Upload
boolaaone
View
26
Download
0
Tags:
Embed Size (px)
DESCRIPTION
cloudfale ddos
Citation preview
Trey Guinn
Solution Engineer, CloudFlare
www.cloudflare.com
DDoS 101
Distributed Denial of Service
!
An attack coming from all many locations which overwhelms your resources and prevents you from serving legitimate
customers.
Fake Pizza Orders
Variety of Attacks
Volumetric
Protocol Attacks
Application Attacks
Real Life Example
Wednesday, March 20 ~75Gbps attack
100Gbps Magic ceiling in DDoS attacks
March 24 March 25 Peaks of the attack reached at least 309Gbps
dig ANY isc.org @63.217.84.76 +edns=0 +notcp +bufsize=4096
64-byte query
$ dig ANY isc.org @63.217.84.76 +edns=0 +notcp +bufsize=4096
!
3,363-byte response
Amplification
50x Amplification factor
Attack Amplification !
DNS - 50 x
NTP - 200x
Coming: SNMP - 650x
UDP = no handshake
Problem Ingredients: Networks that allows
source IP spoofing
+
Servers that reply to
non-customers
Good networks dont let packets originate from IPs they dont own (BCP38)
Not all networks are good
How common are these ingredients?
28 million open resolvers
24.6% networks allow spoofing
10s of Millions Open NTP DNS servers
1 attackers laptop controlling
57 compromised servers on
3 networks that allowed spoofing of
9Gbps DNS requests to
0.1% of open resolvers resulted in
300Gbps+ of DDoS attack traffic.
+
+
+
+
How did we stop it?
Anycast
Inherently dilutes the attack
300Gbps 25 Anycasted PoPs 12 Gbps/PoP
Make sure youre not part of the problem
Are you running open DNS resolvers?
Are you running open NTP servers?
Implement BCP38 (uRPF)
Trey Guinn
Solution Engineer
www.cloudflare.com