SlideShare uma empresa Scribd logo

DDoS - unstoppable menace

Transferir como ODP, PDF
A
Aravind Anbazhagan

DDoS myths and mitigation

Tecnologia
1 de 13
DDoS : The menace By Aravind Anbazhagan
Outline ● What is DoS/DDoS ? ● Why DDoS is a popular choice ? ● What is the motive behind the attacks ? ● Potential DDoS targets ● Impact of DDoS attack ● Myths in DDoS protection ● DDoS mitigation techniques
Why DDoS is a popular choice ? ● DDoS tools are readily available (hping,juno,Trinoo,StachleDraht,LOIC) ● DDOS is being offerd as a service at a low cost ● Botnets are available for hire to launch a DDoS attack ● Many organizations do not apply any form of DDOS protection ● DDOS solutions are not able to detect all types of attacks ● Difficult for Security professionals to traceback the source of the attack due to spoofed IP address and covert channels ● Organizations rely entirely on ISP for DDOS protection without considering an on premise solution
What is the motive behind DDoS attack ? ● Hacktivism (ideological and political differences) to gain media attention ● Ransom/Extortion ● Take down a competitive player in an online game (host booting) ● Disgruntled customer or former employee ● To divert attention from the real attack or keep the incidence responce team busy ● Cause loss in revenue ● spoil brand reputation ● Boredom ● Annoyance ● Revenge
Potential DDoS targets
Impact of DDoS attack ● Loss of revenue ● Organization reputation damage ● E-commerce credibility ● Lost Productivity ● Contractual Violations ● Incident handling and recovery costs ● Disatisfied customers
Types Of DDoS attacks ● Volumetric attack (magnitude are measured in bits per second (Bps)) SYN flood UDP flood ICMP/Ping flood ● Protocol Attacks (magnitude is measured in Packets per second (PPS)) Ping of death Smurf attack Fragmented packet attack ● Application attack (magnitude are measured in Requests per second (Rps)) HTTP Get (Tools : LOIC (Low Orbit Ion Canon),HULK (HTTP Unbearable Load King), Slowloris) HTTP POST (Tools : RUDY (R-U-Dead-Yet), Tor's Hammer) DNS flood
Myths in DDoS protection ● It only happens for others ! ● Firewalls and IDS will protect me from DDoS ● Software fixes can solve DDoS attack issues ● IPTables can stop DDoS attacks ● ISP or Webhost will take care of DDoS attacks ● ACLs on switches/routers can stop DDoS attacks
DDoS Mitigation techniques ● Have a incidence response plan ready and know whom to contact. ● Monitor to understand normal network traffic and create a baseline. Feed this info to coreleation engine. Ex: Cisco Anamony Detector XT and Arbor Peakflow SP. ● Over provisioning : Buying excess bandwidth or redundant network devices to handle any spikes in demand. ● IP reputation database based blocking : Database contains a list of known or frequest genuine users by IP address ● Geo IP location based blocking : Blocking IP's based on geographical location ● ACL on border routers ● Implement Load balancers ● Aggressive aging of idle connection from the connection table ● Install patches and harden your systems so that they will not be compromised and added to a botnet ● Change default settings and harden the device by disabling unwanted services and ports.
DDoS Mitigation techniques – Cont. ● Implement unicast reverse path forwarding : Stops spoofed IP address by blocking outbound traffic if the IP address does not belong to the same subnet ● Implement TCP Intercept: Protects against TCP SYN flood attack by replying back on behalf of the intended destination. ● Implement high capcity Web Application Firewall (WAF) and IPS ● Rate limiting: Control the rate of traffic sent or received by a network interface controller ● Black Holing/null routing with the aid from ISP: Sending all requests to a non-existent server ● Sink holing: Sends all requests to a logger that logs some statistics and then drops the requests ● Use Clean pipes from ISP or cloud based IP scrubbing to defend against volumetric attacks ● Use dedicated and always on DDoS mitigation appliance ● Implement ingress and egress filtering ● Split services on to different hosts.Dont use a single host as a DNS server and also as a Web server ● For home network, contact ISP and request for dynamic IP address or use VPN
Thank you Questions ?

Recomendados

momentum dns security case study
momentum dns security case studymomentum dns security case study
momentum dns security case studyJim Zhang
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7jemtallon
 
Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Saksham Agrawal
 
CISSP Week 20
CISSP Week 20CISSP Week 20
CISSP Week 20jemtallon
 
Net Defender
Net DefenderNet Defender
Net Defenderkrishna maddikara
 
2. Collecting Network Traffic & 3. Standalone NSM Deployment
2. Collecting Network Traffic & 3. Standalone NSM Deployment2. Collecting Network Traffic & 3. Standalone NSM Deployment
2. Collecting Network Traffic & 3. Standalone NSM DeploymentSam Bowne
 
Can a firewall alone effectively block port scanning activity
Can a firewall alone effectively block port scanning activityCan a firewall alone effectively block port scanning activity
Can a firewall alone effectively block port scanning activitysameer farooq
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to SnortHossein Yavari
 

Recomendados

momentum dns security case study
momentum dns security case studymomentum dns security case study
momentum dns security case studyJim Zhang
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7jemtallon
 
Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Saksham Agrawal
 
CISSP Week 20
CISSP Week 20CISSP Week 20
CISSP Week 20jemtallon
 
Net Defender
Net DefenderNet Defender
Net Defenderkrishna maddikara
 
2. Collecting Network Traffic & 3. Standalone NSM Deployment
2. Collecting Network Traffic & 3. Standalone NSM Deployment2. Collecting Network Traffic & 3. Standalone NSM Deployment
2. Collecting Network Traffic & 3. Standalone NSM DeploymentSam Bowne
 
Can a firewall alone effectively block port scanning activity
Can a firewall alone effectively block port scanning activityCan a firewall alone effectively block port scanning activity
Can a firewall alone effectively block port scanning activitysameer farooq
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to SnortHossein Yavari
 
Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Digital Bond
 
Network traffic analysis course
Network traffic analysis courseNetwork traffic analysis course
Network traffic analysis courseTECHNOLOGY CONTROL CO.
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS ProtectionSrikrupa Srivatsan
 
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios
 
Snort IPS
Snort IPSSnort IPS
Snort IPSSimone Tino
 
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...UzairAhmad81
 
Snort
SnortSnort
SnortFadwa Gmiden
 
Access Control - Week 4
Access Control - Week 4Access Control - Week 4
Access Control - Week 4jemtallon
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Bangladesh Network Operators Group
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14jemtallon
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPROIDEA
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPSSAurabh PRajapati
 
Snort
SnortSnort
SnortRahul Jain
 
Is DNS a Part of Your Cyber Security Strategy?
Is DNS a Part of Your Cyber Security Strategy? Is DNS a Part of Your Cyber Security Strategy?
Is DNS a Part of Your Cyber Security Strategy? Digital Transformation EXPO Event Series
 
Ids 001 ids vs ips
Ids 001 ids vs ipsIds 001 ids vs ips
Ids 001 ids vs ipsjyoti_lakhani
 
Asubastar, sistema de subastas electrónicas
Asubastar, sistema de subastas electrónicasAsubastar, sistema de subastas electrónicas
Asubastar, sistema de subastas electrónicasSolutel Norte
 
Ost 1 10595 81
Ost 1 10595 81Ost 1 10595 81
Ost 1 10595 81unigujjar
 
La presión arterial y su salud
La presión arterial y su saludLa presión arterial y su salud
La presión arterial y su saludFernando Barreto
 
O Nadal
O NadalO Nadal
O Nadalopapaventos
 

Mais conteúdo relacionado

Mais procurados

Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Digital Bond
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios
 
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...UzairAhmad81
 
Access Control - Week 4
Access Control - Week 4Access Control - Week 4
Access Control - Week 4jemtallon
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14jemtallon
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPROIDEA
 

Mais procurados (18)

Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)
 
Network traffic analysis course
Network traffic analysis courseNetwork traffic analysis course
Network traffic analysis course
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
 
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
 
Snort IPS
Snort IPSSnort IPS
Snort IPS
 
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
NGIPS(Next Generation Intrusion Prevention System) in Network security presen...
 
Snort
SnortSnort
Snort
 
Access Control - Week 4
Access Control - Week 4Access Control - Week 4
Access Control - Week 4
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
 
Snort
SnortSnort
Snort
 
Is DNS a Part of Your Cyber Security Strategy?
Is DNS a Part of Your Cyber Security Strategy? Is DNS a Part of Your Cyber Security Strategy?
Is DNS a Part of Your Cyber Security Strategy?
 
Ids 001 ids vs ips
Ids 001 ids vs ipsIds 001 ids vs ips
Ids 001 ids vs ips
 

Destaque

Asubastar, sistema de subastas electrónicas
Asubastar, sistema de subastas electrónicasAsubastar, sistema de subastas electrónicas
Asubastar, sistema de subastas electrónicasSolutel Norte
 
Ost 1 10595 81
Ost 1 10595 81Ost 1 10595 81
Ost 1 10595 81unigujjar
 
La presión arterial y su salud
La presión arterial y su saludLa presión arterial y su salud
La presión arterial y su saludFernando Barreto
 
Pygmy Marmoset Presentation-Cindy Henry
Pygmy Marmoset Presentation-Cindy HenryPygmy Marmoset Presentation-Cindy Henry
Pygmy Marmoset Presentation-Cindy Henrychenry2316
 
U2 drive1
U2 drive1U2 drive1
U2 drive1182311
 
presentacion de kevin mosquera
presentacion de kevin mosquera presentacion de kevin mosquera
presentacion de kevin mosquera kevinandresms
 
Noticias publimetro abbbril
Noticias publimetro abbbrilNoticias publimetro abbbril
Noticias publimetro abbbrilAbril Soto
 

Destaque (16)

Asubastar, sistema de subastas electrónicas
Asubastar, sistema de subastas electrónicasAsubastar, sistema de subastas electrónicas
Asubastar, sistema de subastas electrónicas
 
Ost 1 10595 81
Ost 1 10595 81Ost 1 10595 81
Ost 1 10595 81
 
La presión arterial y su salud
La presión arterial y su saludLa presión arterial y su salud
La presión arterial y su salud
 
O Nadal
O NadalO Nadal
O Nadal
 
5b rafael exposiciónparte2
5b rafael exposiciónparte25b rafael exposiciónparte2
5b rafael exposiciónparte2
 
PRUEBA FINAL DE COMUNICACIÓN
PRUEBA FINAL DE COMUNICACIÓNPRUEBA FINAL DE COMUNICACIÓN
PRUEBA FINAL DE COMUNICACIÓN
 
Pygmy Marmoset Presentation-Cindy Henry
Pygmy Marmoset Presentation-Cindy HenryPygmy Marmoset Presentation-Cindy Henry
Pygmy Marmoset Presentation-Cindy Henry
 
Grupo 2 de informatica
Grupo 2 de informaticaGrupo 2 de informatica
Grupo 2 de informatica
 
U2 drive1
U2 drive1U2 drive1
U2 drive1
 
Presentacion quimica
Presentacion quimicaPresentacion quimica
Presentacion quimica
 
Andres garcia
Andres garciaAndres garcia
Andres garcia
 
presentacion de kevin mosquera
presentacion de kevin mosquera presentacion de kevin mosquera
presentacion de kevin mosquera
 
Fmsl jan 2016
Fmsl jan 2016 Fmsl jan 2016
Fmsl jan 2016
 
Noticias publimetro abbbril
Noticias publimetro abbbrilNoticias publimetro abbbril
Noticias publimetro abbbril
 
Proyectos Lifer-2015
Proyectos Lifer-2015Proyectos Lifer-2015
Proyectos Lifer-2015
 
Past Tense
Past TensePast Tense
Past Tense
 

Semelhante a DDoS - unstoppable menace

EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7allanjude
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackCloudflare
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptxdawitTerefe5
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPROIDEA
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationJerod Brennen
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comUnderstanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16Radware
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1InfoSec Girls
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 

Semelhante a DDoS - unstoppable menace (20)

EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS Attack
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptx
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
 
What is DDoS ?
What is DDoS ?What is DDoS ?
What is DDoS ?
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
 
DDOS.ppt
DDOS.pptDDOS.ppt
DDOS.ppt
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comUnderstanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
 
DDOS (1).ppt
DDOS (1).pptDDOS (1).ppt
DDOS (1).ppt
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
 
9534715
95347159534715
9534715
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS Solution
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
 

Último

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Último (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

DDoS - unstoppable menace

  • 1. DDoS : The menace By Aravind Anbazhagan
  • 2. Outline ● What is DoS/DDoS ? ● Why DDoS is a popular choice ? ● What is the motive behind the attacks ? ● Potential DDoS targets ● Impact of DDoS attack ● Myths in DDoS protection ● DDoS mitigation techniques
  • 3.
  • 4.
  • 5. Why DDoS is a popular choice ? ● DDoS tools are readily available (hping,juno,Trinoo,StachleDraht,LOIC) ● DDOS is being offerd as a service at a low cost ● Botnets are available for hire to launch a DDoS attack ● Many organizations do not apply any form of DDOS protection ● DDOS solutions are not able to detect all types of attacks ● Difficult for Security professionals to traceback the source of the attack due to spoofed IP address and covert channels ● Organizations rely entirely on ISP for DDOS protection without considering an on premise solution
  • 6. What is the motive behind DDoS attack ? ● Hacktivism (ideological and political differences) to gain media attention ● Ransom/Extortion ● Take down a competitive player in an online game (host booting) ● Disgruntled customer or former employee ● To divert attention from the real attack or keep the incidence responce team busy ● Cause loss in revenue ● spoil brand reputation ● Boredom ● Annoyance ● Revenge
  • 8. Impact of DDoS attack ● Loss of revenue ● Organization reputation damage ● E-commerce credibility ● Lost Productivity ● Contractual Violations ● Incident handling and recovery costs ● Disatisfied customers
  • 9. Types Of DDoS attacks ● Volumetric attack (magnitude are measured in bits per second (Bps)) SYN flood UDP flood ICMP/Ping flood ● Protocol Attacks (magnitude is measured in Packets per second (PPS)) Ping of death Smurf attack Fragmented packet attack ● Application attack (magnitude are measured in Requests per second (Rps)) HTTP Get (Tools : LOIC (Low Orbit Ion Canon),HULK (HTTP Unbearable Load King), Slowloris) HTTP POST (Tools : RUDY (R-U-Dead-Yet), Tor's Hammer) DNS flood
  • 10. Myths in DDoS protection ● It only happens for others ! ● Firewalls and IDS will protect me from DDoS ● Software fixes can solve DDoS attack issues ● IPTables can stop DDoS attacks ● ISP or Webhost will take care of DDoS attacks ● ACLs on switches/routers can stop DDoS attacks
  • 11. DDoS Mitigation techniques ● Have a incidence response plan ready and know whom to contact. ● Monitor to understand normal network traffic and create a baseline. Feed this info to coreleation engine. Ex: Cisco Anamony Detector XT and Arbor Peakflow SP. ● Over provisioning : Buying excess bandwidth or redundant network devices to handle any spikes in demand. ● IP reputation database based blocking : Database contains a list of known or frequest genuine users by IP address ● Geo IP location based blocking : Blocking IP's based on geographical location ● ACL on border routers ● Implement Load balancers ● Aggressive aging of idle connection from the connection table ● Install patches and harden your systems so that they will not be compromised and added to a botnet ● Change default settings and harden the device by disabling unwanted services and ports.
  • 12. DDoS Mitigation techniques – Cont. ● Implement unicast reverse path forwarding : Stops spoofed IP address by blocking outbound traffic if the IP address does not belong to the same subnet ● Implement TCP Intercept: Protects against TCP SYN flood attack by replying back on behalf of the intended destination. ● Implement high capcity Web Application Firewall (WAF) and IPS ● Rate limiting: Control the rate of traffic sent or received by a network interface controller ● Black Holing/null routing with the aid from ISP: Sending all requests to a non-existent server ● Sink holing: Sends all requests to a logger that logs some statistics and then drops the requests ● Use Clean pipes from ISP or cloud based IP scrubbing to defend against volumetric attacks ● Use dedicated and always on DDoS mitigation appliance ● Implement ingress and egress filtering ● Split services on to different hosts.Dont use a single host as a DNS server and also as a Web server ● For home network, contact ISP and request for dynamic IP address or use VPN