This document discusses distributed reflection denial-of-service (DRDoS) attacks and proposes countermeasures. It describes how DRDoS attacks work by spoofing the victim's IP and using protocols like DNS, NTP, and SNMP to amplify small requests into large responses. Objectives include constructing and analyzing these attacks in test environments. A self-designed algorithm is proposed to mitigate attacks by queueing and dropping oversized packets probabilistically. Results showed the algorithm successfully accepting legitimate traffic while thwarting DRDoS attacks.
Storm makes it easy to write and scale complex realtime computations on a cluster of computers, doing for realtime processing what Hadoop did for batch processing. Storm guarantees that every message will be processed. And it’s fast — you can process millions of messages per second with a small cluster. Best of all, you can write Storm topologies using any programming language. Storm was open-sourced by Twitter in September of 2011 and has since been adopted by many companies around the world.
Storm has a wide range of use cases, from stream processing to continuous computation to distributed RPC. In this talk I'll introduce Storm and show how easy it is to use for realtime computation.
FreeRADIUS, eduroam logging and ElasticsearchMatthewNewton28
A talk given at the pre-Networkshop46 eduroam FreeRADIUS4 seminar, University of Liverpool, 26 March 2018.
Topics covered:
- eduroam logging requirements (specifically in the UK)
- Suggestions on FreeRADIUS config
- Latency measurements
- Logging topologies
- FreeRADIUS configuration for logging to Elasticsearch, including via logstash, redis, and direct from FreeRADIUS.
Full talk at https://youtu.be/mER_HUMB7l0
Storm makes it easy to write and scale complex realtime computations on a cluster of computers, doing for realtime processing what Hadoop did for batch processing. Storm guarantees that every message will be processed. And it’s fast — you can process millions of messages per second with a small cluster. Best of all, you can write Storm topologies using any programming language. Storm was open-sourced by Twitter in September of 2011 and has since been adopted by many companies around the world.
Storm has a wide range of use cases, from stream processing to continuous computation to distributed RPC. In this talk I'll introduce Storm and show how easy it is to use for realtime computation.
FreeRADIUS, eduroam logging and ElasticsearchMatthewNewton28
A talk given at the pre-Networkshop46 eduroam FreeRADIUS4 seminar, University of Liverpool, 26 March 2018.
Topics covered:
- eduroam logging requirements (specifically in the UK)
- Suggestions on FreeRADIUS config
- Latency measurements
- Logging topologies
- FreeRADIUS configuration for logging to Elasticsearch, including via logstash, redis, and direct from FreeRADIUS.
Full talk at https://youtu.be/mER_HUMB7l0
Getting date and time from ntp server with esp8266 node mcuElaf A.Saeed
Getting Date & Time From NTP Server With ESP8266 NodeMCU
-----------------------------------------------------------------------------------
Email: elafe1888@gmail.com
linkden: www.linkedin.com/in/elaf-a-saeed-97bbb6150
facebook: https://www.facebook.com/profile.php?id=100004305557442
twitter: https://twitter.com/ElafASaeed1
github: https://github.com/ElafAhmedSaeed
youtube: https://youtube.com/channel/UCE_RiXkyqREUdLAiZcbBqSg
slideshare: https://www.slideshare.net/ElafASaeed
Slideplayer: https://slideplayer.com/search/?q=Elaf+A.Saeed
Google Scholar: https://scholar.google.com/citations?user=VIpVZKkAAAAJ&hl=ar&gmla=AJsN-F7PIgAjWJ44Hzb18fwPqJaaUmG0XzbLdzx09
Brittany Martin will talk about lessons learned as an Eng Lead during a project to build a lightweight script using AWS Lambda and Cloudwatch to funnel data from a variety of sources into S3 to create a data dashboard.
Getting date and time from ntp server with esp8266 node mcuElaf A.Saeed
Getting Date & Time From NTP Server With ESP8266 NodeMCU
-----------------------------------------------------------------------------------
Email: elafe1888@gmail.com
linkden: www.linkedin.com/in/elaf-a-saeed-97bbb6150
facebook: https://www.facebook.com/profile.php?id=100004305557442
twitter: https://twitter.com/ElafASaeed1
github: https://github.com/ElafAhmedSaeed
youtube: https://youtube.com/channel/UCE_RiXkyqREUdLAiZcbBqSg
slideshare: https://www.slideshare.net/ElafASaeed
Slideplayer: https://slideplayer.com/search/?q=Elaf+A.Saeed
Google Scholar: https://scholar.google.com/citations?user=VIpVZKkAAAAJ&hl=ar&gmla=AJsN-F7PIgAjWJ44Hzb18fwPqJaaUmG0XzbLdzx09
Brittany Martin will talk about lessons learned as an Eng Lead during a project to build a lightweight script using AWS Lambda and Cloudwatch to funnel data from a variety of sources into S3 to create a data dashboard.
Slides supporting the "Computer Networking: Principles, Protocols and Practice" ebook. The slides can be freely reused to teach an undergraduate computer networking class using the open-source ebook.
DDoS attacks make headlines every day, but how do they work, and how can you defend against them? DDoS attacks can be high volume UDP traffic floods, SYN floods, NTP amplification, or Layer 7 HTTP attacks, amongst others. Understanding how to protect yourself from DDoS is critical to doing business on the internet today. This talk will cover how these attacks work, what is being targeted by the attackers, and how you can protect against the different attack types.
Zhiyun Qian-what leaves attacker hijacking USA Today siteGeekPwn Keen
In GeekPwn2016 Mid-year Contest, doctoral student Cao Yue of Dr.Zhiyun Qian showed ‘TCP hijacking’ attack. This attack can pop up a fishing web page and steal user’s password. This vulnerability in TCP/IP stack exists in almost all Android and Linux editions. Explained by Cao Yue, this vulnerability is found by his director, Mr. Qian found this vulnerability by reviewing Linux kernel source code.
Handy Networking Tools and How to Use ThemSneha Inguva
When I joined the networking team at DigitalOcean a few years ago, I dove into an entirely different world of software-defined networking in the data center. Virtual switches, networking protocols — these were concepts that I had encountered at the surface level before — but now I frequently found myself debugging them. With time, I came to rely on a variety of Linux networking tools for introspecting, troubleshooting, and examining network state. In this talk, I’ll share some of my favorite Linux networking tools and discuss scenarios in which they are quite helpful.
MATATABI: Cyber Threat Analysis and Defense Platform using Huge Amount of Dat...APNIC
MATATABI: Cyber Threat Analysis and Defense Platform using Huge Amount of Datasets, by Yuji Sekiya.
Presented at the APNIC 40 APOPS 1 session, Tue 8 Sep 2015.
1. Presented By :
Sakshi Yadav (00915002712)
Soumya Bhatnagar (02315002712)
Khushboo Goyal (03515002712)
Jaskaran Singh (13315002712)
B.Tech (CSE)
UNDER THE GUIDANCE OF
MS. AMITA YADAV
2. * A network attack with a destructive motivation
disrupting a service of a victim by adding an excessively
high load to the victim’s services.
* When more than one system is put into use for
implementing the attack, it is known as a DDoS or
“Distributed” Denial of Service.
* These kinds of attacks can force even bigger websites
on the internet offline.
3. * In distributed reflection denial-of-service
(DRDoS) attacks, an adversary aims to
exhaust the victim’s bandwidth.
* The client machine fools other servers on
the internet into believing that the victim
is requesting data from the servers where
in fact it is the client spoofing his IP
address to that of the victim.
4.
5. An attack can be amplified by using several protocols such
as DNS, NTP, SNMP, CharGen etc. which have some specific
commands that elicit a large response to a relatively
small request query.
6. The Amplification Factor
UDP-based Amplification Attacks
Protocol Bandwidth Amplification Factor
Classic SNMP 1700
NTP 556.9
CharGen 358.8
DNS up to 179
QOTD 140.3
Quake Network Protocol 63.9
BitTorrent 4.0 - 54.3
SSDP 30.8
Kad 16.3
SNMPv2 6.3
Steam Protocol 5.5
NetBIOS 3.8
7. OBJECTIVES
1. Constructing DNS Amplification attacks in testable environments to gauge all
possible adverse effects.
2. Designing countermeasures against the DNS Amplification attack along with
detailed analysis of the existing algorithms.
3. Constructing NTP Amplification attacks in testable environments to gauge all
possible adverse effects.
4. Designing countermeasures against the NTP Amplification attack along with detailed
analysis of the existing algorithms.
5. Constructing SNMP Amplification attacks in testable environments to gauge all
possible adverse effects.
6. Designing countermeasures against the SNMP Amplification attack along with
detailed analysis of the existing algorithms.
9. Capturing outgoing and incoming DNS packets using TCPDUMP
Size of the request packet : 39 bytes
Size of the response packet : 388 bytes
Amplification : 388/39 = approx 10 times the request
11. NTP ATTACK
Sending monlist request to an NTP server by running python script which sends
response to spoofed IP address
12. Capturing outgoing NTP v2 packets using TCPDUMP
Size of the request packet is 8 bytes. In response to this 8 byte packet, a server
sends a record of last 600 IP addresses it has accessed. Hence, by using just 8
byte of request, one can generate a huge response.
13. *SNMP stands for Simple Network Management Protocol.
*‘getBulk’ query issues ‘getnext’ responses requests which requests instances from a
remote entity.
14. • function packet_handler(Packet p)
• {
• r = range including p.source_IP using binary
search
• if r not found then
• accept(p) and return
• q = queue of r
• if not q.empty or r.sent+p.size > r.limit then
• if q.size < q.max size then
• q.push(p)
• steel(p)
• else drop(p)
• else
• r.sent + = p.size
• accept(p)
• }
function timer_handler
{
for all ranges r do
r.sent=0; finished=false
q = queue of r
while not q.empty and not finished do
p=q.front()
if r.sent + p.size < r.limit then
send(p)
q.pop()
r.sent += p.size
else finished=true
}
15. SELF DESIGNED ALGORITHM
Input: Incoming packet msg from client
1. while (true)
2. receive msg
3. set tempBuf = msg
4. msg.checkSize(tempBuf)
5. if tempBuf.size > limit
6. set tbuf.Category=Large
7. else
8. set tbuf.Category=Small
9. end if
10. return(tbuf)
11. R=Random(low, high)
12. if(mbuf.bufferFull>FulfilmentLevel[i])
13. Flag=false
14. if(checkProbability(R,i) is true)
15. Flag=true
16. else
17. Tbuf is Queued into Mbuf
18. end if
19. If(flag is true)
20. Drop msg
21. tbuf=0
22. end if
17. Imitating server on windows
Server accepting legitimate packets with size within the limit and queuing bigger
size packets. It drops packets with probability less than a threshold value.
18. *Carried out the attacks in a testable
environment
*Proposed a defense mechanism to thwart the
ulterior motives and malicious intents of
attackers unleashing Distributed Reflection
Denial of Service attacks
*The model has been designed for DNS, NTP &
SNMP attacks