DoS Mitigation Strategies

Size: px
Start display at page:

Download "DoS Mitigation Strategies"

Transcription

1 DoS Mitigation Strategies Chris Morrow - Google NSF Workshop on Unwanted Traffic July 18, 2008, George Mason University (Fairfax, VA)

2 DoS Attack Definition Too many bytes bandwidth exhaustion Too many packets platform exhaustion Too many clock cycles expensive query/request There are different possibilities for ISP and Customers

3 Current Industry 'Best Practices' - Customer Over provision plan for digg-effect, but... Have a good relationship with your ISP/NSP you will never be 'big enough', there are far more bots/bad-things out there than you can handle Instrument your network/applications system/application logs trending/analysis sniffers IDS/traffic profilers netflow analysis/trending get friendly with netflow tools 3am is a bad time to learn them Prioritize your assets and risks Separation between admin and production

4 Customer Best Practices - Over Provisioning Overprovisioning helps with DoS Attacks, some It can be costly to provision too much 10 gig of capacity for 1mbps of traffic...bad plan Resources on the attacker side are not scarce and expensive In the end you will have to push this back into your provider (s) networks

5 Customer Best Practices - ISP Relations What number do you call for support? 24/7 or 9-5? your timezone? What is your 'customer id'? passwd/code/identification information? you'd hate to have your competitor call and ask for your website to be null-routed How do you talk to the ISP Security Team? What do you have to tell them to get support for a DoS Attack? What SLA is in place for such incidents? What information, and in what format, do you have to provide to the Security Support person?

6 Customer Best Practices - Instrumentation Syslog/system/application logs monitoring/alerting/profiling Netflow/Cflow from edge devices trend normal activity trend protocols traffic distributions for source-as/destination-as IDS/Sniffer near critical assets sniffers help when things get ugly is it /r.php?query=superbadquery is it tcp syn SEQ Traffic profiling devices Arbor Cisco Detector/Guard Know where it is important to keep state in your deployment firewalls are not always a good idea

7 Customer Best Practices -Prioritize Understand what resources are most important business oriented discussion e-commerce website b2b portal mail server dns server corporate NAT address Understand when to alert, and what action to take

8 Customer Best Practices - Separation Separate your 'production' assets from your 'administrative' ones corporate sally the admins web browsing million-dollar-a-minute e-commerce site Separation at as many levels as is feasible ISP links database backends NAT devices mail services firewalls

9 Current Industry 'Best Practices' - ISP Monitor traffic patterns netflow tools acl logs device access logs Plan for how/if to assist customers can you absorb this on your edge? do you need to push this back to your upstreams/peers? can you acl/null-route/blackhole? contact procedures for customers to use? Pre-deploy configuration or devices sinkhole/sniffer/monitoring equipment blackhole route configuration customer triggered blackhole purpose built dos mitigation platform

10 ISP Best Practices -Monitoring Know normal customer traffic levels your billing info most likely has this where is that exactly? 3am is a bad time to try to find this Know what traffic your network elements normally receive routers/switches often get unwanted traffic which can be used to identify new or coming problems caught sql-slammer ~3wks prior to the main event Can you enable Cflow/Netflow/Sflow? what sample rate is acceptable? Are there edge filters (iacls)? logging denys? where do these logs go?

11 ISP Best Practices - Customer Service How does the customer get this service/support? typically not the NOC What constitutes an actionable incident? 10kbps RFC1918 traffic on a DS-1 10kpps udp/80 on a DS-3 Can you accept all of the traffic across the network and discard toward the customer? Do you have to find the ingress to your network and block this there? DoS vs DDoS icmp-backscatter/netflow traceback What is acceptable to the customer(s)? acl/nullroute/blackhole/upstream blackholes? What will your gear support? cisco engine-?? linecards

12 ISP Best Practices - Planning Have tools pre-deployed 3am is bad time for a full backbone rollout of RTBH Sinkhole locations can you sink 40G of traffic in NYC? DFW? AUS? 3am is a really bad time to blow up a metro region what sniffer setup? data collection? access? out-ofband... 'Hey, DFW9 just went away, oops!' Integrate customer self-service where appropriate customer triggered Real-time BlackHole Is there a place for a DoS-Mitigation 'service' in your portfolio? deploy, manage, monitor, report on devices training, customer + NOC/SOC + sales can we turn up a new 'customer' at 3am?

13 External References Backscatter Traceback Customer RTBH ISP Security Primer NANOG ISP Security Curriculum (covers sinkholes, traceback, preparations...)

14 Questions?

Backscatter A viable tool for threat of the past and today. Barry Raveendran Greene March 04, 2009

Backscatter A viable tool for threat of the past and today. Barry Raveendran Greene March 04, 2009 Backscatter A viable tool for threat of the past and today Barry Raveendran Greene March 04, 2009 bgreene@senki.org Agenda Backscatter: What is it? VzB s use with the Backscatter Traceback Technique. Using

More information

Data Plane Protection. The googles they do nothing.

Data Plane Protection. The googles they do nothing. Data Plane Protection The googles they do nothing. Types of DoS Single Source. Multiple Sources. Reflection attacks, DoS and DDoS. Spoofed addressing. Can be, ICMP (smurf, POD), SYN, Application attacks.

More information

DDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch)

DDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch) DDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch) Pavel Minarik, Chief Technology Officer SwiNOG meeting, 9 th Nov 2017 Backbone DDoS protection Backbone protection

More information

DDoS Protection in Backbone Networks

DDoS Protection in Backbone Networks DDoS Protection in Backbone Networks The Czech Way Pavel Minarik, Chief Technology Officer Holland Strikes Back, 3 rd Oct 2017 Backbone DDoS protection Backbone protection is specific High number of up-links,

More information

Sink Holes, Dark IP, and HoneyNets

Sink Holes, Dark IP, and HoneyNets Sink Holes, Dark IP, and HoneyNets Sink Hole Routers/Networks Sink Holes are a Swiss Army Knife security tool. BGP speaking Router or Workstation that built to suck in attacks. Used to redirect attacks

More information

Denial of Service Protection Standardize Defense or Loose the War

Denial of Service Protection Standardize Defense or Loose the War Denial of Service Protection Standardize Defense or Loose the War ETSI : the threats, risk and opportunities 16th and 17th - Sophia-Antipolis, France By: Emir@cw.net Arslanagic Head of Security Engineering

More information

68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.

68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery. PRESENTED BY: Credit Theft 68% DDoS 63% Web Fraud 50% Cross-site Scripting SQL Injection Clickjack Cross-site Request Forgery 25% 24% 20% 17% Other 2% F5 Ponemon Survey -Me East-West Traffic Flows App

More information

Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER

Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER Overview DDoS Evolution Typical Reactive/Proactive Mitigation Challenges and Obstacles BGP Flowspec Automated Flowspec Mitigation 2 DDoS Evolution

More information

Scrutinizer Flow Analytics

Scrutinizer Flow Analytics Scrutinizer Flow Analytics TM Scrutinizer Flow Analytics Scrutinizer Flow Analytics is an expert system that highlights characteristics about the network. It uses flow data across dozens or several hundred

More information

Growing DDoS attacks what have we learned (29. June 2015)

Growing DDoS attacks what have we learned (29. June 2015) Growing DDoS attacks what have we learned (29. June 2015) Miloš Kukoleča AMRES milos.kukoleca@amres.ac.rs financed by the European Union from the START Danube Region Network protection Strict network policy

More information

Chapter 7. Denial of Service Attacks

Chapter 7. Denial of Service Attacks Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),

More information

GARR customer triggered blackholing

GARR customer triggered blackholing GARR customer triggered blackholing Silvia d Ambrosio, Nino Ciurleo Introduction From discussions with the GARR working group on "contrast to DDoS", we understood the importance of a collaboration between

More information

Filtering Trends Sorting Through FUD to get Sanity

Filtering Trends Sorting Through FUD to get Sanity Filtering Trends Sorting Through FUD to get Sanity NANOG48 Austin, Texas Merike Kaeo merike@doubleshotsecurity.com NANOG 48, February 2010 - Austin, Texas 1 Recent NANOG List Threads ISP Port Blocking

More information

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging

More information

Network Security: Network Flooding. Seungwon Shin GSIS, KAIST

Network Security: Network Flooding. Seungwon Shin GSIS, KAIST Network Security: Network Flooding Seungwon Shin GSIS, KAIST Detecting Network Flooding Attacks SYN-cookies Proxy based CAPCHA Ingress/Egress filtering Some examples SYN-cookies Background In a TCP 3-way

More information

Multihoming Case Study

Multihoming Case Study Multihoming Case Study ISP Workshops Last updated 10 October 2007 Multihoming Case Study p Set of slides based on work assisting an ISP with their multihoming needs between 2000 and 2002 n Should be taken

More information

MPLS-based traffic shunt. Nicolas FISCHBACH Senior Manager - IP Engineering/Security RIPE46 - Sept. 2003

MPLS-based traffic shunt. Nicolas FISCHBACH Senior Manager - IP Engineering/Security RIPE46 - Sept. 2003 MPLS-based traffic shunt Nicolas FISCHBACH [nico@colt.net] Senior Manager - IP Engineering/Security RIPE46 - Sept. 2003 Contributors COLT Telecom Andreas Friedrich Marc Binderberger Riverhead Networks

More information

FlowMon ADS implementation case study

FlowMon ADS implementation case study FlowMon ADS implementation case study Kamil Doležel Kamil.dolezel@advaict.com AdvaICT, a.s. Brno, Czech Republic Abstract FlowMon ADS implementation provides completely new insight into networks of all

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 8 Denial of Service First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Denial of Service denial of service (DoS) an action

More information

Imma Chargin Mah Lazer

Imma Chargin Mah Lazer Imma Chargin Mah Lazer How to protect against (D)DoS attacks Oliver Matula omatula@ernw.de #2 Denial of Service (DoS) Outline Why is (D)DoS protection important? Infamous attacks of the past What types

More information

Distributed Denial of Service (DDoS)

Distributed Denial of Service (DDoS) Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks Security+ Guide to Network Security Fundamentals, Fourth Edition Network Attacks Denial of service Attacks Introduction: What is DoS? DoS attack is an attempt (malicious or selfish) by an attacker to cause

More information

Routing and router security in an operator environment

Routing and router security in an operator environment DD2495 p4 2011 Routing and router security in an operator environment Olof Hagsand KTH CSC 1 Router lab objectives A network operator (eg ISP) needs to secure itself, its customers and its neighbors from

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 4 4TH QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q4 2017 4 DDoS

More information

Phase 4 Traceback the Attack. 2002, Cisco Systems, Inc. All rights reserved.

Phase 4 Traceback the Attack. 2002, Cisco Systems, Inc. All rights reserved. Phase 4 Traceback the Attack 1 Six Phases to ISP Security Incident Response Preparation Identification Classification Traceback Reaction Post Mortem 2 Traceback Attacks to their Source Valid IPv4 Source

More information

WAN Application Infrastructure Fueling Storage Networks

WAN Application Infrastructure Fueling Storage Networks WAN Application Infrastructure Fueling Storage Networks Andrea Chiaffitelli, AT&T Ian Perez-Ponce, Cisco SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies

More information

Configuring IP Services

Configuring IP Services This module describes how to configure optional IP services. For a complete description of the IP services commands in this chapter, refer to the Cisco IOS IP Application Services Command Reference. To

More information

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security Routing Security DDoS and Route Hijacks Merike Kaeo CEO, Double Shot Security merike@doubleshotsecurity.com DISCUSSION POINTS Understanding The Growing Complexity DDoS Attack Trends Packet Filters and

More information

Security by BGP 101 Building distributed, BGP-based security system

Security by BGP 101 Building distributed, BGP-based security system Security by BGP 101 Building distributed, BGP-based security system Łukasz Bromirski lukasz@bromirski.net May 2017, CERT EE meeting Roadmap for the session BGP as security mechanism BGP blackholing project

More information

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to

More information

PROTECTING INFORMATION ASSETS NETWORK SECURITY

PROTECTING INFORMATION ASSETS NETWORK SECURITY PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security

More information

Internet2 DDoS Mitigation Update

Internet2 DDoS Mitigation Update Internet2 DDoS Mitigation Update Nick Lewis, Program Manager - Security and Identity, Internet2 Karl Newell, Cyberinfrastructure Security Engineer, Internet2 2016 Internet2 Let s start with questions!

More information

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security Pavel Minařík, Chief Technology Officer Neutral Peering Days 2018, The Hague Your customers depend on your

More information

Flow-based Traffic Visibility

Flow-based Traffic Visibility Flow-based Traffic Visibility Operations, Performance, Security Pavel Minařík, Chief Technology Officer What is Flow Data? Modern method for network monitoring flow measurement Cisco standard NetFlow v5/v9,

More information

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015 2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks 9 th November 2015 AKAMAI SOLUTIONS WEB PERFORMANCE SOLUTIONS MEDIA DELIVERY SOLUTIONS CLOUD SECURITY SOLUTIONS CLOUD NETWORKING

More information

Cisco Security Monitoring, Analysis and Response System 4.2

Cisco Security Monitoring, Analysis and Response System 4.2 Q&A Cisco Security Monitoring, Analysis and Response System 4.2 GENERAL Q. What is the Cisco Security Monitoring, Analysis and Response System? A. The Cisco Security Monitoring, Analysis and Response System

More information

Network Security Monitoring with Flow Data

Network Security Monitoring with Flow Data Network Security Monitoring with Flow Data IT Monitoring in Enterprises NPMD (Network Performance Monitoring & Diagnostics) SNMP basics Flow data for advanced analysis and troubleshooting Packet capture

More information

OpenFlow: What s it Good for?

OpenFlow: What s it Good for? OpenFlow: What s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect Agenda SDN & OpenFlow Refresher How we got here SDN/OF Deployment Examples Other practical use cases

More information

COMPUTER NETWORK SECURITY

COMPUTER NETWORK SECURITY COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (7 th Week) 7. Denial-of-Service Attacks 7.Outline Denial of Service Attacks Flooding Attacks Distributed Denial of Service Attacks Application Based

More information

Global DDoS Measurements. Jose Nazario, Ph.D. NSF CyberTrust Workshop

Global DDoS Measurements. Jose Nazario, Ph.D. NSF CyberTrust Workshop Global DDoS Measurements Jose Nazario, Ph.D. jose@arbor.net NSF CyberTrust Workshop Quick Outline, Conclusions o Measurements - We re screwed o Observations - We know who o The wrong approach: point solutions

More information

Andrisoft Wanguard. On-premise anti-ddos solution. Carrier-grade DDoS detection and mitigation software. Product Data Sheet Wanguard 6.

Andrisoft Wanguard. On-premise anti-ddos solution. Carrier-grade DDoS detection and mitigation software. Product Data Sheet Wanguard 6. Carrier-grade DDoS detection and mitigation software Andrisoft Wanguard On-premise anti-ddos solution Andrisoft Wanguard is enterprise-grade software that delivers to NOC, IT and Security teams the functionality

More information

Imperva Incapsula Website Security

Imperva Incapsula Website Security Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as

More information

F5 DDoS Hybrid Defender : Setup. Version

F5 DDoS Hybrid Defender : Setup. Version F5 DDoS Hybrid Defender : Setup Version 13.1.0.3 Table of Contents Table of Contents Introducing DDoS Hybrid Defender... 5 Introduction to DDoS Hybrid Defender...5 DDoS deployments... 5 Example DDoS Hybrid

More information

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC INTRODUCTION: DDOS ATTACKS 1 DDOS ATTACKS Though Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been common attack techniques used by malicious actors for some time now, organizations

More information

Silverline DDoS Protection. Filip Verlaeckt

Silverline DDoS Protection. Filip Verlaeckt Silverline DDoS Protection Filip Verlaeckt f.verlaeckt@f5.com The evolution of attackers September 1996 First high profile DDoS attack. NY ISP Panix.com that was nearly put out of business. January 2008

More information

Illegitimate Source IP Addresses At Internet Exchange Points

Illegitimate Source IP Addresses At Internet Exchange Points Illegitimate Source IP Addresses At Internet Exchange Points @ DENOG8, Darmstadt Franziska Lichtblau, Florian Streibelt, Philipp Richter, Anja Feldmann 23.11.2016 Internet Network Architectures, TU Berlin

More information

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012

More information

Securing network infrastructure

Securing network infrastructure Securing network infrastructure Matsuzaki maz Yoshinobu maz@iij.ad.jp 1 Our Goals Ensuring Network Availability Controlling Routing Policy Protecting Information Preventing Misuse Mitigating

More information

NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks

NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks Background This NISCC technical note is intended to provide information to enable organisations in the UK s Critical

More information

Cisco Protects Data Center Assets with Network-Based Intrusion Prevention System

Cisco Protects Data Center Assets with Network-Based Intrusion Prevention System Cisco Protects Data Center Assets with Network-Based Intrusion Prevention System Cisco Computer Security Incident Response Team (CSIRT) detects and mitigates network threats before the onset of data loss

More information

Ensuring the Success of E-Business Sites. January 2000

Ensuring the Success of E-Business Sites. January 2000 Ensuring the Success of E-Business Sites January 2000 Executive Summary Critical to your success in the e-business market is a high-capacity, high-availability and secure web site. And to ensure long-term

More information

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no LHC3296BUS OVH: Shields Up! Building a True Security Barrier in the Cloud Chris Romano, Principal Systems Engineer #VMworld #LHC3296BUS VMworld disclaimer This presentation may contain product features

More information

Advanced Attack Response and Mitigation

Advanced Attack Response and Mitigation Advanced Attack Response and Mitigation Agenda Overview of cloud DDoS detection and mitigation which features geographically diverse scrubbing and high velocity auto-mitigation capabilities. - Overview

More information

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

PrepAwayExam.   High-efficient Exam Materials are the best high pass-rate Exam Dumps PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-618 Title : Deploying Cisco ASA Firewall Solutions (FIREWALL v2.0) Vendors : Cisco

More information

Firewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.

Firewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others. Firews and NAT 1 Firews By conventional definition, a firew is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. firew isolates organization

More information

Cisco Virtual Networking Solution for OpenStack

Cisco Virtual Networking Solution for OpenStack Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides

More information

An Aflac Case Study: Moving a Security Program from Defense to Offense

An Aflac Case Study: Moving a Security Program from Defense to Offense SESSION ID: CXO-W11 An Aflac Case Study: Moving a Security Program from Defense to Offense Tim Callahan SVP & Global CISO Aflac Threat Landscape Selected losses > 30,000 records (updated 10/15/16) Security

More information

Network Policy Enforcement

Network Policy Enforcement CHAPTER 6 Baseline network policy enforcement is primarily concerned with ensuring that traffic entering a network conforms to the network policy, including the IP address range and traffic types. Anomalous

More information

TDC 375 Network Protocols TDC 563 P&T for Data Networks

TDC 375 Network Protocols TDC 563 P&T for Data Networks TDC 375 Network Protocols TDC 563 P&T for Data Networks Routing Threats TDC 375/563 Spring 2013/14 John Kristoff DePaul University 1 One of two critical systems Routing (BGP) and naming (DNS) are by far

More information

Fundamentals of IP Networking 2017 Webinar Series Part 4 Building a Segmented IP Network Focused On Performance & Security

Fundamentals of IP Networking 2017 Webinar Series Part 4 Building a Segmented IP Network Focused On Performance & Security Fundamentals of IP Networking 2017 Webinar Series Part 4 Building a Segmented IP Network Focused On Performance & Security Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services

More information

Anti-DDoS. FAQs. Issue 11 Date HUAWEI TECHNOLOGIES CO., LTD.

Anti-DDoS. FAQs. Issue 11 Date HUAWEI TECHNOLOGIES CO., LTD. Issue 11 Date 2018-05-28 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2019. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any

More information

VoIP Gateway Series. Unwanted Call Blocking Service Features (Hacking Call, Illegal Call, etc) AddPac Technology. 2011, Sales and Marketing

VoIP Gateway Series. Unwanted Call Blocking Service Features (Hacking Call, Illegal Call, etc) AddPac Technology. 2011, Sales and Marketing VoIP Gateway Series Unwanted Call Blocking Service Features (Hacking Call, Illegal Call, etc) www.addpac.com Technology 2011, Sales and Marketing Contents Overview Unwanted Call Blocking Service for VoIP

More information

Black Hole Routers Damir Rajnovic Incident manager, Cisco PSIRT

Black Hole Routers Damir Rajnovic Incident manager, Cisco PSIRT Black Hole Routers Damir Rajnovic Incident manager, Cisco PSIRT 2002, Cisco Systems, Inc. All rights reserved. 1 What will be covered Why? What? How? 2002, Cisco Systems, Inc. All rights

More information

Distributed Denial of Service

Distributed Denial of Service Distributed Denial of Service Vimercate 17 Maggio 2005 anegroni@cisco.com DDoS 1 Agenda PREFACE EXAMPLE: TCP EXAMPLE: DDoS CISCO S DDoS SOLUTION COMPONENTS MODES OF PROTECTION DETAILS 2 Distributed Denial

More information

OSSIR. 8 Novembre 2005

OSSIR. 8 Novembre 2005 OSSIR 8 Novembre 2005 Arbor Networks: Security Industry Leader Arbor s Peakflow products ensure the security and operational integrity of the world s most critical networks Solid Financial Base Sales have

More information

PROTECT NETWORK EDGE WITH BGP, URPF AND S/RTBH. by John Brown, CityLink Telecommunications, LLC

PROTECT NETWORK EDGE WITH BGP, URPF AND S/RTBH. by John Brown, CityLink Telecommunications, LLC PROTECT NETWORK EDGE WITH BGP, URPF AND S/RTBH by John Brown, CityLink Telecommunications, LLC About Me Based in Albuquerque, NM US Will travel for packet$, food, and good Scotch.! MikroTik Trainer CityLink

More information

AT&T SD-WAN Network Based service quick start guide

AT&T SD-WAN Network Based service quick start guide AT&T SD-WAN Network Based service quick start guide After you order your AT&T SD-WAN Network Based service, you can: Create administrator accounts Log in to the SD-WAN orchestrator Configure business policy

More information

A Security Orchestration System for CDN Edge Servers

A Security Orchestration System for CDN Edge Servers A Security Orchestration System for CDN Edge Servers ELAHEH JALALPOUR STERE PREDA MILAD GHAZNAVI MAKAN POURZANDI DANIEL MIGAULT RAOUF BOUTABA 1 Outline Introduction Edge Server Security Orchestration Implementation

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 5, ISSUE 1 1ST QUARTER 2018 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2018 4 DDoS

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS

More information

CCNA Course Access Control Lists

CCNA Course Access Control Lists CCNA Course Access Control Lists Access Control Lists (ACL) Traffic Filtering Permit or deny packets moving through router Permit or deny (VTY) access to or from a router Traffic Identifying for special

More information

Network Defense Applications Using Stationary and Event-Driven IP Sinkholes

Network Defense Applications Using Stationary and Event-Driven IP Sinkholes Network Defense Applications Using Stationary and Event-Driven IP Sinkholes Defeating Denial of Service, Decreasing False Positives, and Enriching Network Intelligence using IP Sinkholes What this presentation

More information

Cloudflare Advanced DDoS Protection

Cloudflare Advanced DDoS Protection Cloudflare Advanced DDoS Protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com

More information

Unit 4: Firewalls (I)

Unit 4: Firewalls (I) Unit 4: Firewalls (I) What is a firewall? Types of firewalls Packet Filtering Statefull Application and Circuit Proxy Firewall services and limitations Writing firewall rules Example 1 Example 2 What is

More information

Cisco Catalyst 6500 Supervisor Engine 2T: NetFlow Enhancements

Cisco Catalyst 6500 Supervisor Engine 2T: NetFlow Enhancements Cisco Catalyst 6500 Supervisor Engine 2T: NetFlow Enhancements White Paper March 5, 2011 Contents Overview... 3 NetFlow Introduction... 3 Sup2T Increased NetFlow Scalability... 6 Egress NetFlow... 7 Sampled

More information

Introduction to Network Address Translation

Introduction to Network Address Translation Introduction to Network Address Translation Campus Network Design & Operations Workshop These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)

More information

Where we are in the Course

Where we are in the Course Network Layer Where we are in the Course Moving on up to the Network Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Network Layer How to connect different link layer

More information

Wireshark in the Large Enterprise

Wireshark in the Large Enterprise Wireshark in the Large Enterprise Hansang Bae, Director Riverbed Performance Management, Architect http://www.youtube.com/hansangb has the Camtasia recorded sessions. https://www.box.com/sharkfest2013

More information

SP Infrastructure Security Survey & Attack Classification

SP Infrastructure Security Survey & Attack Classification SP Infrastructure Security Survey & Attack Classification Danny McPherson danny@arbor.net & Ray Hunt ray.hunt@canterbury.ac.nz Apricot 2006 - Perth, Australia 1 Goals Given time constraints, focus will

More information

Access Control Lists and IP Fragments

Access Control Lists and IP Fragments Access Control Lists and IP Fragments Document ID: 8014 Contents Introduction Types of ACL Entries ACL Rules Flowchart How Packets Can Match an ACL Example 1 Example 2 fragments Keyword Scenarios Scenario

More information

Changing the IP Fairness Rule With Flow Management

Changing the IP Fairness Rule With Flow Management Changing the IP Fairness Rule With Flow Management Dr. Lawrence Roberts Founder, Chairman, Anagran 1 The Beginning of the Internet ARPANET became the Internet 1965 MIT- 1 st Packet Experiment -Roberts

More information

Arbor Solution Brief Arbor Cloud for Enterprises

Arbor Solution Brief Arbor Cloud for Enterprises Arbor Solution Brief Arbor Cloud for Enterprises Integrated DDoS Protection from the Enterprise to the Cloud About Arbor Networks Arbor Networks Inc., the cyber security division of NETSCOUT, helps secure

More information

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See Louis Scialabba Carrier Solutions Marketing Nov 2015 November 16, 2015 Topics What s New in Cybersecurity

More information

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8 Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and

More information

Optimizing the Internet Quality of Service and Economics for the Digital Generation. Dr. Lawrence Roberts President and CEO,

Optimizing the Internet Quality of Service and Economics for the Digital Generation. Dr. Lawrence Roberts President and CEO, Optimizing the Internet Quality of Service and Economics for the Digital Generation Dr. Lawrence Roberts President and CEO, lroberts@anagran.com Original Internet Design File Transfer and Remote Computing

More information

Cisco DDoS Solution Clean Pipes Architecture

Cisco DDoS Solution Clean Pipes Architecture Cisco DDoS Solution Clean Pipes Architecture Dynamic filters to block attack sources Anti-spoofing to block spoofed packets Legitimate traffic Rate limits Dynamic & Static Filters Active Statistical Verification

More information

9 STEPS FOR FIGHTING AGAINST DDOS ATTACKS IN REAL-TIME.

9 STEPS FOR FIGHTING AGAINST DDOS ATTACKS IN REAL-TIME. 9 STEPS FOR FIGHTING AGAINST DDOS ATTACKS IN REAL-TIME www.haltdos.com info@haltdos.com Slow network performance or a single website downtime can cause serious revenue damage to any online business, both

More information

Enterprise IPv6 Deployment Strategies: The NAT is back

Enterprise IPv6 Deployment Strategies: The NAT is back Enterprise IPv6 Deployment Strategies: The NAT is back IPv6 Forum (Singapore Chapter) Sanjeev Gupta sanjeev@dcs1.biz 0-1 Copyright @2016 IPv6 Forum (Singapore Chapter). CC-BY-SA 0-2 @2016 IPv6 Forum (Singapore

More information

SCP-500. SolarWinds Certified Professional Exam Exam.

SCP-500. SolarWinds Certified Professional Exam Exam. SolarWinds SCP-500 SolarWinds Certified Professional Exam Exam TYPE: DEMO http://www.examskey.com/scp-500.html Examskey SolarWinds SCP-500 exam demo product is here for you to test the quality of the product.

More information

Arbor White Paper Keeping the Lights On

Arbor White Paper Keeping the Lights On Arbor White Paper Keeping the Lights On The Importance of DDoS Defense in Business Continuity Planning About Arbor Networks Arbor Networks Inc., the cyber security division of NETSCOUT, helps secure the

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 3 3RD QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q3 2017 4 DDoS

More information

5 What two Cisco tools can be used to analyze network application traffic? (Choose two.) NBAR NetFlow AutoQoS Wireshark Custom Queuing

5 What two Cisco tools can be used to analyze network application traffic? (Choose two.) NBAR NetFlow AutoQoS Wireshark Custom Queuing 1 Refer to the exhibit. After configuring QoS, a network administrator issues the command show queueing interface s0/1. What two pieces of information can an administrator learn from the output of this

More information

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect Secure your Web Applications with AWS WAF & AWS Shield James Chiang ( 蔣宗恩 ) AWS Solution Architect www.cloudsec.com What to expect from this session Types of Threats AWS Shield AWS WAF DEMO Real World

More information

An Aflac Case Study: Moving a Security Program from Defense to Offense

An Aflac Case Study: Moving a Security Program from Defense to Offense SESSION ID: TTA-F02 An Aflac Case Study: Moving a Security Program from Defense to Offense Tim Callahan SVP & Global Chief Security Officer Aflac Threat Landscape Security risks are growing at a faster

More information

Attack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing

Attack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing Attack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing RIPE 50 Stockholm, Sweden Danny McPherson danny@arbor.net May 3, 2005 Agenda What s a bot and what s it used for?

More information

network security s642 computer security adam everspaugh

network security s642 computer security adam everspaugh network security s642 adam everspaugh ace@cs.wisc.edu computer security today Announcement: HW3 to be released WiFi IP, TCP DoS, DDoS, prevention 802.11 (wifi) STA = station AP = access point BSS = basic

More information

SDN Applications and Use Cases. Copyright 2015 ITRI

SDN Applications and Use Cases. Copyright 2015 ITRI SDN Applications and Use Cases Copyright 20 ITRI Bachelor B Ph.D (IR) (ITRI) Engineer 20 Copyright 20 ITRI 2 Outline SDN Basics SDN Use Cases & Applications Google B WAN NEC VTN OpenDefenseFlow Firewall

More information

Peer to Peer Infrastructure : QoS enabled traffic prioritization. Mary Barnes Bill McCormick

Peer to Peer Infrastructure : QoS enabled traffic prioritization. Mary Barnes Bill McCormick Peer to Peer Infrastructure : QoS enabled traffic prioritization Mary Barnes (mary.barnes@nortel.com) Bill McCormick (billmcc@nortel.com) p2pi - QoS 1/24/09 1 Overview!! Discuss the mechanisms and implications

More information

set active-probe (PfR)

set active-probe (PfR) set active-probe (PfR) set active-probe (PfR) To configure a Performance Routing (PfR) active probe with a forced target assignment within a PfR map, use the set active-probe command in PfR map configuration

More information

Introduction to DDoS Attacks

Introduction to DDoS Attacks Introduction to DDoS Attacks Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter 2015 MCNC General Use v1.0 DDoS in the News July 2015 2015 MCNC General Use v1.0 DDoS

More information