Network Security: Denial of Service (DoS) Tuomas Aura (includes material by Aapo Kalliola) T Network security Aalto University, Nov-Dec 2014

Similar documents
Network Security: Denial of Service (DoS) Tuomas Aura / Aapo Kalliola T Network security Aalto University, Nov-Dec 2011

Network Security: Denial of Service (DoS) Aapo Kalliola / Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Network Security: Denial of Service (DoS) Tuomas Aura / Aapo Kalliola T Network security Aalto University, Nov-Dec 2012

Network Security: Denial of Service (DoS) Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Network Security: Denial of Service (DoS), Anonymity. Tuomas Aura

Chapter 7. Denial of Service Attacks

Computer Security: Principles and Practice

CSE 565 Computer Security Fall 2018

COMPUTER NETWORK SECURITY

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

Network Security: IPsec. Tuomas Aura

Imma Chargin Mah Lazer

CSE Computer Security (Fall 2006)

Denial of Service (DoS)

CSE Computer Security

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Internet Protocol and Transmission Control Protocol

Attack Prevention Technology White Paper

Denial of Service. Serguei A. Mokhov SOEN321 - Fall 2004

Configuring Flood Protection

Configuring attack detection and prevention 1

Cloudflare Advanced DDoS Protection

Dan Boneh, John Mitchell, Dawn Song. Denial of Service

Configuring attack detection and prevention 1

Network Security. Thierry Sans

DENIAL OF SERVICE ATTACKS

HP High-End Firewalls

Herding Cats. Carl Brothers, F5 Field Systems Engineer

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100

CNT Computer and Network Security: Denial of Service

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

DDoS Testing with XM-2G. Step by Step Guide

Table of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1

Contents. Denial-of-Service Attacks. Flooding Attacks. Distributed Denial-of Service Attacks. Reflector Against Denial-of-Service Attacks

NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks

Our Narrow Focus Computer Networking Security Vulnerabilities. IP-level vulnerabilities

Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Network Security: Network Flooding. Seungwon Shin GSIS, KAIST

Distributed Denial of Service (DDoS)

Denial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu

HP High-End Firewalls

DNS Security. Ch 1: The Importance of DNS Security. Updated

Denial of Service. EJ Jung 11/08/10

Denial of Service. Eduardo Cardoso Abreu - Federico Matteo Bencic - Pavel Alexeenko -

network security s642 computer security adam everspaugh

Network Security: Firewalls. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

DDoS and Traceback 1

ENEE 457: Computer Systems Security 11/07/16. Lecture 18 Computer Networking Basics

DDoS PREVENTION TECHNIQUE

Chapter 10: Denial-of-Services

Ping of death Land attack Teardrop Syn flood Smurf attack. DOS Attack Methods

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Denial of Service (DoS) attacks and countermeasures

Denial of Service and Distributed Denial of Service Attacks

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 9

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Flashback.. Internet design goals. Security Part One: Attacks and Countermeasures. Why did they leave it out? Security Vulnerabilities

The Internet is not always a friendly place In fact, hosts on the Internet are under constant attack How to deal with this is a large topic

Network Security. Tadayoshi Kohno

Denial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu

Basic Concepts in Intrusion Detection

Network Security Protocols NET 412D

EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS

Resources and Credits. Definition. Symptoms. Denial of Service 3/3/2010 COMP Information on Denial of Service attacks can

Network Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018

Are You Fully Prepared to Withstand DNS Attacks?

Chapter 8 roadmap. Network Security

Lecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015

20-CS Cyber Defense Overview Fall, Network Basics

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF

DDoS: Coordinated Attacks Analysis

CTS2134 Introduction to Networking. Module 08: Network Security

Closed book. Closed notes. No electronic device.

Multi-vector DDOS Attacks

ECE 435 Network Engineering Lecture 23

ELEC5616 COMPUTER & NETWORK SECURITY

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

Unit 4: Firewalls (I)

Configuring IP Services

Check Point DDoS Protector Simple and Easy Mitigation

CSc 466/566. Computer Security. 18 : Network Security Introduction

Network Security. Chapter 0. Attacks and Attack Detection

Configuring NAT for IP Address Conservation

ECE 435 Network Engineering Lecture 23

International Journal of Scientific & Engineering Research, Volume 7, Issue 12, December ISSN

MITIGATING DDOS ATTACK IN CLOUD ENVIRONMENT WITH PACKET FILTERING USING IPTABLES

Load Balancing Technology White Paper

Finding Feature Information

NETWORK SECURITY. Ch. 3: Network Attacks

Configuring Access Rules

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

A Survey of Defense Mechanisms Against DDoS Flooding A

Transcription:

Network Security: Denial of Service (DoS) Tuomas Aura (includes material by Aapo Kalliola) T-110.5241 Network security Aalto University, Nov-Dec 2014

Outline 1. DoS principles 2. Packet-flooding attacks on the Internet 3. Distributed denial of service (DDoS) 4. Filtering defenses 5. DoS attacks in the wild 6. Infrastructural defenses 7. DoS-resistant protocol design 8. Research example 2

DoS principles 3

Denial of service (DoS) Goal of denial-of-service (DoS) attacks is to prevent authorized users from accessing a resource, or to reduce the quality of service (QoS) that authorized users receive Several kinds of DoS attacks: Destroy the resource Disable the resource with misconfiguration or by inducing an invalid state Exhaust the resource or reduce its capacity 4

Resource destruction or disabling Examples: Cutting cables, bombing telephone exchanges Formatting the hard disk Crashing a gateway router These attacks often exploit a software bug, e.g. Unchecked buffer overflows Teardrop attack: overlapping large IP fragments caused Windows and Linux crashes Can be prevented by proper design and implementation 5

Resource exhaustion attacks Attacker overloads a system to exhaust its capacity DoS attack can never be completely prevented in an open network or open service Flooding a web server with requests Filling the mailbox with spam It is difficult to tell the difference between attack and legitimate overload (e.g. Slashdotting, flash crowds) Some resource in the system under attack becomes a bottleneck i.e. runs out first SYN flooding and fixed-size kernel tables Public-key cryptography on slow processors Apache range header request bug Possible future: in highly elastic cloud services, DoS attack may cause excessive cost instead of failure (?) 6

Packet-flooding attacks on the Internet 7

Internet characteristics 1.2.3.4 1.2.3.0/24 Gateway router Internet src 1.2.3.4 dst 5.6.7.8 data Gateway router 5.6.7.0/24 5.6.7.8 Q: Why is the Internet vulnerable to DoS? Open network: anyone can join the network, no central control Open services: servers want new, unregistered clients to connect No global authentication or accountability Flat-rate charging End to end connectivity (P2P): anyone can send packets to anyone Unreliable best-effort routing; congestion causes packet loss Q: Could these be changed? 8

Packet-flooding attack Ping flooding: attacker sends a flood of ping packets (ICMP echo request) to the target Unix command ping -f can be used to send the packets Any IP packets can be used similarly for flooding Packets can be sent with a spoofed source IP address Q: Where is the bottleneck resource that fails first? Typically, packet-flooding exhausts the ISP link bandwidth at the target, in which case the router before the congested link will drop packets Other potential bottlenecks: processing capacity of the gateway router, processing capacity of the IP stack at the target host, wireless link capacity of mobile targets 9

Traffic amplification 1.2.3.4 Echo request src 5.6.7.8 dst 3.4.5.255 Internet Echo response src Echo 3.4.5.10 response Echo response dst src Echo 5.6.7.8 3.4.5.10 response src 3.4.5.10 dst Echo src 5.6.7.8 3.4.5.10 response dst 5.6.7.8 dst src 5.6.7.8 3.4.5.10 dst 5.6.7.8 5.6.7.8 3.4.5.0/24 Example: Smurf attack in the late 90s used IP broadcast addresses for traffic amplification Any protocol or service that can be used for DoS amplification with high factor is dangerous! Non-amplification is a design requirement for all Internet protocols and services 10

Traffic amplification Example: Smurf attack in the late 90s used linkbroadcast for traffic amplification: 1. Attacker sends an ICMP Echo Request (ping) to a broadcast address of a network (e.g. 1.2.3.255) 2. Attacker spoofs the source IP address of the ping 3. Router at the destination broadcasts the ping to the LAN 4. Many nodes in the network respond to the ping 5. The target at the spoofed address is flooded by the responses 11

Traffic reflection 1.2.3.4 Internet Echo request src 5.6.7.8 dst 3.4.5.6 Echo response src 3.4.5.6 dst 5.6.7.8 5.6.7.8 3.4.5.6 Reflection attack: get others to send packets to the target E.g. ping or TCP SYN with spoofed source address DNS reflection + amplification: 64 byte query from attacker, ~3000 byte response to target Hides attack source better than just source IP spoofing 12

Attack impact Honest client Honest packet rate HR Bottleneck link capacity C Attacker Attack packet rate AR Server When HR+AR > C, some packets dropped by router With FIFO or RED queuing discipline at router, dropped packets are selected randomly Packet loss = (HR+AR-C)/(HR+AR) if HR+AR > C; 0 otherwise When HR<<AR, packet loss = (AR-C)/AR 13

Attack impact Packet loss is measured as % Packet loss = (HR+AR-C)/(HR+AR) if HR+AR > C; 0 otherwise When HR<<AR, packet loss (AR-C)/AR Attacker needs to exceed capacity C to cause packet loss Packet-loss for low-bandwidth honest connections only depends on AR Any AR > C severely reduces TCP throughput for honest client Some honest packets nevertheless make it through: to cause 90% packet loss, need attack traffic AR = 10 C, to cause 99% packet loss, need attack traffic AR = 100 C 14

Distributed denial of service (DDoS) 15

Botnet and DDoS Attacker controls thousands of compromised computers and launches a coordinated packet-flooding attack Target Bots Cloud Control network Attacker

Botnets Bots (also called zombies) are home or office computers infected with virus, Trojan, rootkit etc. Controlled and coordinated by attacker, e.g. over IRC, P2P, Tor Examples: Storm, Conficker at their peak >10M hosts (probably) BredoLab ~30M before dismantling Cutweil/Pushdo/Pandex around 2M in August 2012 Dangers: Overwhelming flooding capacity of botnets can exhaust any link; no need to find special weaknesses in the target Q: Who are the DDoS attackers? 17

Who are the (D)DoS attackers? DDoS attacks started as feud between hackers (to gain control of IRC networks) Competitive gaming and game servers User-hosted servers compete for users P2P gaming and chat protocols must not reveal opponent IP addresses Continuous attacks against major game servers (almost half of all DoS attacks, but why?) Blackmailing by criminals, but it is relatively rare Botnet owners can make more money from spam, phishing etc. Politically motivated attacks and rogue governments Against Estonia in 2007 Against South Korea in 2009 Continuous attacks against controversial political web sites Attacks against major services and network infrastructure possibly to test cyber attacks capabilities 18

Filtering defenses 19

Filtering DoS attacks Filtering near the target is the main defense mechanisms against DoS attacks Protect yourself immediate benefit Firewall configured to drop anything unnecessary: Drop protocols and ports no used in the local network Drop unnecessary protocols such as ping or all ICMP, UDP etc. Stateful firewall can drop packets received at the wrong state e.g. TCP packets for non-existing connections Firewall can filter dynamically based on ICMP error messages (destination unreachable) Application-level firewall could filter at application level; probably too slow under DoS (Q: Are there side effects?) 20

Flooding attack detection and response Detect and filter probable attack traffic using machine-learning methods Network-based or host-based attack detection to separate attacks from normal traffic based on traffic characteristics Limitations of DoS filtering: IP spoofing source IP address is not reliable Attacker can evade detection by varying attack patterns and mimicking legitimate traffic (Q: Which packet attributes are difficult to mimic?) 21

Preventing source spoofing How to prevent spoofing of the source IP address? Ingress and egress filtering: Gateway router checks that packets routed from a local network to the ISP have a local source address Generalization: reverse path forwarding Selfless defenses without immediate payoff deployment slow IP traceback Mechanisms for tracing IP packets to their source, mostly academic research and not really deployed Limited utility: take-down thought legal channels is slow; automatic blacklisting of attackers can be misused SYN cookies (we ll come back to this) 22

Other (D)DoS defenses Overprovision (=keep extra capacity) More link capacity, beefier server Elastic cloud service Optimize Replace resource-consuming content with lighter static content Distribute Deploy more servers or reverse proxies Have a true distributed network (Akamai, Cloudflare,..) Buy mitigation Prolexic, Arbor Networks, 23

DoS attacks in the wild 24

SYN flooding Attackers goal: make filtering ineffective honest and attack packets dropped with equal probability Target destination ports that are open to the Internet, e.g. HTTP (port 80), SMTP (port 25) Send initial packets looks like a new honest client SYN flooding: TCP SYN is the first packet of TCP handshake Sent by web/email/etc. clients to start communication with a server Flooding target or its firewall cannot know which SYN packets are legitimate and which attack traffic has to treat all SYN packets equally Can result in server resources getting tied up with halfopen connections 25

DNS flooding DNS query is sent to UDP port 53 on a DNS server Attack amplification using DNS: Most firewalls allow DNS responses through Amplification: craft a DNS record for which 60-byte query can produce 4000-byte responses (fragmented) Query the record via open recursive DNS servers that cache the response traffic amplification happens at the recursive server Queries are sent with a spoofed source IP address, the target address DNS response goes to the target Millions of such queries sent by a botnet 2013 survey: >10000 open DNS resolvers over >7000 Ass Eventually, the open resolvers will be closed 26

DoS attack types in the wild (from Prolexic Quarterly Global DDoS Attack Report Q2/2014) 27

DoS attack types in the wild (from Prolexic Quarterly Global DDoS Attack Report Q2/2014) 28

SYN flooding Typical DoS attacks Target an open server port such as 80 Spoof source IP addresses Mimic real source IP address distribution if possible Mixture of many packet types Mainly SYN, DNS, UDP Time-variable attack Change unpredictably between types of packets If not spoofing source IP address, change between botnet subsets from which packets are sent Sudden start and stop and restart at inconvenient times The goal is to annoy people 29

Infrastructural defenses 30

Over-provisioning Increase bottleneck resource capacity to cope with attacks Recall: Packet loss = (HR+AR-C)/(HR+AR) if HR+AR > C; 0 otherwise When HR<<AR, packet loss = (AR-C)/AR Does doubling link capacity C help? Depends on AR: If attacker sends 100 C to achieve 99% packet loss, doubling C will result in only 98% packet loss If attacker sends 10 C to achieve 90% packet loss, doubling C will result in only 80% packet loss If attacker sends 2 C to achieve 50% packet loss, doubling C will result in (almost) zero packet loss 31

QoS routing QoS routing mechanisms can guarantee service quality to some important clients and services Resource reservation, e.g. Intserv, RSVP Traffic classes, e.g. Diffserv, 802.1Q Protect important clients and connections by giving them a higher traffic class Protect intranet traffic by giving packets from Internet a lower class Prioritizing existing connections After TCP handshake or after authentication Potential problems: How to take into account new honest clients? Cannot trust traffic class of packets from untrusted sources Political opposition to Diffserv: net neutrality 32

Some research proposals IP traceback to prevent IP spoofing Pushback for scalable filtering Capabilities, e.g. SIFF, for prioritizing authorized connections at routers New Internet routing architectures: Overlay routing (e.g. Pastry, i3), publish-subscribe models (e.g. PSIRP), software-defined networking (SDN) Claimed DoS resistance remains to be fully proven

DoS-resistant protocol design 34

Protocol design goals Process attack packets quickly at the end host Prevent attacker from creating excessive state data at the target Avoid doing expensive cryptographic computation Make it easy for a firewall or proxy to filter traffic

Cryptographic authentication Idea: authenticate packets and allow only authorized ones IPsec ESP Filter at firewall or end host Problems: Requires a system for authorizing clients First packet of the authentication protocol becomes the weak point Difficult to use authentication to prevent DoS 36

Stateless handshake (IKEv2) Kr Initiator i HDR(A,0), SAi1, KEi, Ni HDR(A,0), N(COOKIE) HDR(A,0), N(COOKIE), SAi1, KEi, Ni HDR(A,B), SAr1, KEr, Nr, [CERTREQ] HDR(A,B), SK{ IDi, [CERT,] [CERTREQ,] [IDr,] AUTH, SAi2, TSi, TSr } HDR(A,B), E SK (IDr, [CERT,] AUTH, SAr2, TSi, TSr)... Responder r Store state Goal: verify client IP address before server commits resources Responder stores per-client state only after it has received valid cookie: COOKIE = hash(kr, initiator and responder IP addresses) where Kr is a periodically changing key known only by responder initiator cannot spoof its IP address No state-management problems caused by spoofed initial messages (Note: memory size is not the issue) 37

TCP SYN Cookies Client SYN, seq=x, 0 SYN ACK, seq=y, ack=x+1 ACK, seq=x+1, ack=y+1 data... Server Store state Random initial sequence numbers in TCP protect against IP spoofing: client must receive msg 2 to send a valid msg 3 SYN cookie: stateless implementation of the handshake; y = hash(k server, client addr, port, server addr, port) where K server is a key known only to the server. Server does not store any state before receiving and verifying the cookie value in msg 2 Sending the cookie as the initial sequence number; in new protocols, a separate field would be used for the cookie 38

Client puzzle (HIP) RFC 5201, based on research paper by Aura, Nikander, Leiwo 2001 Initiator I Solve puzzle O(2 K ) I1: HIT-I, HIT-R R1: HIT-I, HIT-R, Puzzle(I,K), (g x, PK R, Transforms)SIG I2: (HIT-I, HIT-R, Solution(I,K,J), SPI-I, g y, Transforms, {PK I }) SIG R2: (HIT-I, HIT-R, SPI-R, HMAC) SIG... Responder R Verify solution O(1) Store state, public-key crypto Client pays for server resources by solving a puzzle first Puzzle is brute-force reversal of a K-bit cryptographic hash; puzzle difficulty K can be adjusted according to server load Server does not do public-key operations before verifying the solution Server can also be stateless; puzzle created like stateless cookies 39

Prioritizing old clients One way to cope with overload: give priority to old clients and connections, reject new ones Filtering examples: Remember client IP addresses that have completed sessions previously, completed handshake, or authenticated successfully Prioritize TCP connections from address prefixes that have had many clients over long time (bots are scattered all over the IP address space) Protocol design: Give previous clients a credential (e.g. key) that can be used for reconnecting 40

41 Research topic: Denial-of-service mitigation for Internet services Aapo Kalliola, Tuomas Aura and Sanja Šćepanović Nordsec 2014 conference best paper award

Attack scenario A web server is under packet or request flooding (D)DoS attack Server or link capacity exceeded some of the incoming traffic must be dropped at upstream router or at the server 4.12.2014 42

Defence method Principle: 1. Learn a model of the normal traffic 2. Filter traffic during the attack: serve packets or request that resemble the normal traffic Traffic model: clusters of client IP addresses with equal amount of traffic Filtering criterion: during the attack, prioritize clusters where the traffic increase % is the smallest (provably optimal filtering strategy) 4.12.2014 43

Simulation results Denial-of-service mitigation for Internet services Simulations help test and optimize the algorithms 4.12.2014 44

Implementation architecture Internet SDN-capable switch / router Packet sampling Filtering Traffic features, packet drop rate OpenFlow control Statistics Filter creation Filter deployment data format SDN controller Server Overload detection CPU load, memory use

Clusters {"action":"allow", "priority":1, "subnet":"80.221.20.0/23"}, {"action":"allow", "priority":1, "subnet":"74.6.27.76/30"}, {"action":"allow", "priority":1, "subnet":"82.130.12.55/32"}, {"action":"allow", "priority":1, "subnet":"85.240.0.0/12"}, {"action":"allow", "priority":1, "subnet":"193.167.6.4/32"}, {"action":"allow", "priority":1, "subnet":"74.6.23.228/30"}, {"action":"allow", "priority":1, "subnet":"74.6.28.76/31"}, {"action":"allow", "priority":1, "subnet":"193.185.55.253/32"}, {"action":"allow", "priority":1, "subnet":"74.6.28.158/32"}, {"action":"allow", "priority":1, "subnet":"82.130.21.152/32"}, {"action":"allow", "priority":1, "subnet":"130.233.248.51/32"}, {"action":"allow", "priority":1, "subnet":"213.248.0.0/13"}, {"action":"allow", "priority":1, "subnet":"82.181.32.0/19"}, {"action":"allow", "priority":1, "subnet":"74.6.23.31/32"}, {"action":"allow", "priority":1, "subnet":"82.130.13.181/32"}, {"action":"allow", "priority":1, "subnet":"74.6.28.216/32"}, {"action":"allow", "priority":1, "subnet":"82.130.17.0/28"}, {"action":"allow", "priority":1, "subnet":"130.233.120.38/32"}, {"action":"allow", "priority":1, "subnet":"213.112.0.0/14"}, {"action":"allow", "priority":1, "subnet":"130.233.248.197/32"}, {"action":"allow", "priority":1, "subnet":"74.6.25.112/29"}, {"action":"allow", "priority":1, "subnet":"83.245.230.153/32"}, {"action":"allow", "priority":1, "subnet":"130.233.248.127/32"}, {"action":"allow", "priority":1, "subnet":"80.221.24.231/32"}, {"action":"allow", "priority":1, "subnet":"88.195.119.245/32"}, {"action":"allow", "priority":1, "subnet":"82.130.37.108/30"}, {"action":"allow", "priority":1, "subnet":"130.233.194.52/32"}, {"action":"allow", "priority":1, "subnet":"130.233.238.32/28"}, {"action":"allow", "priority":1, "subnet":"82.181.152.0/22"}, {"action":"allow", "priority":1, "subnet":"193.167.4.14/31"}, {"action":"allow", "priority":1, "subnet":"88.112.128.0/20"}, {"action":"allow", "priority":1, "subnet":"91.155.84.0/22"}, {"action":"allow", "priority":1, "subnet":"193.167.7.220/30"}, {"action":"allow", "priority":1, "subnet":"82.130.34.64/26"}, {"action":"allow", "priority":1, "subnet"a:"193.167.7.216/30"}, {"action":"allow", "priority":1, "subnet":"130.233.194.33/32"}, {"action":"allow", "priority":1, "subnet":"74.6.28.142/31"},

Experimental results Spoofed random IP attacker Single IP attacker Experiments with 10 GG OpenFlow switch 4.12.2014 47

Further reading DDoS attacks and defense mechanisms: classification and state-of-the-art, Douligeris C. and Mitrokotsa A. http://www.sciencedirect.com/science/article/pii/s13891 28603004250 Prolexic Quarterly DDoS Attack Report (requires registration) http://ww.prolexic.com/attack-report 48

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback