1. DoS/DDoS Alexander Lyamin

2. ? , DoS , , : 3. ? DDoS- 4- (UDP Flood, ICMP Flood) , (SYN Flood ..) 7- ( ) 4. ? TCP SYN Flood TCP SYN-ACK Reflection Flood (DRDoS) TCP Spoofed SYN Flood TCP ACK Flood TCP IP Fragmented Attack sockstress ! HTTP and HTTPS Flood Attacks INTELLIGENT HTTP and HTTPS Attacks ICMP Echo Request Flood UDP Flood Attack DNS Amplification Attacks 5. ? . . Pavel . 6. ? . Fedor tcp-syn . . 7. ? 8. () . 9. Gbps 10. Mpps 11. krps 12. Botnet size 13. 14. 15. (6aR,9R)- N,N- diethyl- 7methyl- 4,6,6a,7,8,9hexahydroindolo- [4,3-fg] quinoline- 9-carboxamideN-methyl-1-phenylpropan-2aminoN.B. Yeah! Sc1ence, beatch! 16. 17. 18. PURE. SIMPLE. CONSUMED.BANDWIDTH 19. 20. Fragmentation+Stateful+Routing = Control Plane 21. 22. Routing (dynamic) Route loops Prefix hijacking Amplifiershttp://radar.qrator.net 23. C 24. 25. C 26. C 27. L7 28. 29. - 30. hangelog DNS ( -TCP ) TCP- endpoint enterprise- 100+ 10+ (custom) 31. ? 32. ! 33. C 2.0 34. 2.0 35. 2.0 ? 36. C 2.0 ? ? ? 37. 2.0 TCP 38. 2.0 URL 39. 2.0 -5 ? -10 ? ? 40. 2.0 500,501,503,504 ? ? 41. 2.0 502 ? 42. . . 43. 2.0 !HTTP ? 44. 2.0 ? 45. ? a) b) c) 46. C a) b) c) 47. C a) DomainID+ b) IP c) 48. 49.