INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC"

Transcription

1 INTRODUCTION: DDOS ATTACKS 1

2 DDOS ATTACKS Though Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been common attack techniques used by malicious actors for some time now, organizations still struggle to properly mitigate these threats. Such attacks can have a significant impact on a victimized organization. For years now, NTT Group has been helping prepare clients for such attacks. Every year, new capabilities to mitigate DoS and DDoS threats enter the security marketplace. From application layer appliances to the capabilities of content distribution networks, there has been a great focus on managing the impact of these attacks. The following sections present analyses of DDoS attacks, and a case study of a DDoS attack which used a legitimate application feature against the targeted organization. Read more at the Global Threat Intelligence Report Online at: 2

3 DDOS ATTACKS: DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1

4 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s Internet traffic passing through the global public NTT network. As a provider with world-wide coverage managing this much bandwidth, one of NTT s important tasks is to mitigate large distributed denial of service attacks (DDoS). These attacks historically have focused on flooding a victim s networks with so much data or activity that legitimate services are rendered unavailable. These volume-based attacks are very different from application DDoS attacks (such as that described in the Web Application DDoS Attack case study in Section F.4 of this report), which consume application processing resources. The distribution of DDoS attacks (by type of attack) observed by NTT in 2014 is presented in the following chart. DDOS BY TYPE NTP Amplification Multi-vector TCP SYN SSDP Amplification DNS Amplification Other 0% 7% 14% 21% 28% 35% Caption: NTP amplification leads the number of attacks by type of attack. 2

5 63 percent of all DDoS attacks observed were related to UDP based protocols and services (NTP, SSDP and DNS). Discussions of different DDoS attack types observed in 2014 are presented below. NTP Amplification Attacks With 32 percent of all DDoS attacks during 2014, the most common type of attack we observed was the Network Time Protocol (NTP) amplification attack. In this attack, an attacker changes the source address of an NTP query to the intended victim s address, then sends the maliciously spoofed query to one or more NTP servers. The NTP servers respond to the IP address of the victim (the spoofed source address). The amplification components of the attack are what make it interesting. A very small query to an NTP server can produce a very large response if using particular NTP options. TCP SYN Flood Attacks Another of the largest types of DDoS attacks, with 16 percent of the total, is also one of the oldest and most consistently observed over the years. The TCP SYN flood attack is performed by flooding the target network with a large number of TCP SYN requests which results in the exhaustion of available resources. If mitigating controls are not put in place, a malicious attacker can use this tactic to create a large number of partially-open connections to a server. This can exhaust all available sessions, preventing users from connecting to ports which would normally be accessible for legitimate services. Attackers can further ensure the success of SYN floods by employing different techniques to exhaust resources. This may include spoofing the source IP addresses, targeting multiple ports, attacking from multiple distributed sources, and the use of botnets. 3

6 SSDP Amplification Attacks Another type of DDoS traffic observed in 2014 was Simple Service Discovery Protocol (SSDP) amplification, which made up 9 percent of all DDoS attacks observed. SSDP was created to help devices discover and connect to each other, and is part of the Universal Plug and Play (UPnP) protocol. The protocol was first introduced in 1999 and by default uses UDP port 1900 for communication. Similar to other attacks such as DNS and NTP amplification, attackers send specially crafted requests to an SSDP enabled device and direct the response to the targeted system. Although the service defaults to UDP/1900 it can be directed to send responses to other ports and services. Since there is no shortage of SSDP enabled devices it is a good candidate for attackers to use during reflection and amplification based attacks. Several tools allow attackers to identify SSDP enabled devices and launch attacks. Botnets capable of performing SSDP DDoS attacks may use compromised home computing, network and residential applications to conduct attacks. Due to the wide use of SSDP, especially in residential applications such as network modem/ router bundles, wireless access points, and many home entertainment appliances and gaming systems, it is likely that SSDP DDoS attacks will continue. Unfortunately, most devices which implement SSDP enable this feature by default and it is unlikely that residential users will patch or disable these services. Multi-Vector Attacks In multi-vector attacks, combinations of different DDoS attack types are used during a single incident. Attackers will often initiate attacks using one method but may adapt their approach during the attack if the primary method of attack is not as effective as anticipated. 4

7 Alternatively, attackers may elect to use multiple methods of attack simultaneously to ensure their success. For example, attackers may start with NTP amplification but then use methods such as SYN flood, SSDP, application specific or other methods to amplify the effect of the attack. Multi-vector attacks can be a powerful tactic since this increases the chances of success. These attacks are also designed to overwhelm defenses and organizational staff. It can be a challenge for organizations to respond to multivector attacks since different attack techniques require different mitigation and defensive approaches. DDoS Mitigation Recommendations DDoS attacks have been around for some time. Preventive measures have had a chance to mature, and some measures have proven to be more reliable than others. While they must be evaluated in each organization s unique environment, NTT Group offers the following recommendations: Technical Recommendations: Organizations should look at implementing a layered approach to DDoS mitigation controls leveraging multiple technologies. Implement onsite application DoS mitigation services such as a web application firewall. Filter traffic at multiple points of ingress including the upstream ISP and via content distribution networks or scrubbing services. Third-party traffic scrubbing and filtering services can be valuable because they often anticipate the need to address multiple types of DDoS attacks. Implement dynamic bandwidth services which can scale bandwidth as an attack unfolds. This is not optimal as a long term solution but can help absorb some of the initial impact of an attack. 5

8 Many network firewalls, load balancers and servers support rate limiting or session timeouts. Ensure organizational staff understands the environment and tools which are already available. Understand the capabilities of the organizations and the ISP to handle TCP SYN flood attacks. Many ISPs implement detection for spoofed IP addresses and filter these by default. Keep in mind that ISPs often do a great job at filtering high-volume attacks, but smaller attacks may go unnoticed and not be filtered. Depending on the focus of the attack, host or application-based controls can help mitigate session or connection exhaustion. Ensure the organization follows system and service hardening guidelines to reduce misconfiguration issues and limit services running. Non-technical Recommendations: Ensure the organization understands not only its ability to detect a DDoS attack, but its ability to respond. Account for DDoS attacks in the organization s business continuity and disaster recovery plans. Evaluate the financial impact a DDoS attack would have on organizational operations and services. DDoS attacks are often used to mask other criminal activities. In the event of a DDoS attack, ensure the organization is remaining alert for other malicious activities which may be occurring (fraudulent wire transfers, other breaches, and data exfiltration from other network segments). Know who to call for support during a DDoS attack (SOC, vendors, ISPs, incident response teams). Read more at the Global Threat Intelligence Report Online at: 6

9 DDOS ATTACKS: CALENDAR VIEW OF THE DDOS ATTACK TYPES 1

10 CALENDAR VIEW OF THE DISTRIBUTION OF DDOS ATTACK TYPES NTT Group analyzed DDoS attack data for the most common attack methods witnessed during UDP protocol based attacks (NTP, DNS, SSDP and others) were observed throughout the year. The most notable and impactful attack methods observed during 2014 were NTP and SSDP amplification attacks. During the first quarter of 2014 DDoS mitigation providers and the general media recognized significant spikes in NTP based DDoS activity. NTT Group saw the same result in the data we collected. As depicted in the following chart, the majority of NTP amplification activity for the year was observed from January through April 2014, with only a small reoccurrence of similar attacks in the fourth quarter. One of the primary reasons for this dramatic increase in NTP related attacks was the availability of toolkits allowing attackers to initiate powerful attacks without requiring extensive skills. One of the toolkits providing this capability is NTP-AMP. PERCENTAGE OF DDOS ATTACK TYPES BY MONTH 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% DNS Amplification SSDP Amplification Multi-Vector TCP SYN Other NTP Amplification Month Caption: Percentage of attack types by month. 2

11 Not quite as high volume, NTT Group observed SSDP amplification attacks growing in July and continuing to gain momentum during the fourth quarter, peaking in December The rise of SSDP based attacks in the last quarter of 2014 was rapid and widespread. This jump in observed attacks is likely due to the increased visibility of reflectionbased DDoS capability awareness and the availability of tools supporting these attack methods. With the global availability of UPnP and SSDP enabled devices it is likely we will continue to observe SSDP based attacks for the near future. For specific recommendations and more information on the DDoS attack types covered in this section, please also read the Distributed Denial of Service Observation section of the report. Read more at the Global Threat Intelligence Report Online at: 3

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 3 3RD QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q3 2017 4 DDoS

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 4 4TH QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q4 2017 4 DDoS

More information

Cloudflare Advanced DDoS Protection

Cloudflare Advanced DDoS Protection Cloudflare Advanced DDoS Protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com

More information

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks abulletti@arbor.net Topics Covered The DDOS cyber threat and impacts Cyprus attacks trend in

More information

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74 Analysis of the Global Distributed Denial of Service (DDoS) Mitigation Market Abridged Version Rise of the DDoS Attack Spurs Demand for Comprehensive Solutions A custom excerpt from Frost & Sullivan s

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 5, ISSUE 1 1ST QUARTER 2018 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2018 4 DDoS

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks Security+ Guide to Network Security Fundamentals, Fourth Edition Network Attacks Denial of service Attacks Introduction: What is DoS? DoS attack is an attempt (malicious or selfish) by an attacker to cause

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 5, ISSUE 2 2ND QUARTER 2018 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q2 2018 4 DDoS

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 3, ISSUE 3 3RD QUARTER 2016 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q3 2016 4 DDoS

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 3, ISSUE 3 3RD QUARTER 2016 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q3 2016 4 DDoS

More information

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and

More information

Guide to DDoS Attacks November 2017

Guide to DDoS Attacks November 2017 This Multi-State Information Sharing and Analysis Center (MS-ISAC) document is a guide to aid partners in their remediation efforts of Distributed Denial of Service (DDoS) attacks. This guide is not inclusive

More information

Chapter 7. Denial of Service Attacks

Chapter 7. Denial of Service Attacks Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),

More information

Technical White Paper June 2016

Technical White Paper June 2016 TLP:WHITE! Technical White Paper June 2016 GuidetoDDoSAttacks! Authored)by:) Lee)Myers,)Senior)Manager)of)Security)Operations) Christopher)Cooley,)Cyber)Intelligence)Analyst) This MultiCState Information

More information

Cyber Security Guidelines Distributed Denial of Service (DDoS) Attacks

Cyber Security Guidelines Distributed Denial of Service (DDoS) Attacks Cyber Security Guidelines Distributed Denial of Service (DDoS) Attacks Version: 1.0 Author: Cyber Security Policy and Standards Document Published Date: March 2018 Table of Contents Version: 1.0 Page 1

More information

Cyber Security Guidelines Distributed Denial of Service (DDoS) Attacks

Cyber Security Guidelines Distributed Denial of Service (DDoS) Attacks Cyber Security Guidelines Distributed Denial of Service (DDoS) Attacks Version: 1.0 Author: Cyber Security Policy and Standards Document Published Date: March 2018 Document History: Version Description

More information

Global DDoS Threat Landscape

Global DDoS Threat Landscape DDOS REPORT Global DDoS Threat Landscape OVERVIEW Overview The number of network layer attacks continued to fall in, the fourth consecutive quarterly drop since peaking in Q2 2016. After reaching a record

More information

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging

More information

DDoS MITIGATION BEST PRACTICES

DDoS MITIGATION BEST PRACTICES DDoS MITIGATION BEST PRACTICES DDoS ATTACKS ARE INCREASING EXPONENTIALLY Organizations are becoming increasingly aware of the threat that Distributed Denial of Service (DDoS) attacks can pose. According

More information

Imma Chargin Mah Lazer

Imma Chargin Mah Lazer Imma Chargin Mah Lazer How to protect against (D)DoS attacks Oliver Matula omatula@ernw.de #2 Denial of Service (DoS) Outline Why is (D)DoS protection important? Infamous attacks of the past What types

More information

DNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER

DNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER Introduction DDoS attacks are rapidly growing in magnitude and frequency every year. Just in the last year, attack rates have risen 132% (Q2

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 8 Denial of Service First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Denial of Service denial of service (DoS) an action

More information

Introduction to DDoS Attacks

Introduction to DDoS Attacks Introduction to DDoS Attacks Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter 2015 MCNC General Use v1.0 DDoS in the News July 2015 2015 MCNC General Use v1.0 DDoS

More information

Distributed Denial of Service (DDoS)

Distributed Denial of Service (DDoS) Global Leader in DDoS Mitigation Threat Report Distributed Denial of Service (DDoS) Threat Report Q2 2017 456 Montgomery Street, Suite 800 San Francisco, CA 94104 USA +1 415 299 8550 Contents 1. Methodology...................

More information

akamai s [state of the internet] / security

akamai s [state of the internet] / security [Volume 2 / Number 2] akamai s [state of the internet] / security Q2 215 executive summary The Security Report has five research sections: Quarter-over-quarter and year-ago quarterly attack statistics

More information

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks WHITE PAPER 2017 DDoS of Things SURVIVAL GUIDE Proven DDoS Defense in the New Era of 1 Tbps Attacks Table of Contents Cyclical Threat Trends...3 Where Threat Actors Target Your Business...4 Network Layer

More information

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT 01. EXECUTIVE SUMMARY This report summarizes recent research on distributed denial of service (DDoS) attacks, which looks at data collated recently and

More information

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document

More information

Prolexic Attack Report Q4 2011

Prolexic Attack Report Q4 2011 Prolexic Attack Report Q4 2011 Prolexic believes the nature of DDoS attacks are changing: they are becoming more concentrated and damaging. Packet-per-second volume is increasing dramatically, while attack

More information

Distributed Denial of Service (DDoS)

Distributed Denial of Service (DDoS) Global Leader in DDoS Mitigation Threat Report Distributed Denial of Service (DDoS) Threat Report Q1 2017 456 Montgomery Street, Suite 800 San Francisco, CA 94104 USA +1 415 299 8550 Contents 1. Methodology...................

More information

Arbor Solution Brief. Arbor Cloud SM. for Enterprises. Integrated DDoS Protection from the Enterprise to the Cloud

Arbor Solution Brief. Arbor Cloud SM. for Enterprises. Integrated DDoS Protection from the Enterprise to the Cloud Arbor Solution Brief Arbor Cloud SM for Enterprises Integrated DDoS Protection from the Enterprise to the Cloud About Arbor Networks Arbor Networks, Inc. helps secure the world s largest enterprise and

More information

Security Whitepaper. DNS Resource Exhaustion

Security Whitepaper. DNS Resource Exhaustion DNS Resource Exhaustion Arlyn Johns October, 2014 DNS is Emerging as a Desirable Target for Malicious Actors The current threat landscape is complex, rapidly expanding and advancing in sophistication.

More information

Arbor Solution Brief Arbor Cloud for Enterprises

Arbor Solution Brief Arbor Cloud for Enterprises Arbor Solution Brief Arbor Cloud for Enterprises Integrated DDoS Protection from the Enterprise to the Cloud About Arbor Networks Arbor Networks Inc., the cyber security division of NETSCOUT, helps secure

More information

Multi-vector DDOS Attacks

Multi-vector DDOS Attacks Multi-vector DDOS Attacks Detection and Mitigation Paul Mazzucco Chief Security Officer August 2015 Key Reasons for Cyber Attacks Money and more money Large number of groups From unskilled to advanced

More information

PROTECTING INFORMATION ASSETS NETWORK SECURITY

PROTECTING INFORMATION ASSETS NETWORK SECURITY PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security

More information

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Why IPS Devices and Firewalls Fail to Stop DDoS Threats Arbor White Paper Why IPS Devices and Firewalls Fail to Stop DDoS Threats How to Protect Your Data Center s Availability About Arbor Networks Arbor Networks, Inc. is a leading provider of network security

More information

Comprehensive datacenter protection

Comprehensive datacenter protection Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack

More information

Internet2 DDoS Mitigation Update

Internet2 DDoS Mitigation Update Internet2 DDoS Mitigation Update Nick Lewis, Program Manager - Security and Identity, Internet2 Karl Newell, Cyberinfrastructure Security Engineer, Internet2 2016 Internet2 Let s start with questions!

More information

Denial of Service (DoS)

Denial of Service (DoS) Flood Denial of Service (DoS) Comp Sci 3600 Security Outline Flood 1 2 3 4 5 Flood 6 7 8 Denial-of-Service (DoS) Attack Flood The NIST Computer Security Incident Handling Guide defines a DoS attack as:

More information

A Survey of Defense Mechanisms Against DDoS Flooding A

A Survey of Defense Mechanisms Against DDoS Flooding A DDoS Defense: Scope And A Survey of Defense Mechanisms Against DDoS Flooding Attacks IIT Kanpur IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 15, NO. 4, FOURTH QUARTER 2013 DDoS Defense: Scope And Outline

More information

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT SEPTEMBER 2014 COMMISSIONED BY: Contents Contents... 2 Introduction... 3 About the Survey and Respondents... 3 The Current State

More information

NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks

NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks Background This NISCC technical note is intended to provide information to enable organisations in the UK s Critical

More information

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK From the Security Experts at Corero Network Security HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK Be Proactive, Not Reactive STEP-BY-STEP GUIDE The Rise of Ransom-Driven DDoS Attacks Ransom-related Denial

More information

Enterprise D/DoS Mitigation Solution offering

Enterprise D/DoS Mitigation Solution offering Enterprise D/DoS Mitigation Solution offering About the Domain TCS Enterprise Security and Risk Management (ESRM) offers full services play in security with integrated security solutions. ESRM s solution

More information

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Practical Guide to Choosing a DDoS Mitigation Service WHITEPAPER

Practical Guide to Choosing a DDoS Mitigation Service WHITEPAPER 1 From massive volumetric attacks to sophisticated application level threats, DDoS attacks are bigger, smarter and more dangerous than ever. Given today s threat landscape and the availability of inexpensive,

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Root Access

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Root Access Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

DENIAL OF SERVICE ATTACKS

DENIAL OF SERVICE ATTACKS DENIAL OF SERVICE ATTACKS Ezell Frazier EIS 4316 November 6, 2016 Contents 7.1 Denial of Service... 2 7.2 Targets of DoS attacks... 2 7.3 Purpose of flood attacks... 2 7.4 Packets used during flood attacks...

More information

COMPUTER NETWORK SECURITY

COMPUTER NETWORK SECURITY COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (7 th Week) 7. Denial-of-Service Attacks 7.Outline Denial of Service Attacks Flooding Attacks Distributed Denial of Service Attacks Application Based

More information

A GUIDE TO DDoS PROTECTION

A GUIDE TO DDoS PROTECTION HTTP CACHE BYPASS FLOOD THINK APP SECURITY FIRST CHOOSING THE RIGHT MODEL A GUIDE TO DDoS PROTECTION DNS AMPLIFICATION INTRODUCTION By thinking proactively about DDoS defense, organizations can build a

More information

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany

More information

Arbor White Paper. DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks

Arbor White Paper. DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks Arbor White Paper DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks The findings of the latest annual Worldwide Infrastructure Security Report (WISR) by Arbor Networks

More information

DDoS: Coordinated Attacks Analysis

DDoS: Coordinated Attacks Analysis DDoS: Coordinated Attacks Analysis This article will cover some concepts about a well-known attack named DDoS (Distributed Denial-of-Service) with some lab demonstrations as a Proof of Concept with countermeasures.

More information

A10 DDOS PROTECTION CLOUD

A10 DDOS PROTECTION CLOUD DATA SHEET A10 DDOS PROTECTION CLOUD A10 Networks provides full spectrum DDoS defenses. This includes multi-vector protection from attacks of any type to ensure the availability of enterprise business

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy War Stories from the Cloud: Rise of the Machines Matt Mosher Director Security Sales Strategy The Akamai Intelligent Platform The Platform 175,000+ Servers 2,300+ Locations 750+ Cities 92 Countries 1,227+

More information

Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER

Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER Overview DDoS Evolution Typical Reactive/Proactive Mitigation Challenges and Obstacles BGP Flowspec Automated Flowspec Mitigation 2 DDoS Evolution

More information

Chapter 10: Denial-of-Services

Chapter 10: Denial-of-Services Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

AKAMAI CLOUD SECURITY SOLUTIONS

AKAMAI CLOUD SECURITY SOLUTIONS AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your

More information

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016 Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet

More information

Arbor White Paper Keeping the Lights On

Arbor White Paper Keeping the Lights On Arbor White Paper Keeping the Lights On The Importance of DDoS Defense in Business Continuity Planning About Arbor Networks Arbor Networks Inc., the cyber security division of NETSCOUT, helps secure the

More information

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1 COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1 Worldwide Infrastructure Security Report Highlights Volume XIII C F Chui, Principal Security Technologist COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 2 Overview This presentation

More information

DDoS Detection&Mitigation: Radware Solution

DDoS Detection&Mitigation: Radware Solution DDoS Detection&Mitigation: Radware Solution Igor Urosevic Head of Technical Department SEE CCIE #26391 Ingram Micro Inc. 1 Agenda DDoS attack overview Main point of failures Key challenges today DDoS protection

More information

TESTING DDOS DEFENSE EFFECTIVENESS AT 300 GBPS SCALE AND BEYOND

TESTING DDOS DEFENSE EFFECTIVENESS AT 300 GBPS SCALE AND BEYOND TEST REPORT TESTING DDOS DEFENSE EFFECTIVENESS AT 300 GBPS SCALE AND BEYOND Ixia BreakingPoint DDoS Defense Test Methodology Report TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 WHAT IS A DDOS ATTACK... 5 DDOS

More information

SIMPLE SERVICE DISCOVERY PROTOCOL BASED DISTRIBUTED REFLECTIVE DENIAL OF SERVICE ATTACK

SIMPLE SERVICE DISCOVERY PROTOCOL BASED DISTRIBUTED REFLECTIVE DENIAL OF SERVICE ATTACK SIMPLE SERVICE DISCOVERY PROTOCOL BASED DISTRIBUTED REFLECTIVE DENIAL OF SERVICE ATTACK Gursewak Singh 1, Bohar Singh 2 1 Computer Science and Application, Govt College Sri Muktsar sahib 2 Computer Science

More information

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises RESELLER LOGO RADICALLY BETTER DDoS PROTECTION Radically more effective, radically more affordable solutions for small and medium enterprises IT S TIME TO GET SERIOUS ABOUT CYBER CRIME Despite the headline

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

Imperva Incapsula Product Overview

Imperva Incapsula Product Overview Product Overview DA T A SH E E T Application Delivery from the Cloud Whether you re running a small e-commerce business or in charge of IT operations for an enterprise, will improve your website security

More information

Keeping the Doors Open and the Lights On

Keeping the Doors Open and the Lights On ANALYST BRIEF Keeping the Doors Open and the Lights On PROTECTING AGAINST DISTRIBUTED DENIAL- OF- SERVICE ATTACKS Authors Rob Ayoub and David DeSanto Overview Over the past decade, the threat landscape

More information

Defending against increasingly sophisticated DDoS attacks

Defending against increasingly sophisticated DDoS attacks IBM Global Technology Services August 2013 Defending against increasingly sophisticated DDoS attacks Managed DDoS protection from IBM Contents 1 Executive summary 2 Industry trends and the current threat

More information

Vulnerability Management & Vulnerability Assessment. Nessus Attack Scripting Language (NASL). CVE databases, NVD database

Vulnerability Management & Vulnerability Assessment. Nessus Attack Scripting Language (NASL). CVE databases, NVD database Case Study 2018 Solution/Service Title Vulnerability Management & Vulnerability Assessment Client Industry Cybersecurity, Vulnerability Assessment and Management, Network Security Client Overview Client

More information

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager State of the Internet Security Q2 2017 Mihnea-Costin Grigore Security Technical Project Manager Topics 1. Introduction 2. DDoS Attack Trends 3. Web Application Attack Trends 4. Spotlights 5. Resources

More information

RSA NetWitness Suite Respond in Minutes, Not Months

RSA NetWitness Suite Respond in Minutes, Not Months RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations

More information

(DNS, and DNSSEC and DDOS) Geoff Huston APNIC

(DNS, and DNSSEC and DDOS) Geoff Huston APNIC D* (DNS, and DNSSEC and DDOS) Geoff Huston APNIC How to be bad 2 How to be bad Host and application-based exploits abound And are not going away anytime soon! And there are attacks on the Internet infrastructure

More information

WHITE PAPER Hybrid Approach to DDoS Mitigation

WHITE PAPER Hybrid Approach to DDoS Mitigation WHITE PAPER Hybrid Approach to DDoS Mitigation FIRST LINE OF DEFENSE Executive Summary As organizations consider options for DDoS mitigation, it is important to realize that the optimal solution is a hybrid

More information

Cisco IOS Classic Firewall/IPS: Configuring Context Based Access Control (CBAC) for Denial of Service Protection

Cisco IOS Classic Firewall/IPS: Configuring Context Based Access Control (CBAC) for Denial of Service Protection Cisco IOS Classic Firewall/IPS: Configuring Context Based Access Control (CBAC) for Denial of Service Protection Document ID: 98705 Contents Introduction Prerequisites Requirements Components Used Conventions

More information

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is

More information

Memcached amplification: lessons learned. Artyom Gavrichenkov

Memcached amplification: lessons learned. Artyom Gavrichenkov Memcached amplification: lessons learned Artyom Gavrichenkov 1.7 Typical amplification attack Most servers on the Internet send more data to a client than they receive UDP-based servers

More information

Corero & GTT DDoS Trends Report Q2 Q3 2017

Corero & GTT DDoS Trends Report Q2 Q3 2017 Corero & GTT DDoS Trends Report Q2 Q3 2017 Executive Summary KEY TRENDS KEY INSIGHTS RECOMMENDATIONS SUMMARY 3 6 7 9 Organizations around the globe have become increasingly dependent on the Internet as

More information

NETWORK SECURITY. Ch. 3: Network Attacks

NETWORK SECURITY. Ch. 3: Network Attacks NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network

More information

(Distributed) Denial-of-Service. in theory and in practice

(Distributed) Denial-of-Service. in theory and in practice (Distributed) Denial-of-Service in theory and in practice About SURFnet National Research and Education Network (NREN) Founded in 1986, incorporated 1988 > 11000km dark-fibre network Shared ICT innovation

More information

Protect Against Evolving DDoS Threats: The Case for Hybrid

Protect Against Evolving DDoS Threats: The Case for Hybrid Protect Against Evolving DDoS Threats: The Case for Hybrid CIOs want harmony. Security directors loathe point products. Network operations won t buy into anything new. CIOs can get the harmony they need

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Memcached amplification: lessons learned. Artyom Gavrichenkov

Memcached amplification: lessons learned. Artyom Gavrichenkov Memcached amplification: lessons learned Artyom Gavrichenkov 1.7 Typical amplification attack Most servers on the Internet send more data to a client than they receive UDP-based servers

More information

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help. Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help. www.home.neustar 02 Think You're Safe from DDos Attacks?

More information

WHITE PAPER. Distributed Denial of Service (DDoS) Attacks: Evolution, Impact, & Solutions

WHITE PAPER. Distributed Denial of Service (DDoS) Attacks: Evolution, Impact, & Solutions Distributed Denial of Service (DDoS) Attacks: Evolution, Impact, & Solutions CONTENTS + Executive Summary 3 + The Evolution of Distributed Denial of Service Attacks 4 Building a Botnet 4 Botnets and DDoS

More information

DDoS attack patterns across the APJ cloud market. Samuel Chen CCIE#9607 Enterprise Security Architect, Manager - APJ

DDoS attack patterns across the APJ cloud market. Samuel Chen CCIE#9607 Enterprise Security Architect, Manager - APJ DDoS attack patterns across the APJ cloud market Samuel Chen CCIE#9607 Enterprise Security Architect, Manager - APJ www.cloudsec.com/tw DDoS attacks from Q1 2014 to Q1 2016 Each dot represents an individual

More information

Cyber War Chronicles Stories from the Virtual Trenches

Cyber War Chronicles Stories from the Virtual Trenches Cyber War Chronicles Stories from the Virtual Trenches Ron Winward Security Evangelist Radware, Inc. March 17, 2016 Background on the Radware Report Key Cyber Attack Trends for 2015-2016 Case Study: Look

More information

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.

More information

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic

More information

Silverline DDoS Protection. Filip Verlaeckt

Silverline DDoS Protection. Filip Verlaeckt Silverline DDoS Protection Filip Verlaeckt f.verlaeckt@f5.com The evolution of attackers September 1996 First high profile DDoS attack. NY ISP Panix.com that was nearly put out of business. January 2008

More information

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks So we are proposing a network intrusion detection system (IDS) which uses a Keywords: DDoS (Distributed Denial

More information

Mastering The Endpoint

Mastering The Endpoint Organizations Find Value In Integrated Suites GET STARTED Overview In the face of constantly evolving threat vectors, IT security decision makers struggle to manage endpoint security effectively. More

More information