source IP address provides unique information about the attack packets that can (or not) be used to selectively filter the attack traffic. 19. How can you block a DDoS attack when there are so many source IPs? In practice, it is impractical to use the source addresses in a DDoS attack because they are too numerous. Fortunately, the source addresses can be ignored since other characteristics of the packets can be used instead to filter the attack, including the destination IP address, protocol, port, packet size, TOS, TTL, other fields in the network and transport layer, and the payload. Allot ServiceProtector’s signature extraction engine identifies the unique packet characteristics that the attack packets have in common. It is worth noting that Allot ServiceProtector quantifies the relative amount of traffic from each source address (based upon a sample of the attack traffic). This information can be used to block using the source address if a large majority of attack packets are originating from a small set of source addresses. Frequently Asked Questions about Deployment 20. Does every network link have to be tapped? Not necessarily. This depends upon your network topology and especially the particular way in which Allot ServiceProtector is intended to be used. It is best to consult Allot on how Allot ServiceProtector can be optimally deployed within your network topology to maximize visibility and minimize the number of sensors. In general, Allot ServiceProtector should be deployed in strategic aggregation links in the network similar to where DPI devices or IDS/IPS and network analysis devices are deployed.
Allot ServiceProtector Frequently Asked Questions 7 © 2014 Allot Communications, Ltd. All Rights Reserved. This includes Internet peering points, access aggregation links to the core network, WAN links and the core network. To identify network level attacks, deployment at the peering link or core is typical. To identify subscriber-originated attacks, the most economical deployment is usually on the access aggregation links to the core network. Every network is different and Allot can recommend the best design to meet your requirements. 21. Can Allot ServiceProtector handle VLAN tags? Yes. Allot ServiceProtector can be deployed inside VLAN networks. VLAN tags are not used to classify traffic and are parsed out during the behavioral modeling process*. However, during the process of Deep Packet Signature extraction, if available, the VLAN tag will be reported as a distinguishing characteristic of the network event. (*The behavioral modeling process parses packet for the network and transport layer data from each packet). 22. Can Allot ServiceProtector handle encrypted traffic? Yes. Allot ServiceProtector is designed to address Internet-originated network level attacks (DoS/DDoS, worm and Zero Day attacks) and subscriber originated attacks (spam, worm, DoS). There are two complementary approaches to behavioral anomaly detection used by Allot ServiceProtector. The behavioral detection algorithms for detecting subscriber originated attacks focuses on connection behavior of the subscriber and thus the payload (encrypted or not) is ignored. Hence suspicious connection behavior of a subscriber will be identified despite the payload being encrypted. On the other hand, the behavioral detection algorithms for detecting network level attacks will categorize the encrypted traffic within the anomaly type “other.”

Recommended

Practical Network Security
Practical Network SecurityPractical Network Security
Practical Network Security
Sudarsun Santhiappan
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX network
Alexandre De Oliveira
 
Real-Time Location Systems Security using Distance Bounding
Real-Time Location Systems Security using Distance BoundingReal-Time Location Systems Security using Distance Bounding
Real-Time Location Systems Security using Distance Bounding
IJRES Journal
 
Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...
DefCamp
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN network
P1Security
 
Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)Mumbai Academisc
 
An Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key AgreementAn Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key Agreement
ijtsrd
 

Recommended

Practical Network Security
Practical Network SecurityPractical Network Security
Practical Network Security
Sudarsun Santhiappan
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX network
Alexandre De Oliveira
 
Real-Time Location Systems Security using Distance Bounding
Real-Time Location Systems Security using Distance BoundingReal-Time Location Systems Security using Distance Bounding
Real-Time Location Systems Security using Distance Bounding
IJRES Journal
 
Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...
DefCamp
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN network
P1Security
 
Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)Mumbai Academisc
 
An Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key AgreementAn Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key Agreement
ijtsrd
 
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksInfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
Omer Coskun
 
An improved ip traceback mechanism for network security
An improved ip traceback mechanism for network securityAn improved ip traceback mechanism for network security
An improved ip traceback mechanism for network security
eSAT Journals
 
DSS ITSEC Conference 2012 - Radware_AMS_Tech
DSS ITSEC Conference 2012 - Radware_AMS_TechDSS ITSEC Conference 2012 - Radware_AMS_Tech
DSS ITSEC Conference 2012 - Radware_AMS_Tech
Andris Soroka
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
 
Distance bounding
Distance boundingDistance bounding
Distance boundingHarish Kumar
 
Dns protection
Dns protectionDns protection
Dns protectionMarcello Marchesini
 
A Review on various Security Attacks in Mobile Adhoc Network
A Review on various Security Attacks in Mobile Adhoc NetworkA Review on various Security Attacks in Mobile Adhoc Network
A Review on various Security Attacks in Mobile Adhoc Network
IRJET Journal
 
Marrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga
 
INTERNATIONAL INDEXED REFEREED RESEARCH PAPER
INTERNATIONAL INDEXED REFEREED RESEARCH PAPERINTERNATIONAL INDEXED REFEREED RESEARCH PAPER
INTERNATIONAL INDEXED REFEREED RESEARCH PAPERINTERNATIONAL INDEXED,REFERRED,MULTILINGUAL,INTERDISCIPLINARY, MONTHLY RESEARCH JOURNAL
 
Diameter Penetration Test Lab
Diameter Penetration Test LabDiameter Penetration Test Lab
Diameter Penetration Test Lab
frcarlson
 
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PROIDEA
 
Ceh v5 module 21 cryptography
Ceh v5 module 21 cryptographyCeh v5 module 21 cryptography
Ceh v5 module 21 cryptography
Vi Tính Hoàng Nam
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question Collection
Manish Luintel
 
Confidentiality & Authentication Mechanism for Biometric Information Transmit...
Confidentiality & Authentication Mechanism for Biometric Information Transmit...Confidentiality & Authentication Mechanism for Biometric Information Transmit...
Confidentiality & Authentication Mechanism for Biometric Information Transmit...
IJNSA Journal
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
Eric Klein
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21jemtallon
 
Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full report
deepakmarndi
 
CEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerCEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical Hacker
David Sweigert
 
Speedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhanSpeedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhan
Sadan Kumar
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoS
Vihari Piratla
 
Food Industry in Greater Reading, PA
Food Industry in Greater Reading, PAFood Industry in Greater Reading, PA
Food Industry in Greater Reading, PA
Greater Reading Economic Partnership
 
Fundraising
FundraisingFundraising
FundraisingCSR, Al Ahli Holding Group
 

More Related Content

What's hot

InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksInfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
Omer Coskun
 
An improved ip traceback mechanism for network security
An improved ip traceback mechanism for network securityAn improved ip traceback mechanism for network security
An improved ip traceback mechanism for network security
eSAT Journals
 
DSS ITSEC Conference 2012 - Radware_AMS_Tech
DSS ITSEC Conference 2012 - Radware_AMS_TechDSS ITSEC Conference 2012 - Radware_AMS_Tech
DSS ITSEC Conference 2012 - Radware_AMS_Tech
Andris Soroka
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
 
A Review on various Security Attacks in Mobile Adhoc Network
A Review on various Security Attacks in Mobile Adhoc NetworkA Review on various Security Attacks in Mobile Adhoc Network
A Review on various Security Attacks in Mobile Adhoc Network
IRJET Journal
 
Marrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga
 
Diameter Penetration Test Lab
Diameter Penetration Test LabDiameter Penetration Test Lab
Diameter Penetration Test Lab
frcarlson
 
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PROIDEA
 
Ceh v5 module 21 cryptography
Ceh v5 module 21 cryptographyCeh v5 module 21 cryptography
Ceh v5 module 21 cryptography
Vi Tính Hoàng Nam
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question Collection
Manish Luintel
 
Confidentiality & Authentication Mechanism for Biometric Information Transmit...
Confidentiality & Authentication Mechanism for Biometric Information Transmit...Confidentiality & Authentication Mechanism for Biometric Information Transmit...
Confidentiality & Authentication Mechanism for Biometric Information Transmit...
IJNSA Journal
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
Eric Klein
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21jemtallon
 
Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full report
deepakmarndi
 
CEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerCEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical Hacker
David Sweigert
 
Speedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhanSpeedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhan
Sadan Kumar
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoS
Vihari Piratla
 

What's hot (20)

InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksInfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
 
An improved ip traceback mechanism for network security
An improved ip traceback mechanism for network securityAn improved ip traceback mechanism for network security
An improved ip traceback mechanism for network security
 
DSS ITSEC Conference 2012 - Radware_AMS_Tech
DSS ITSEC Conference 2012 - Radware_AMS_TechDSS ITSEC Conference 2012 - Radware_AMS_Tech
DSS ITSEC Conference 2012 - Radware_AMS_Tech
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...
 
Distance bounding
Distance boundingDistance bounding
Distance bounding
 
Dns protection
Dns protectionDns protection
Dns protection
 
A Review on various Security Attacks in Mobile Adhoc Network
A Review on various Security Attacks in Mobile Adhoc NetworkA Review on various Security Attacks in Mobile Adhoc Network
A Review on various Security Attacks in Mobile Adhoc Network
 
Marrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga ; Firewalls
Marrion Kujinga ; Firewalls
 
INTERNATIONAL INDEXED REFEREED RESEARCH PAPER
INTERNATIONAL INDEXED REFEREED RESEARCH PAPERINTERNATIONAL INDEXED REFEREED RESEARCH PAPER
INTERNATIONAL INDEXED REFEREED RESEARCH PAPER
 
Diameter Penetration Test Lab
Diameter Penetration Test LabDiameter Penetration Test Lab
Diameter Penetration Test Lab
 
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
 
Ceh v5 module 21 cryptography
Ceh v5 module 21 cryptographyCeh v5 module 21 cryptography
Ceh v5 module 21 cryptography
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question Collection
 
Confidentiality & Authentication Mechanism for Biometric Information Transmit...
Confidentiality & Authentication Mechanism for Biometric Information Transmit...Confidentiality & Authentication Mechanism for Biometric Information Transmit...
Confidentiality & Authentication Mechanism for Biometric Information Transmit...
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21
 
Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full report
 
CEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerCEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical Hacker
 
Speedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhanSpeedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhan
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoS
 

Viewers also liked

Food Industry in Greater Reading, PA
Food Industry in Greater Reading, PAFood Industry in Greater Reading, PA
Food Industry in Greater Reading, PA
Greater Reading Economic Partnership
 
Emirates Foundation, Unicef, Community Development Authority participating in...
Emirates Foundation, Unicef, Community Development Authority participating in...Emirates Foundation, Unicef, Community Development Authority participating in...
Emirates Foundation, Unicef, Community Development Authority participating in...
Renuka Bhardwaj Sayyed
 
Boboli Outlet
Boboli OutletBoboli Outlet
Boboli Outlet
Navin Bafna
 
Islamic Funds (1)
Islamic Funds (1) Islamic Funds (1)
Islamic Funds (1)
Camille Silla Paldi
 
Sahana IFMR
Sahana IFMRSahana IFMR
Sahana IFMR
ING Vysya Bank
 
GSEF Asia Policy Dialogue 2015_Fiki Satari_Indonesia/GSEF 아시아정책대화, 피키 사타리, 인...
GSEF Asia Policy Dialogue 2015_Fiki Satari_Indonesia/GSEF 아시아정책대화, 피키 사타리, 인... GSEF Asia Policy Dialogue 2015_Fiki Satari_Indonesia/GSEF 아시아정책대화, 피키 사타리, 인...
GSEF Asia Policy Dialogue 2015_Fiki Satari_Indonesia/GSEF 아시아정책대화, 피키 사타리, 인...
C.
 
Presentation on Indian overseas bank
Presentation on Indian overseas bank Presentation on Indian overseas bank
Presentation on Indian overseas bank
Unitedworld School Of Business
 
Entertainment industry multiplexes
Entertainment industry multiplexesEntertainment industry multiplexes
Entertainment industry multiplexesmarketingdaibs
 
ECA blooloop Global Attraction Landscape Report v1.0
ECA blooloop Global Attraction Landscape Report v1.0 ECA blooloop Global Attraction Landscape Report v1.0
ECA blooloop Global Attraction Landscape Report v1.0
Charles Read
 

Viewers also liked (13)

Food Industry in Greater Reading, PA
Food Industry in Greater Reading, PAFood Industry in Greater Reading, PA
Food Industry in Greater Reading, PA
 
Fundraising
FundraisingFundraising
Fundraising
 
Emirates Foundation, Unicef, Community Development Authority participating in...
Emirates Foundation, Unicef, Community Development Authority participating in...Emirates Foundation, Unicef, Community Development Authority participating in...
Emirates Foundation, Unicef, Community Development Authority participating in...
 
Boboli Outlet
Boboli OutletBoboli Outlet
Boboli Outlet
 
Islamic Funds (1)
Islamic Funds (1) Islamic Funds (1)
Islamic Funds (1)
 
Sahana IFMR
Sahana IFMRSahana IFMR
Sahana IFMR
 
Selecting stakeholders
Selecting stakeholdersSelecting stakeholders
Selecting stakeholders
 
GSEF Asia Policy Dialogue 2015_Fiki Satari_Indonesia/GSEF 아시아정책대화, 피키 사타리, 인...
GSEF Asia Policy Dialogue 2015_Fiki Satari_Indonesia/GSEF 아시아정책대화, 피키 사타리, 인... GSEF Asia Policy Dialogue 2015_Fiki Satari_Indonesia/GSEF 아시아정책대화, 피키 사타리, 인...
GSEF Asia Policy Dialogue 2015_Fiki Satari_Indonesia/GSEF 아시아정책대화, 피키 사타리, 인...
 
Presentation on Indian overseas bank
Presentation on Indian overseas bank Presentation on Indian overseas bank
Presentation on Indian overseas bank
 
C3 and Social Enterprise
C3 and Social EnterpriseC3 and Social Enterprise
C3 and Social Enterprise
 
Csr measuring outcome
Csr measuring outcomeCsr measuring outcome
Csr measuring outcome
 
Entertainment industry multiplexes
Entertainment industry multiplexesEntertainment industry multiplexes
Entertainment industry multiplexes
 
ECA blooloop Global Attraction Landscape Report v1.0
ECA blooloop Global Attraction Landscape Report v1.0 ECA blooloop Global Attraction Landscape Report v1.0
ECA blooloop Global Attraction Landscape Report v1.0
 

Similar to Allot ServiceProtector - DDos Mitigation

UNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesUNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement Strategies
Arnav Chowdhury
 
Intrusion Detection in WLANs
Intrusion Detection in WLANsIntrusion Detection in WLANs
Intrusion Detection in WLANs
ronrulzzz
 
DDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkDDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT Network
Haltdos
 
A Trusted Approach Towards DDos Attack
A Trusted Approach Towards DDos AttackA Trusted Approach Towards DDos Attack
A Trusted Approach Towards DDos Attack
theijes
 
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET Journal
 
An improved ip traceback mechanism for network
An improved ip traceback mechanism for networkAn improved ip traceback mechanism for network
An improved ip traceback mechanism for network
eSAT Publishing House
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
Mahendra Pratap Singh
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
whitehat 'People'
 
Securing VoIP Networks
Securing VoIP NetworksSecuring VoIP Networks
Securing VoIP Networks
GENBANDcorporate
 
Bro Policy Assignment
Bro Policy AssignmentBro Policy Assignment
Bro Policy Assignment
Tara Hardin
 
Describe firewalls
Describe firewallsDescribe firewalls
Describe firewalls
Влад Панасенко
 
ids.ppt
ids.pptids.ppt
ids.ppt
Agostinho9
 
L5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptxL5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptx
RebeccaMunasheChimhe
 
Day4
Day4Day4
Day4
Jai4uk
 
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IJNSA Journal
 
SANGFOR_NGAF_v8.0.47_Associate_2022_06_Security_Protection.pptx
SANGFOR_NGAF_v8.0.47_Associate_2022_06_Security_Protection.pptxSANGFOR_NGAF_v8.0.47_Associate_2022_06_Security_Protection.pptx
SANGFOR_NGAF_v8.0.47_Associate_2022_06_Security_Protection.pptx
ruelodvls
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
 
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET Journal
 
Why Organisations Need_Barac
Why Organisations Need_BaracWhy Organisations Need_Barac
Why Organisations Need_Barac
Barac
 

Similar to Allot ServiceProtector - DDos Mitigation (20)

UNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesUNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement Strategies
 
Intrusion Detection in WLANs
Intrusion Detection in WLANsIntrusion Detection in WLANs
Intrusion Detection in WLANs
 
DDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkDDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT Network
 
A Trusted Approach Towards DDos Attack
A Trusted Approach Towards DDos AttackA Trusted Approach Towards DDos Attack
A Trusted Approach Towards DDos Attack
 
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
 
An improved ip traceback mechanism for network
An improved ip traceback mechanism for networkAn improved ip traceback mechanism for network
An improved ip traceback mechanism for network
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
 
Securing VoIP Networks
Securing VoIP NetworksSecuring VoIP Networks
Securing VoIP Networks
 
Bro Policy Assignment
Bro Policy AssignmentBro Policy Assignment
Bro Policy Assignment
 
Describe firewalls
Describe firewallsDescribe firewalls
Describe firewalls
 
ids.ppt
ids.pptids.ppt
ids.ppt
 
L5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptxL5A - Intrusion Detection Systems.pptx
L5A - Intrusion Detection Systems.pptx
 
Day4
Day4Day4
Day4
 
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
 
SANGFOR_NGAF_v8.0.47_Associate_2022_06_Security_Protection.pptx
SANGFOR_NGAF_v8.0.47_Associate_2022_06_Security_Protection.pptxSANGFOR_NGAF_v8.0.47_Associate_2022_06_Security_Protection.pptx
SANGFOR_NGAF_v8.0.47_Associate_2022_06_Security_Protection.pptx
 
Security in network
Security in networkSecurity in network
Security in network
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
 
Why Organisations Need_Barac
Why Organisations Need_BaracWhy Organisations Need_Barac
Why Organisations Need_Barac
 

More from Allot Communications

Securing people and things a monetization opportunity
Securing people and things a monetization opportunitySecuring people and things a monetization opportunity
Securing people and things a monetization opportunity
Allot Communications
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬
Allot Communications
 
How to make virtual network services a winner rather than an integration disa...
How to make virtual network services a winner rather than an integration disa...How to make virtual network services a winner rather than an integration disa...
How to make virtual network services a winner rather than an integration disa...
Allot Communications
 
Allot Real Life Use Cases for Customer Enagagement
Allot Real Life Use Cases for Customer EnagagementAllot Real Life Use Cases for Customer Enagagement
Allot Real Life Use Cases for Customer Enagagement
Allot Communications
 
Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use Policy
Allot Communications
 
Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have?
Allot Communications
 
How to Use Actionable Insights to Increase Revenues
How to Use Actionable Insights to Increase Revenues How to Use Actionable Insights to Increase Revenues
How to Use Actionable Insights to Increase Revenues
Allot Communications
 
CMTS Channel Awareness and Congestion Mitigation - Optimize Network Performance
CMTS Channel Awareness and Congestion Mitigation - Optimize Network PerformanceCMTS Channel Awareness and Congestion Mitigation - Optimize Network Performance
CMTS Channel Awareness and Congestion Mitigation - Optimize Network Performance
Allot Communications
 
Allot Cloud/Trends H2/2014 Slideshare
Allot Cloud/Trends H2/2014 Slideshare Allot Cloud/Trends H2/2014 Slideshare
Allot Cloud/Trends H2/2014 Slideshare
Allot Communications
 
Allot Optenet Parental Control: Solution Brief
Allot Optenet Parental Control: Solution BriefAllot Optenet Parental Control: Solution Brief
Allot Optenet Parental Control: Solution Brief
Allot Communications
 
Allot Content Delivery Networks (CDN)
Allot Content Delivery Networks (CDN)Allot Content Delivery Networks (CDN)
Allot Content Delivery Networks (CDN)
Allot Communications
 

More from Allot Communications (11)

Securing people and things a monetization opportunity
Securing people and things a monetization opportunitySecuring people and things a monetization opportunity
Securing people and things a monetization opportunity
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬
 
How to make virtual network services a winner rather than an integration disa...
How to make virtual network services a winner rather than an integration disa...How to make virtual network services a winner rather than an integration disa...
How to make virtual network services a winner rather than an integration disa...
 
Allot Real Life Use Cases for Customer Enagagement
Allot Real Life Use Cases for Customer EnagagementAllot Real Life Use Cases for Customer Enagagement
Allot Real Life Use Cases for Customer Enagagement
 
Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use Policy
 
Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have?
 
How to Use Actionable Insights to Increase Revenues
How to Use Actionable Insights to Increase Revenues How to Use Actionable Insights to Increase Revenues
How to Use Actionable Insights to Increase Revenues
 
CMTS Channel Awareness and Congestion Mitigation - Optimize Network Performance
CMTS Channel Awareness and Congestion Mitigation - Optimize Network PerformanceCMTS Channel Awareness and Congestion Mitigation - Optimize Network Performance
CMTS Channel Awareness and Congestion Mitigation - Optimize Network Performance
 
Allot Cloud/Trends H2/2014 Slideshare
Allot Cloud/Trends H2/2014 Slideshare Allot Cloud/Trends H2/2014 Slideshare
Allot Cloud/Trends H2/2014 Slideshare
 
Allot Optenet Parental Control: Solution Brief
Allot Optenet Parental Control: Solution BriefAllot Optenet Parental Control: Solution Brief
Allot Optenet Parental Control: Solution Brief
 
Allot Content Delivery Networks (CDN)
Allot Content Delivery Networks (CDN)Allot Content Delivery Networks (CDN)
Allot Content Delivery Networks (CDN)
 

Recently uploaded

Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 

Recently uploaded (20)

Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 

Allot ServiceProtector - DDos Mitigation

  • 1. © 2014 Allot Communications Ltd. All rights reserved. Specifications are subject to change without notice. Allot Communications, Sigma and NetEnforcer and the Allot logo are trademarks of Allot Communications. All other brand or product names are the trademarks of their respective holders. The material contained herein is proprietary, privileged, and confidential and owned by Allot or its third party licensors. No disclosure of the content of this document will be made to third parties without the express written permission of Allot Communications. FAQ 2014 Stopping DDoS attacks and Outgoing Spam with Allot ServiceProtector
  • 2. Allot ServiceProtector Frequently Asked Questions 2 © 2014 Allot Communications, Ltd. All Rights Reserved. Contents Frequently Asked Question about Detection........................................................................................................... 3 Frequently Asked Question about Mitigation.......................................................................................................... 5 Frequently Asked Questions about Deployment ................................................................................................... 6
  • 3. Allot ServiceProtector Frequently Asked Questions 3 © 2014 Allot Communications, Ltd. All Rights Reserved. Frequently Asked Question about Detection 1. What kind of attacks does Allot ServiceProtector detect and identify? Allot ServiceProtector is part of Allot’s portfolio of security services for the Digital Lifestyle and Workstyle. It provides a highly effective first-line system of defense against DoS/DDoS, worm and Zero Day attacks. It also detects and prevents outbound spam (that can lead to operator blacklisting) and cleanup of infected hosts (spammers). 2. How does Allot ServiceProtector detect and identify attacks? Two detection technologies are used. Network level attacks (DoS/DDoS/worm/Zero Day) are identified using Network Behavior Anomaly Detection (NBAD) technology. First, the network is modeled at a very granular level where the various types of IP traffic are tracked and compared in ratios (such as incoming TCP SYN packet rate to the outgoing TCP FIN packet rate). Ratios are important for eliminating variance due to natural traffic surges and spikes. Ratio comparison also enables the system to detect attacks that are not identified by less sophisticated threshold/baseline approaches. For example, during a large SYN flood attack (small SYN floods are worthless as attacks), the modeled incoming SYN packet rate is significantly out of balance with the corresponding FIN packet rate. This behavior is treated as anomalous. Large NBAD behavioral anomalies have been found to be more often than not large DoS/DDoS attacks. Subscriber attacks (i.e., outgoing spam from infected hosts) are identified using Host Behavior Anomaly Detection (HBAD) technology. At its most basic level, HBAD identifies subscriber attacks by the anomalously high connection rates sustained by an individual host. For example, a subscriber sending spam is identified by the fact that it is highly unlikely that a single host is capable of sending 20 emails every second sustained for the last 5 minutes. Behaviorally this is highly indicative of a spambot. Experience has proven that to be the case. In addition to these two detection approaches, Allot ServiceProtector also supports a rich set of user-definable notification parameters that permit the operator to customize the elements which pre-determine whether an alarm is sent, which further enhances the quality and relevance of the alarms. 3. How does Allot ServiceProtector handle false positives? When used properly (for detecting network level attacks and subscriber based attacks) and deployed on target networks – namely high-performance, high-throughput GE and 10GE networks, Allot ServiceProtector has proven to be extremely reliable and immune to false positives. The reason for this is the nature of the threats that it aims to identify and the superior detection methods it uses. 4. What about IPS systems? Can they detect DoS/DDoS attacks? Intrusion Detection System (IPS) vendors use a variety of methods for identifying security threats on the network, including DDoS attacks. IPS methods of detection are less sophisticated than Allot ServiceProtector for detecting network level attacks and typically rely on known signatures and rate-based thresholds with traffic baselining which suffer from false alarms or false negatives (not detecting at all). IPS devices were originally intended for preventing “intrusion” into a host rather than network level attacks. Their signature and RFC violation-based detection are vulnerable to
  • 4. Allot ServiceProtector Frequently Asked Questions 4 © 2014 Allot Communications, Ltd. All Rights Reserved. not detecting network level attacks and their stateful nature makes them vulnerable to high volume network attacks. IPS solutions are not suitable for network level attacks predominantly due to their tendency to fail or to increase network latency under heavy loads (as is the case with network level attacks) and because they may not have appropriate behavior-based detection algorithms that are more suited to reliable network-level attack detection. 5. Can Allot ServiceProtector detect slow scanning worms? Yes. Allot ServiceProtector can detect slow scanning worms. However, Allot ServiceProtector tends to be used for higher volume connection attempts (spam, worm, DoS) because this kind of subscriber behavior that causes greater concern for management of a service provider’s public network. 6. Can Allot ServiceProtector detect single packet attacks or application level attacks? No. Single-packet and Application-level attacks are designed to target a host or to “intrude” and compromise a host. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are more suitable for these kinds of attacks since they utilize detection by signatures of known malicious packets, detection by violation of RFC specifications for applications and stateful inspection of connection behavior. Allot ServiceProtector operates at a different layer of security and is focused on protecting against network level attacks (DoS/DDoS, worm and Zero Day attacks) and subscriber originated attacks (spam, worm, DoS). These kinds of attacks undermine the stability and performance of the network upon which high value applications are being delivered. Attacks against an individual host are not in Allot ServiceProtector’s solution scope. 7. Can Allot ServiceProtector detect and stop viruses? No. Viruses are out of scope of Allot ServiceProtector. Viruses are security threats against a host and are best addressed with host, server and network based anti-virus solutions. Allot ServiceProtector is designed to protect against network level attacks (DoS/DDoS, worm and Zero Day attacks) and subscriber originated attacks (spam, worm, DoS). 8. What kind of attacks does Allot ServiceProtector detect? Using NBAD technology, which identifies generic TCP/IP based behavioral anomalies, Allot ServiceProtector detects all variations of known and unknown DoS/DDoS, worms and Zero Day attacks. Against Allot ServiceProtector, attackers have been unsuccessful in evading detection by using legitimate packets or modifying packets, using extremely large packets, setting the fragment offset (and not sending the remaining packets), setting all (or other unusual combinations) of TCP flags, by using unusual IP protocol numbers such as protocol 0 or protocol 255, by using dark space source IP addresses, by reflecting the attack from intermediate devices and so on Using HBAD technology, Allot ServiceProtector detects subscriber-originated attacks such as outgoing spam, worm propagation, DoS and port scanning. These are normally perpetrated by infected subscribers who unwittingly participants in a botnet. 9. If source IP addresses are spoofed, how is that info useful? The source IP address, whether it is spoofed or not, is potentially a characteristic that can be used to filter traffic.
  • 5. Allot ServiceProtector Frequently Asked Questions 5 © 2014 Allot Communications, Ltd. All Rights Reserved. 10. Does Allot ServiceProtector perform event correlation? Not currently. However higher-order data correlation and representation is planned for near-future release. 11. How does Allot ServiceProtector handle asymmetric links? Firstly this depends upon the particular behavioral detection algorithm used by Allot ServiceProtector. Allot ServiceProtector uses HBAD and NBAD detection technologies. HBAD is immune to asymmetric traffic since it only looks at outbound connection behavior from a defined domain (for example an ISP’s subscriber CIDR). HBAD is used for identifying outbound attacks or spammers inside an ISP’s customer base. This requires a view of outbound traffic only. NBAD is relatively immune to asymmetric traffic. It is only concerned with the overall balance of inbound and outbound flows of various TCP/IP statistics and does not care about sessions and state. This means, for example, that while it tracks inbound SYN packet- rate and compares that with outbound FIN packet-rate, it does not care whether the FIN packets are a direct response to the SYN packets. Experience has shown that anomalies created by asymmetric traffic flows are orders of magnitude smaller than genuine DDoS attacks. Only in the extreme case that there is only ever traffic in one direction that NBAD technology cannot be used. In this case, a traffic “threshold” based approach can be employed which does not rely on the NBAD algorithms. 12. Does Allot ServiceProtector sample traffic? For the purpose of detection, every single packet is used, even at 1Gbps and 10Gbps throughput. As a result, there is no loss of accuracy in the process of formulating the behavioral models. However, for the process of extracting a Deep Packet Signature (DPS), packets are sampled from the anomalous traffic in order to determine the filterable packet characteristics in the attack. 13. Does Allot ServiceProtector use known signatures? No. The reason is that pure signature based detection relies on the predetermined knowledge of malicious packets and this approach has been found to be inadequate for handling DoS/DDoS, worms and Zero Day network attacks because there are often no pre- determined signatures. In fact, attackers often use legitimately formed packets to deliberately evade the signature-based detection systems. 14. I block TCP port 25 to all my subscribers to avoid blacklisting. What benefit is Allot ServiceProtector to me? This approach punishes the innocent as well as the guilty and probably causes annoyance. By using Allot ServiceProtector you can enhance email services and customer satisfaction by both avoiding blacklisting and keeping network services open to those who deserve it. In addition, the customers that you notify as sending spam may be unwittingly infected. Once their computers are disinfected, they will experience better Internet experience because less of their upstream connection will be consumed by spam or worm traffic. Frequently Asked Question about Mitigation 15. How does Allot ServiceProtector mitigate the attack? Allot ServiceProtector interoperates seamlessly with Allot NetEnforcer and Service Gateway platforms which mitigate the attack by blocking, limiting or isolating the traffic.
  • 6. Allot ServiceProtector Frequently Asked Questions 6 © 2014 Allot Communications, Ltd. All Rights Reserved. Allot ServiceProtector also supports mitigation with third-party devices such as routers, firewalls, IPS, and DDoS filtering devices. 16. What happens if the attack uses completely random source and destination IP addresses, random ports and random payload patterns so that there is no signature with which to block the attack? Conceptually this is possible and clearly disastrous if the attack is in large volumes! This highlights even more the need to plan strategic implementation of an automatic network security system that can programmatically correlate multiple packets sampled out of 1Gbps and 10Gbps traffic streams and to pick-out “any” packet features that can be used to mitigate the attack. In fact, assuming that the packets are completely random, the VLAN or source MAC address will be readily identified and can be used as a mechanism to at least isolate the attack at a coarse level. 17. What happens if the signature describes a normal SYN packet? Should I block that? Attackers may use legitimately formed packets in order to evade signature based detection techniques. However, the context and event behavior provide clues in which to determine the true intent of the packet. This includes the nature of the target (is it web site and if so, has it attracted attacks before), the impact on the network (network congestion, increased latency) and whether the event is sustained at extremely high rates beyond a brief spike lasting more than a minute or so. Empirically, these have been found to be DDoS attacks rather than transient spikes due to sudden reconnections. 18. How can you block a DDoS attack when the source addresses are spoofed? It does not matter whether the source address is spoofed or not. The source IP address provides unique information about the attack packets that can (or not) be used to selectively filter the attack traffic. 19. How can you block a DDoS attack when there are so many source IPs? In practice, it is impractical to use the source addresses in a DDoS attack because they are too numerous. Fortunately, the source addresses can be ignored since other characteristics of the packets can be used instead to filter the attack, including the destination IP address, protocol, port, packet size, TOS, TTL, other fields in the network and transport layer, and the payload. Allot ServiceProtector’s signature extraction engine identifies the unique packet characteristics that the attack packets have in common. It is worth noting that Allot ServiceProtector quantifies the relative amount of traffic from each source address (based upon a sample of the attack traffic). This information can be used to block using the source address if a large majority of attack packets are originating from a small set of source addresses. Frequently Asked Questions about Deployment 20. Does every network link have to be tapped? Not necessarily. This depends upon your network topology and especially the particular way in which Allot ServiceProtector is intended to be used. It is best to consult Allot on how Allot ServiceProtector can be optimally deployed within your network topology to maximize visibility and minimize the number of sensors. In general, Allot ServiceProtector should be deployed in strategic aggregation links in the network similar to where DPI devices or IDS/IPS and network analysis devices are deployed.
  • 7. Allot ServiceProtector Frequently Asked Questions 7 © 2014 Allot Communications, Ltd. All Rights Reserved. This includes Internet peering points, access aggregation links to the core network, WAN links and the core network. To identify network level attacks, deployment at the peering link or core is typical. To identify subscriber-originated attacks, the most economical deployment is usually on the access aggregation links to the core network. Every network is different and Allot can recommend the best design to meet your requirements. 21. Can Allot ServiceProtector handle VLAN tags? Yes. Allot ServiceProtector can be deployed inside VLAN networks. VLAN tags are not used to classify traffic and are parsed out during the behavioral modeling process*. However, during the process of Deep Packet Signature extraction, if available, the VLAN tag will be reported as a distinguishing characteristic of the network event. (*The behavioral modeling process parses packet for the network and transport layer data from each packet). 22. Can Allot ServiceProtector handle encrypted traffic? Yes. Allot ServiceProtector is designed to address Internet-originated network level attacks (DoS/DDoS, worm and Zero Day attacks) and subscriber originated attacks (spam, worm, DoS). There are two complementary approaches to behavioral anomaly detection used by Allot ServiceProtector. The behavioral detection algorithms for detecting subscriber originated attacks focuses on connection behavior of the subscriber and thus the payload (encrypted or not) is ignored. Hence suspicious connection behavior of a subscriber will be identified despite the payload being encrypted. On the other hand, the behavioral detection algorithms for detecting network level attacks will categorize the encrypted traffic within the anomaly type “other.”