External BGP DDoS Diversion - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

External BGP DDoS Diversion

Description:

What is a (D)DoS Attack? How to detect (D)DoS attacks? (D)DoS diversion levels ... Firewalling (TCP/UDP blocking) Isolation. External BGP Diversion ... – PowerPoint PPT presentation

Number of Views:71
Avg rating:3.0/5.0
Slides: 21
Provided by: staffSci
Category:

less

Transcript and Presenter's Notes

Title: External BGP DDoS Diversion


1
External BGP (D)DoS Diversion
  • Ruben Valke
  • Wouter Borremans

2
Presentation Content
  • Why was this project initiated?
  • What is a (D)DoS Attack?
  • How to detect (D)DoS attacks?
  • (D)DoS diversion levels
  • Anti (D)DoS mechanisms
  • What is external BGP (D)DoS diversion?
  • Test environment
  • Tests performed
  • Future work
  • Conclusion

3
Why was this project initiated
  • Fill the increasing need for (D)DoS protection
  • Prevention of financial damage
  • Reduce the impact of (D)DoS attacks within the
    Internet core

4
What is a (D)DoS attack?
  • (Distributed) Denial of Service attack
  • Can use vulnerabilities in TCP/IP stack
  • Compromised hosts send traffic to a specific
    destination
  • Result
  • Backbone is filled up with useless traffic
  • Host becomes unreachable

5
What is a (D)DoS attack?
  • Non distributed attack

6
What is a (D)DoS attack?
  • Distributed attack

7
How to detect (D)DoS attacks?
  • Detection by traffic patterns
  • Detection by sudden traffic increase
  • Problem
  • How to trace back the origin of the (D)DoS attack?

8
(D)DoS diversion levels
  • Early diversion
  • Near diversion
  • Late diversion

9
(D)DoS diversion levels
10
Anti (D)DoS mechanisms
  • Rate limiting
  • Oversizing
  • Firewalling (TCP/UDP blocking)
  • Isolation
  • External BGP Diversion

11
What is external BGP diversion?
  • Announcing a more specific network (/32)
  • Leading traffic away from a targeted host or
    network
  • Implemented as an AS, representing the anti
    (D)DoS diversion

12
Why external BGP (D)DoS Diversion?
  • Effective routing decisions to prevent traffic
    flows end up in an ISP network
  • Can be implemented at all layers of the Internet
    core (Early, Near, Middle)
  • Fast convergence to other routers

13
Test environment
14
Tests performed
  • Diversion (Demo)
  • Adjusting next-hop
  • Drop community
  • Null routing

15

Normal Traffic flow
DoS attack initiated
DDoS diversion (normal)
Adjusting next-hop
drop community
16
Test environment
  • 3 x Foundry BigIron 4000 router
  • 1 x Foundry BigIron 8000 switch
  • 1 x Server debian linux / zebra router
  • 2 x laptops for ddos generation
  • 2 x laptops as target hosts
  • 1 x laptop as reference machine
  • 1 x pc as blackhole

17
Test environment
18
Future work
  • Phyiscal implementation
  • Traffic learning and measuring
  • Writing a RFC

19
Conclusion
  • Very effective way
  • Can be implemented fast
  • Unfortunately not a 100 solution
  • Futher research would be nice

20
Write a Comment
User Comments (0)
About PowerShow.com