Post on 11-Feb-2017
transcript
DDoS Protecion Total AnnihilationD
DDoS Mitigation Lab
A
DDoS Mitigation Lab
Independent academic R&D division of Nexusguard building next generation DDoSmitigation knowledge and collaborate with defense community.
Industry body formed to foster synergy among stakeholders to promote advancement in DDoSdefense knowledge.
DDoS Mitigation Lab
DDoS Mitigation Lab
DDoS Relevance, Attack Categories, Detection & Mitigation
Source Host Verification: Authentication Methods TCP SYN Auth HTTP Redirect Auth HTTP Cookie Auth JavaScript Auth CAPTCHA Auth
PoC Tool TCP Traffic Model HTTP Traffic Model
DDoS Mitigation Lab
Size
Bandwidth> 20Gbps
Complexity
Layer 7> 30%
Frequency
Attack> 2.5milper year
Cost
Lost> US$6Mper hour!!
Source: NTT Communications,“Successfully Combating DDoS Attacks” (Aug 2012)
DDoS Mitigation Lab
Volumetric Semantic Blended
DDoS Mitigation Lab
DDoS Mitigation Lab
DDoS Mitigation Lab
SYN ACK
SYN
ACK
RST
SYN
SYN ACK
ACK
DDoS Mitigation Lab
RST
SYN
SYN ACK
SYN
SYN ACK
ACK
DDoS Mitigation Lab
GET /index.html
HTTP 302 redir to /foo/index.html
GET /foo/index.html
HTTP 302 redir to /index.html
GET /index.html
DDoS Mitigation Lab
GET /index.html
HTTP 302 redir to /index.html
HTTP 302 redir to /index.html
GET /index.html
GET /index.html
DDoS Mitigation Lab
GET /index.html
HTTP 302 redir to /index.html [X-Header: foo=bar]
GET /index.html[X-Header: foo=bar]
GET /index.html[X-Header: foo=bar]
HTTP 302 redir to /index.html [X-Header: foo=bar]
GET /index.html
[X-Header: foo=bar]
DDoS Mitigation Lab
GET /index.html
HTTP 302 redir to /index.html
GET /index.html
POST /auth.phpans=16
JS 7+nine=?
DDoS Mitigation Lab
GET /index.html
HTTP 302 redir to /index.html
GET /index.html
POST /auth.php
DDoS Mitigation Lab
c
DDoS Mitigation Lab
c
DDoS Mitigation Lab
c
DDoS Mitigation Lab
Numb
er of
Con
necti
ons
Connection Hold TimeBefore 1st Request
Connection Idle TimeoutAfter Last Request
ConnectionsInterval
ConnectionsInterval
DDoS Mitigation Lab
c
DDoS Mitigation Lab
Numb
er of
Req
uests
per C
onne
ction
RequestsInterval
RequestsInterval
RequestsInterval
DDoS Mitigation Lab
Testing results under specific conditions,valid as of Jul 13, 2013
DDoS Mitigation Lab
Testing results under specific conditions,valid as of Jul 13, 2013
DDoS Mitigation Lab
Testing results under specific conditions,valid as of Jul 13, 2013
DDoS Mitigation Lab
tony.miu@nexusguard.com
waileng.lee@bloodspear.org