Source Router Approach to DDoS Defense Jelena Mirković and Peter Reiher UCLA USENIX Work-In Progress Session Washington DC, 08/17/2001 {sunshine, reiher}@cs.ucla.edu.

Tags:

Post on 23-Dec-2015

215 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

Transcript

Source Router Approach Source Router Approach to DDoS Defenseto DDoS Defense

Jelena Mirković and Peter ReiherUCLA

USENIX Work-In Progress SessionWashington DC, 08/17/2001

{sunshine, reiher}@cs.ucla.edu

Approach OverviewApproach Overview Goal: Prevent our site from participating

in DDoS attack Monitor incoming and outgoing traffic

looking for signs that some destination is in trouble

Reduce traffic to that destination Separate attacking from normal flows Shut down attacking machines

Approach OverviewApproach Overview

A

B

C

DE F G

I

J

H

A

B

C

DE F G

I

J

H

Approach OverviewApproach Overview

A

B

C

DE F G

I

J

H

Approach OverviewApproach Overview

A

B

C

DE F G

I

J

H

Approach OverviewApproach Overview

A

B

C

DE F G

I

J

H

Approach OverviewApproach Overview

Related Work - MULTOPSRelated Work - MULTOPS Yes, it is similar to MULTOPS, but:

It is located on source side only Traffic models do not rely only on packet

ratio Discovery of attacking machines Can be pushed further in the network

time

Stable Packet Ratio Stable Packet Ratio in Mixed Trafficin Mixed Trafficpa

cket

rat

io

time

pack

et r

atio

Stable Packet Ratio Stable Packet Ratio in TCP Trafficin TCP Traffic

time

pack

et r

atio

Stable Packet Ratio Stable Packet Ratio in UDP Trafficin UDP Traffic

time

pack

et r

atio

Stable Packet Ratio Stable Packet Ratio in UDP Trafficin UDP Traffic

time

pack

et r

atio

Variable Packet Ratio Variable Packet Ratio in Mixed Trafficin Mixed Traffic

DDoS + FTP

FTP

DDoS

time

pack

et r

atio

Variable Packet Ratio Variable Packet Ratio in Attack Trafficin Attack Traffic

ChallengesChallengesRouter performance.Why would ISP implement this?False positives.Multicast traffic is usually

unidirectional.Asymmetric routes. Throttling and

TCP congestion control mechanism.Traffic patterns in the Internet change

drastically over time.

For More Info...For More Info...

http://fmg-www.cs.ucla.edu/ddos

top related

Martin Reiher: Moderne Verwaltung
Business
Radovan Ognjanović • Jovan Mirković Marija Keković .......
Documents
Nikola B. Mirković University of Belgrade Teaching ...
Documents
Milica Mirković: JEDNA ŽENSKA KNJIGA
Documents
Security Protocols CS 136 Computer Security Peter Reiher...
Documents
SAVE: Source Address Validity Enforcement Protocol Jun Li,.....
Documents
Real-Time Caption Streaming over WiFi Network Balaji Vasu...
Documents
STATE AND CIVIL SOCIETY IN BOSNIA AND HERZEGOVINA Mirković....
Documents
Network Security, Continued CS 136 Computer Security Peter....
Documents
Razvoj digitalnih gradova u Hrvatskoj - Marina Mirković
Documents
Fakultet ekonomije i turizma «Dr. Mijo Mirković» Josip...
Documents
Introduction CS 136 Computer Security Peter Reiher April 1,...
Documents
International Center on Design-for- Nanotechnologies...
Documents
More on Cryptography CS 136 Computer Security Peter Reiher....
Documents
Sampling for Windows on Data Streams by Vladimir Braverman.....
Documents
Security Protocols CS 136 Computer Security Peter Reiher...
Documents