If you can't read please download the document
Upload
aravind-anbazhagan
View
87
Download
6
Embed Size (px)
Citation preview
DDoS : The menace
By Aravind Anbazhagan
Outline
What is DoS/DDoS ?
Why DDoS is a popular choice ?
What is the motive behind the attacks ?
Potential DDoS targets
Impact of DDoS attack
Myths in DDoS protection
DDoS mitigation techniques
Why DDoS is a popular choice ?
DDoS tools are readily available (hping,juno,Trinoo,StachleDraht,LOIC)
DDOS is being offerd as a service at a low cost
Botnets are available for hire to launch a DDoS attack
Many organizations do not apply any form of DDOS protection
DDOS solutions are not able to detect all types of attacks
Difficult for Security professionals to traceback the source of the attack due to spoofed IP address and covert channels
Organizations rely entirely on ISP for DDOS protection without considering an on premise solution
What is the motive behind DDoS attack ?
Hacktivism (ideological and political differences) to gain media attention
Ransom/Extortion
Take down a competitive player in an online game (host booting)
Disgruntled customer or former employee
To divert attention from the real attack or keep the incidence responce team busy
Cause loss in revenue
spoil brand reputation
Boredom
Annoyance
Revenge
Potential DDoS targets
Impact of DDoS attack
Loss of revenue
Organization reputation damage
E-commerce credibility
Lost Productivity
Contractual Violations
Incident handling and recovery costs
Disatisfied customers
Types Of DDoS attacks
Volumetric attack (magnitude are measured in bits per second (Bps)) SYN flood UDP flood ICMP/Ping flood
Protocol Attacks (magnitude is measured in Packets per second (PPS)) Ping of death Smurf attack Fragmented packet attack
Application attack (magnitude are measured in Requests per second (Rps)) HTTP Get (Tools : LOIC (Low Orbit Ion Canon),HULK (HTTP Unbearable Load King), Slowloris) HTTP POST (Tools : RUDY (R-U-Dead-Yet), Tor's Hammer) DNS flood
Myths in DDoS protection
It only happens for others !
Firewalls and IDS will protect me from DDoS
Software fixes can solve DDoS attack issues
IPTables can stop DDoS attacks
ISP or Webhost will take care of DDoS attacks
ACLs on switches/routers can stop DDoS attacks
DDoS Mitigation techniques
Have a incidence response plan ready and know whom to contact.
Monitor to understand normal network traffic and create a baseline. Feed this info to coreleation engine. Ex: Cisco Anamony Detector XT and Arbor Peakflow SP.
Over provisioning : Buying excess bandwidth or redundant network devices to handle any spikes in demand.
IP reputation database based blocking : Database contains a list of known or frequest genuine users by IP address
Geo IP location based blocking : Blocking IP's based on geographical location
ACL on border routers
Implement Load balancers
Aggressive aging of idle connection from the connection table
Install patches and harden your systems so that they will not be compromised and added to a botnet
Change default settings and harden the device by disabling unwanted services and ports.
DDoS Mitigation techniques Cont.
Implement unicast reverse path forwarding : Stops spoofed IP address by blocking outbound traffic if the IP address does not belong to the same subnet
Implement TCP Intercept: Protects against TCP SYN flood attack by replying back on behalf of the intended destination.
Implement high capcity Web Application Firewall (WAF) and IPS
Rate limiting: Control the rate of traffic sent or received by a network interface controller
Black Holing/null routing with the aid from ISP: Sending all requests to a non-existent server
Sink holing: Sends all requests to a logger that logs some statistics and then drops the requests
Use Clean pipes from ISP or cloud based IP scrubbing to defend against volumetric attacks
Use dedicated and always on DDoS mitigation appliance
Implement ingress and egress filtering
Split services on to different hosts.Dont use a single host as a DNS server and also as a Web server
For home network, contact ISP and request for dynamic IP address or use VPN
Thank you
Questions ?