ddos - fod€¦ · ddos by type of network nrens interconnects gÉant 81 183 641 509 143 1,877...

Report

Post on 25-Apr-2020

2 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Networks·Services·Peoplewww.geant.org

GEANTInforma.on&InfrastructureSecurityTeam

CEEPeeringDays

DDoSMi:ga:onToolDDoS-FoD

Budapest,March30th2016

EvangelosSpatharas

Networks·Services·Peoplewww.geant.org 2

WhoisGÉANT?

Networks·Services·Peoplewww.geant.org

NetworkAAacks

GÉANT

DNS,NTP,SMTPandotheramplifica:onaKacks..

4

55%40%

5%

DDoSbyTypeofNetwork

NRENs

Interconnects

GÉANT

81 183 641 509 143

1,877

4,862 4,723

0

1000

2000

3000

4000

5000

6000

Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19 Oct-19 Nov-19

NoofAAacksperM

onth

April2015-October2015

DDoSAAacksDetected

Networks·Services·Peoplewww.geant.org

GÉANT’sSecurityApproach

Interconnect

Transit

??

7

Networks·Services·Peoplewww.geant.org 5

DefendingGÉANT

Networks·Services·Peoplewww.geant.org 6

DefendingGÉANT

Networks·Services·Peoplewww.geant.org 7

Preventa.veControls-Zones

Networks·Services·Peoplewww.geant.org 8

NumberofVulnerableSystembyOS

•  Assetmanagement•  AreasofaKen:on•  Monthlyscans

Preventa.veControls–Others

Others

•  uRPF•  Bogons•  Spoofing•  Etc

Networks·Services·Peoplewww.geant.org 9

Detec.on

Networks·Services·Peoplewww.geant.org 10

NetFlowMonitoring+ADS

FlowMon

•  NetFlowv9•  33JuniperMXs•  >900Mflowsperday•  1:100samplingrate•  Entrypoints•  Fan-outforothertools•  Notjustanomalydetec:ontool•  Alerts•  Redundacy?•  Manymethods..

Networks·Services·Peoplewww.geant.org 11

NetFlowAlerts+AutomatedTickets=NSHaRP

!  Basedoncri:cality!  Perclientbasis!  Automa:cclosure!  MainlyanNRENservice!  Dailyreports

Networks·Services·Peoplewww.geant.org 12

Mi.ga.on

Networks·Services·Peoplewww.geant.org 13

Chainarchitecture

•  Head"Middle"Tail•  Audi:ng•  Troubleshoo:ng•  Deployment

ACLs–ChainArchitecture

Networks·Services·Peoplewww.geant.org 14

Sta.s.cs

•  6RTBH-eddes:na:ons•  ~3billionsofpacketsblocked

Countersreseteveryweek!!

RTBH

Other

•  UTRSservice–TeamCYMRU•  CogentRTBHservice•  Etc.

Networks·Services·Peoplewww.geant.org

fod.geant.netBGPFlowspec-FoD

Networks·Services·Peoplewww.geant.org 16

FoDWEBGUI

Networks·Services·Peoplewww.geant.org 17

FoDDemoTime

DemoTime!

Networks·Services·Peoplewww.geant.org 18

Underthehood–CurrentStatus

IXA

GÈANTInternet

IXB

NRENA

Flowspec

FoD

NSHaRP/other

Networks·Services·Peoplewww.geant.org 19

Upgrade–FuturePlans

IXA

GÈANTInternet

IXB

NRENA

Flowspec

FoD

NSHaRP&RepShield

Networks·Services·Peoplewww.geant.org 20

LessonsLearned

Networks·Services·Peoplewww.geant.org 21

WhatdoYOUthink?

WhatdoYOUthink?

Networks·Services·Peoplewww.geant.org 22

Q&A

Networks·Services·Peoplewww.geant.org

Thankyou

Networks·Services·Peoplewww.geant.org

23

GEANTInforma:on&InfrastructureSecurityTeam

Evangelos.Spatharas@geant.org

top related

detecting ddos
Documents
a blockchain-based architecture for collaborative ddos...
Documents
ddos protection
Documents
26. a taxonomy of ddos attack and ddos defense mechanisms
Documents
ddos protection protecting against the ddos attacks since...
Internet
ddos prevention
Documents
ddos tutorial
Documents
ddos handbook
Documents
imperva incapsula waf and ddos protection campaign€¦ ·...
Documents
a taxonomy of ddos attack and ddos defense mechanisms
Documents
datasheet: ddos protection - grayhats datasheet ddos...or...
Documents
ddos protection place for ddos attacks
Internet
ddos threat landscape -...
Documents
ddos attacks 101 - vistnet ddos protection & mitigation...
Documents
cloudfale ddos
Documents
prolexic ddos analytics & ddos mitigation in real time
Technology
ddos report
Technology
ddos attacks
Documents
ddos testing services - zencurity.com · ddos testing...
Documents
lecture 29: bots, botnets, ddos attacks, and ddos attack...
Documents