30
DNSDNS""SPS ThreatAvert DNS " DDoS ($305+ 2018*6-27, !"%&#1 '.4 6)/2 ©Akamai Technologies, 2018

DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

  • Upload
    others

  • View
    75

  • Download
    0

Embed Size (px)

Citation preview

Page 1: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

DNS�������DNS�"�"��SPS ThreatAvertDNS �"�� DDoS ��� ��(�$30�5+2018*6-27,���!��� �"�%&#1 ���'.4 6)/2

©Akamai Technologies, 2018

Page 2: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

2

Nominum, now part of Akamai

� ������

©Akamai Technologies, 2018

Page 3: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

3

Akamai Technologies

� �����

©Akamai Technologies, 2018

Page 4: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

4 Nominum | About Us

�$�&���%&� �+'

()

�$!�$%�� �"�$ ���#&�,+ �&�,+

���#&�-.*

! DNSi CacheServe! DNSi AuthServe! DNSi Big Data Connector

! SPS Content Compliance! SPS ThreatAvert

! SPS Secure Business! SPS Secure Consumer! SPS Secure Public Wi-Fi

! SPS Reach

���#&�%���"��

�$�&���%���"��

� �!��%

����&� $

&� %

�&��!��&� $

©Akamai Technologies, 2018

Page 5: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

DNSi CacheServe –�KHmyV��:+&; DNS

•d .>+4� �XS��tU{ '"F>3?,�

– BIND njY5�10 L �Os{R(QPS)���$F1Fi�Y^Qq

– >�)D'E�F���24�F8D'us

����b}�c'"F@��[M

•�D/<F%�� '6?�D'VG

– DNS A�,D&�Y^ q\

•)�;?,��U~e

– px��N] �?�@#?(9

– �:+&;E7�(0D!ze

– Wr �����|`e����h

– 24�F8D'�a�� � �?EB�D

!�lw

– BF/1>D$�4�����F@�f�

•Zk��5?"F&=D

– �v_7?&F

– �?E-F*�T��A7F,�D!

•�KHmy�}o�c��$7F.gJ

– CF@/C�/�$7F.IP

©Akamai Technologies, 2018

Page 6: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

DNS ������

©Akamai Technologies, 2018

Page 7: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

�� �������: ������������

7SPS Secure Consumer

50��" ThreatAvert "���2.5���".<0,B(9&*9K

:/80#����847GK,"��

�� �C2D9";47=CH7:130��"�����40 I ���".K:01� 1.7 �,)C

1+AC5'!��%=E(@K:� 2�"1+AC5'JE?K76K3J.()H0J<F-Webinar��"(>H7$�

©Akamai Technologies, 2018

Page 8: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

8

DNS�������� �������������..

SPS ThreatAvert

��*0'����"PRSD���$#��"��(+)-&.

�"%.,�� �����������

2016���!2017�� �� 3 /����" PRSD ����

20% 55% 68%

Source: NominumSource: Nominum Source: Nominum

©Akamai Technologies, 2018

Page 9: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

9

�����+* ��� PRSD &%"(

SPS ThreatAvert

•# : 3 '&%,�!� 50����������

����&%��)$�����

Source: Nominum Research, 2017

1��� ���������� ��������������

Ratio

©Akamai Technologies, 2018

Page 10: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

10

�$ 0/�31��,�./�(���

•-*: )2' ��& $%!&"%�&������&�����#&�%�$�&�����4+����

�� IP ����� 1 ��� 250 � ����

Source: Nominum Research, 2016 – Amplification attack traffic from 4 IPs SPS ThreatAvert ©Akamai Technologies, 2018

Page 11: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

11

�� �������

•��: ����� QPS �������������

Source: Nominum Data Science

0 QPS to 180k QPS in 10 minutes

SPS ThreatAvert ©Akamai Technologies, 2018

Page 12: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

���������

12

��� DDoS ������

©Akamai Technologies, 2018

Page 13: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

ThreatAvert ��������

©Akamai Technologies, 2018

Page 14: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

14

SPS ThreatAvert

Internet

Dashboard

AttackQueries

LegitimateQueries

streaming data

StreamingThreat

Intelligence

• Akamai �&@+R>�(�K6=�CacheServe �?;=OR1Q70IK<+QDK5R)��

– C;=?;= C&C S3EP>Q*P>Q3P=NRL)"AN;1– DNS*PB�!��'AN;1$MR=KF;=!%'�– JP:GQ4A>H,P� ( PRSD / ��# )"AN;1��

– DNS=P?KP2"AN;1

• MDR=– �QAN;1��

– >KL:-P!%'��S����EL-.*Q9,B�1J,*P=� �T

– ��� MDR=��

– /281<+AQMDR=

SPS ThreatAvert ©Akamai Technologies, 2018

Page 15: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

15

DDoS�(�!�)/��� AH

Internet

Dashboard

AttackQueries

LegitimateQueries

streaming data

StreamingThreat

Intelligence

�* 7YH]L8<?�A!

SVQW\KFXYND]\YH]L :�'9��6���%8<> 1 �04> 1000 ���9GEYB)�351?/��8�=@4IJNW:

• PWIM@ (anomaly) �F:• RSN�"*�230%+�4�,2�VQ��D��:K��U<�I>

• GE=T�L��$4J�B;• 9Z@ (false positive) �CY���� OXX8����

�-�

& ��9CMUO]P:#$ 8+�2@�8TZMG

• DDoS ��8<?RMP[]G;9(�B"�8,�.��• (�!�#�!14�� $���?[�6��������&��-�$ ���'.�2� 75�AH

SPS ThreatAvert ©Akamai Technologies, 2018

Page 16: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

*.�342+/'5"034"#'- (DRS)

•=T�109�O��*.�3?��NS�CNAME�IP�*2#�WHOISE@�>L1#)����M� ��(5%,5#<

•$ /1'�4,3&5�G8��*.�3?�1#)�BS�7���*.�3?�6P�����

•��,3&5�N ���K�:�,3&5�N �IR�UC�Q�

•↓

•DNS!�14(5%���HA�1#)�FD�J;

©Akamai Technologies, 2018

Page 17: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

Domain2Vec

•���$+G� ��!$�� �7.!�����%���������$+�DGA;C

• 5-(��%$ITLD�F��5->…J

• D:�� IP��"�

• � ��$� IP��"�I4�H1����#%�…J

• 9, DNS

• <EA

• )2��!��������$+

•:

•90'&03��� ��D8�B*=�?@=/6

©Akamai Technologies, 2018

Page 18: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

18

OE:). 3P

@;�#-&�"��7H=I�#-&�"��'0"�

���� �����

PRSD �4M�)%,-3�$+�1�A�

CacheServe �). 3��@;��'$+�1�F9

���6��'$+�1�'0"�

�������

•�1(?>�5��ANY��.�B�������

��

CacheServe �). 3� ANY��.�/3#2.*"#�LB

truncate•/3#2.*"#��� N8�J����.��truncate <D�K

•@;��-��1#��� TCP �.#-�

•!(3&(GC)����$/!�� truncate <D�.#-�����

<randomstring>

popularsite.com>

!

$*? $*?

SPS ThreatAvert

X<www3>

popularsite.com>

©Akamai Technologies, 2018

Page 19: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

ThreatAvert ��������

©Akamai Technologies, 2018

Page 20: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

20

+=&<�=�* (4

•K\��%"=6/7*��CV]E

– >X?�I_Q.),:= �K`���

�=0;�#;1=.;,

•TBR�FWM

– HU��=�* (4��� '�;&�2�ND���)0!9=-�^����

•LZG�S��7�8&�2� DNS +=&�*93,7<+=&

– /)!+=&<$%*2 (Splunk�HadoopY)�@��07"=$5;��cAb�O[M

• �07"=$5;<1=&8• PJ�/)!+=&<$%*2• �@�aW$%*2

%�&��#� DNS �*����� ������"*�:

CacheServe

ThreatAvert

Kafka �$���*�)�� $�(

��&� ��

'"*��(������*����

�*�!*�

©Akamai Technologies, 2018

Page 21: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

21 SPS ThreatAvert

• *3#��� DNS ��0 –J;��H\�R=�X�

• UV��)7� DNS FC –UV���!&

• 0!&6�#+%7& –0!&ONSQ�AZ>

• IP *!�/�(M –'#&47���LK�T@����G^�?���_E����

• '#&47�:�.1��� –WD�8[

2-7$�5�� ThreatAvert �,7! B����]<�/�"5!9Y

�������� ������������

©Akamai Technologies, 2018

Page 22: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

22

@6�B>�A=�

��(*� /���(#0�

• ���*����) • DNS �."�).�&/�!�'�.98 (PRSD) - QPS ���" 10 �'�.

• %+������*:�7<�� IP ��,�:

• -./�*���B>�,$0�

• DDoS �?;,$0� (5351)

• 24� DDoS %+���/�'�.��)��.��B>

©Akamai Technologies, 2018

Page 23: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

23

•��*-�'+,���&�-� - DNS � )��72

• QPS�� ),����*� +�,�-�

• )�-�'+,�+��

��

• )� ���*� +��3/

•���",* -� -<9����-��40;:

• �(��+�=51)� �� / *� +�

• �%��&,��� / !�

• UPD/TCP )� ��• �*��6�CPU.98�#$)�.98

������ �� ������������

©Akamai Technologies, 2018

Page 24: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

24

������ �� ��

������ �

•")�� ����

'-�(������,�,

+

•�����#*��%.��$&!-�

©Akamai Technologies, 2018

Page 25: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

25 SPS ThreatAvert

���!$�#��

�$���&�6

1%�50.� ��$�

���"�/���$�

- ),3�2('� 7-�

*+�IPv4�IPv6�.- �$��,4���$�#��$��������

�$�

©Akamai Technologies, 2018

Page 26: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

26

4=9&+����V� DDoS ML�KR

� TNW��(1�;�%=�&'�� DNS ��6�*&':=�<'5-�&�� 70% �Hc

� �� CacheServe �@�� �����ab� ThreatAvert �OCD

� ML�\P -�7%�]E������0)2�7<�.8="3;�>[�

� I`���6�_A���!=,#�SF�J��

� 1G��� €200,000 �YZ #'BU� 1?��� €50,000 ����!/='< #'BU

^d

$62="3;

XQ

SPS ThreatAvert ©Akamai Technologies, 2018

Page 27: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

��

©Akamai Technologies, 2018

Page 28: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

������

28

1

�:)<.+,

ISP �7(8/

6:*4�%0-5�:

�$ 7

2

3

��.<4

%</

�������

2',

7"<&0;$ 7

!<1: DNS19#&<�3+,

4

ISP

�:1�

�:)<.+,

�������

� �����$ 7

3

���������2',

�����

2<4;8<)�!<1: DNS19#&<

ISP

6:*4;%0-5�:�

2

��

ISP �7(8/

1

SPS ThreatAvert ©Akamai Technologies, 2018

Page 29: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

29

�������������

DNS 8I5)=60H8I5H347@!�2>4/B,<!��(8I5)��

��";I:-.*#��

3I@E4 �Hadoop & Splunk $"�'�%�������!��!��(�����

41IB=C7+

3G?D 8?F,AG9���� 80 %"8I5��

©Akamai Technologies, 2018

Page 30: DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " %&#1 '.46)/2 ©Akamai

The world’s largest and most trusted Cloud Delivery Platform

©Akamai Technologies, 2018