Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
SOLVING DDOS ATTACKS FACILITATING BRIDGING SOLUTIONS AND STAKEHOLDERS
DDOS CLEARING HOUSEIN THE NETHERLANDS
2019-05-21
, EUROPE, AND BEYOND
SOLVING DDOS ATTACKSKoen van Hove
Researcher at the University of Twente
THE PROBLEM AND OUR IDEA
https://www.bus
iness.c
om/categ
ories/be
st-ddo
s-protec
tion-services/
https://scho
lar.g
oogle.nl/sch
olar?h
l=en
&as_sdt=0
%2C
5&q=
ddos
+atta
ck&btnG
=
?
WHY DOES DDOS STILL
EXIST?
??? ? ?? ?
SOLVING DDOS
ATTACKS
SOLVING DDOS
ATTACKS
ACADEMIADDOS
PROTECTIONPROVIDERS
DDOSPROTECTIONPROVIDERS
VICTIMSNETWORK
OPERATORS+
CERT/CSIRTACADEMIA
LAWENFORCEMENT
AGENCIES
DDOS CLEARING HOUSE
DDOS CLEARING HOUSE
NETWORK MEASUREMENT (PCAP, NET FLOW, IPFIX, SFLOW, LOGS, …)DDOS_DISSECTORINPUT: NETWORK MEASUREMENTOUTPUT: DDOS FINGERPRINT (+*NOTES)
FILTERED & ANONYMIZED NETWORK MEASUREMENTSDDOS_FINGERPRINT_CONVERTERSINPUT: DDOS FINGERPRINTOUTPUT: RULE/SIGNATURE FOR SPECIFIC HW/SW SOLUTION(S)(SNORT, SURICATA, BRO, IPTABLES, EBPF, BGP FLOWSPEC, …)DDOSDBSTORE, ENRICH, AND DISTRIBUTE DDOS ATTACK RELATED INFO
DDOSPROTECTIONPROVIDERS
VICTIMSNETWORK
OPERATORS+
CERT/CSIRTACADEMIA
LAWENFORCEMENT
AGENCIES
DDOSPROTECTIONPROVIDERS
VICTIMSNETWORK
OPERATORS+
CERT/CSIRTACADEMIA
LAWENFORCEMENT
AGENCIES
DDOSPROTECTIONPROVIDERS
VICTIMSNETWORK
OPERATORS+
CERT/CSIRTACADEMIA
LAWENFORCEMENT
AGENCIES
DDOSPROTECTIONPROVIDERS
VICTIMSNETWORK
OPERATORS+
CERT/CSIRTACADEMIA
LAWENFORCEMENT
AGENCIES
DDOSPROTECTIONPROVIDERS
VICTIMSNETWORK
OPERATORS+
CERT/CSIRTACADEMIA
LAWENFORCEMENT
AGENCIES
ONE EXTRA ELEMENT…
DDOS OPEN THREAT SIGNALING (DOTS) [IETF]
DDOS OPEN THREAT SIGNALING (DOTS) [IETF]
DEMO:USING THE DDOS DISSECTOR
DEMO:QUERYING DDOSDB
[THE CURRENT]DEPLOYMENT & GOVERNANCE
TIMELIME
2019
2018
?2017
https://github.com/ddos-clearing-house https://ddosdb.ORG https://ddosdb.NL
CHALLENGES & FUTURE DIRECTIONS
.org .nl
.org.nl.it
BACKUP SLIDES
NETWORK MEASUREMENT (PCAP, NET FLOW, IPFIX, SFLOW, LOGS, …)DDOS_DISSECTORINPUT: NETWORK MEASUREMENTOUTPUT: DDOS FINGERPRINT (+*NOTES)
FILTERED AND ANONYMIZED NETW. MEASU.DDOS_FINGERPRINT_CONVERTERSINPUT: DDOS FINGERPRINTOUTPUT: RULE/SIGNATURE FOR SPECIFIC HW/SW SOLUTION(S)(SNORT, SURICATA, BRO, IPTABLES, EBPF, BGP FLOWSPEC, …)DDOSDBSTORE, ENRICH, AND DISTRIBUTE DDOS ATTACK RELATED INFO
SOLVING DDOS ATTACKS FACILITATING BRIDGING SOLUTIONS AND STAKEHOLDERS
DDOS CLEARING HOUSEIN THE NETHERLANDS, EUROPE, AND BEYOND
3/03/2019
https://www.zdn
et.com
/article/the-av
erag
e-dd
os-atta
ck-cos
t-for-bus
inesses-ris
es-to
-ove
r
WHAT IS THE AVERAGE ECONOMIC LOSS PER DDOS ATTACK?A. $25.000 C. $2.500.000
D. $25.000.000B. $250.000