1. under DDoS attack ? call your Internet Service Provider ! Vincent MAURIN Products & Services Development - Security Domain Leader October 7th, 2011
2.
3.
4.
5.
6.
7.
8.
9. customer IT infrastructure Orange Business Services IP backbone see it in action : peace time Orange France IP backbone Orange Transit IP backbone Internet Service Provider ISP ISP ISP cleaning center
10. customer IT infrastructure Orange Business Services IP backbone see it in action : under attack Orange France IP backbone Orange Transit IP backbone Internet Service Provider ISP ISP ISP cleaning center
11. customer IT infrastructure Orange Business Services IP backbone see it in action : traffic off-ramp Orange France IP backbone Orange Transit IP backbone Internet Service Provider ISP ISP ISP cleaning center
12. customer IT infrastructure Orange Business Services IP backbone see it in action : mitigation Orange France IP backbone Orange Transit IP backbone Internet Service Provider ISP ISP ISP cleaning center
13. customer IT infrastructure Orange Business Services IP backbone see it in action : rollback Orange France IP backbone Orange Transit IP backbone Internet Service Provider ISP ISP ISP cleaning center
14.
15. le blog sécurité FR: http://blogs.orange-business.com/securite/ security feed to our EN blog: http://blogs.orange-business.com/live/security / the Arbor Networks security blog http://asert.arbornetworks.com/ further reading
Editor's Notes
Orange Business Services présence réseau dans 220 pays et territoires 2,7 millions de clients professionnels 31000 collaborateurs dédiés aux entreprises exemple : 8 SOC
presentation title Orange Business Services présence réseau dans 220 pays et territoires 2,7 millions de clients professionnels 31000 collaborateurs dédiés aux entreprises exemple : 8 SOC
presentation title Mise en place 2007 Augmentation forte à partir de Q4 2010 Cibles : Top audience Internet websites, Media/Communication companies, Governmental organisations e-Commerce websites, Financial companies, Online Games platforms DDoS attacks targets at least components below Internet connectivity routers, Firewalls, Intrusion Detection Systems, Web Servers, DNS Servers, Application Servers impacts on services availability and quality Misbehaving flows, High traffic load, Expensive computations, Resource reservations
presentation title
presentation title Fréquences en hausse Durées en hausse Débits stables Des attaques ~10 Gbps et ~20 millions PPS Des attaques médiatisées avant l’heure : menaces opérateurs, day of rage, cible NYSE
presentation title Ce qui a été mis en place avec nos clients Qui connait le mieux l’impact => c’est vous Le FAI analyse et détecte les anomalies Ensemble nous prenons les mesures adéquates
presentation title Collect informations from Netflow, SNMP, BGP Analyse en amont de l’infra IT Use multiple measurement techniques including statistical anomaly detection detection of protocol violations / malformed packets customized thresholds to detect policy violations signatures based upon network behavioral patterns
presentation title Blackhole traffic targeting the victim IP addresses Blackhole total permet d’analyser l’attaque le temps de …. Cleaning T raffic BGP off-ramped to scrubbing center Apply countermeasures on network and app-layers Black/White lists, GeoIP filtering, Zombie detection Rate limiting, invalid/malformed packets filtering Payload regular expression filtering Re-inject legitimate traffic through GRE tunnel
presentation title
presentation title
presentation title
presentation title
presentation title
presentation title Mobilisation ressources autour réseaux Entreprises, France et International Soutien Dir Sec Groupe OSM : multi-homing, CDN, évènementiels Support “Cloud Signaling”