how to monitor your network during a ddos attack
DESCRIPTION
Distributed Denial of Service attacks (DDoS) are getting larger and more sophisticated causing stress on even the largest networks and applications. ThousandEyes helps security and network operations teams to gain in-depth DNS, network and BGP visibility into DDoS events as they’re happening. Reviewing actual DDoS attacks on leading online services, we share how to: - Visualize impact of an ongoing DDoS Attack. - Ensure DDoS mitigation is correctly configured and working as expected. - Provide insight into your DDoS vendor's performance, including isolating specific scrubbing centers that may be problematic. Watch the recorded webinar with live demo here: http://ow.ly/BzALATRANSCRIPT
![Page 1: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/1.jpg)
How to Monitor Your Network During a DDoS Attack
Nick Kephart Director of Product Marketing
![Page 2: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/2.jpg)
1
We are building a performance management platform architected for the cloud era We make monitoring complex enterprise networks easy and enable you to find and solve problems regardless of where they occur
About ThousandEyes
Founded in 2010 by UCLA PhDs and backed by:
What We Do Our Background
![Page 3: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/3.jpg)
2
DDoS attacks target both application and network layers: 1. Network-Layer:
Attacks causing congestion, bandwidth consumption and saturating connections (e.g. UDP, TCP SYN, DNS)
2. Application-Layer: Low traffic, targeted (e.g. HTTP GET/POST, SMTP)
DDoS Attacks Target App and Network
Network: Volumetric
42%
Network: Fragment-
ation 15%
Network: TCP
Connection 20%
Application 23%
2013 DDoS Attacks by Type
Source: Prolexic Technologies; Arbor Networks
![Page 4: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/4.jpg)
3
Network Topology of a DDoS Attack
Chicago, IL
YourBank.com London
Tokyo
Atlanta
Portland, OR
Sydney
Attackers flood your web service from around the world
Internet Enterprise
![Page 5: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/5.jpg)
4
DDoS Mitigation Strategy 1: On-Premises
Chicago, IL
YourBank.com London
Tokyo
Atlanta
Portland, OR
Sydney
Appliance at network edge monitors and mitigates application-layer attacks
Internet Enterprise On-Premises DDoS Mitigation Appliance
![Page 6: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/6.jpg)
5
DDoS Mitigation Strategy 2: ISP Collaboration
Chicago, IL
YourBank.com London
Tokyo
Atlanta
Portland, OR
Sydney
Attack traffic is routed by ISPs to a remote-triggered black hole
Internet Enterprise Remote-Triggered Black Hole
ISP 1
ISP 2
![Page 7: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/7.jpg)
6
DDoS Mitigation Strategy 3: Cloud-Based
Chicago, IL
YourBank.com London
Tokyo
Atlanta
Portland, OR
Sydney
Traffic is rerouted, using DNS or BGP, to cloud-based scrubbing centers and ‘real’ traffic is routed back to your network
Internet Enterprise Scrubbing Center
![Page 8: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/8.jpg)
7
Why Monitor DDoS Attacks
Global Availability Mitigation Deployment
Mitigation Performance Vendor Collaboration
![Page 9: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/9.jpg)
8
We Help Monitor DDoS Mitigation
Application and network layer correlation
Visibility across ISPs, DNS, online DDOS mitigation, and
corporate networks
Live data sharing with vendors and internal teams
![Page 10: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/10.jpg)
9
Easy to Deploy, SaaS-based Monitoring
Enterprise Internet Application or Service
Enterprise Agent (branch offices, data centers,
key customers)
Cloud Agent (at dozens of global POPs)
Active Tests DNS, BGP, HTTP,
Network
ThousandEyes SaaS Platform
![Page 11: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/11.jpg)
Demo
![Page 12: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/12.jpg)
11
Configure a Test
Start with a HTTP Server or Network test
Select testing locations
Views included in the test
Configure alerts
Choose a service to monitor
![Page 13: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/13.jpg)
12
Understand Global Availability and Faults
Global availability issues
Problems at TCP connection and HTTP receive
phases
Availability dip to 0%
![Page 14: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/14.jpg)
13
Understand Network Connectivity Metrics
Loss, latency
and jitter
Loss during height of attack
![Page 15: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/15.jpg)
14
Find Congested Nodes and Links
Nodes with >25% packet loss
Packet loss in upstream ISPs
Bank website under attack
High packet loss from all
testing points
![Page 16: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/16.jpg)
15
See Across Networks
Select networks
Highlight networks in yellow
Quickly select interesting data points
![Page 17: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/17.jpg)
16
Confirm Mitigation Handoff Using BGP
New Autonomous
System (VeriSign)
Prior Autonomous
System (HSBC)
Withdrawn routes
New routes
Prefixes automatically
identified
![Page 18: How to Monitor Your Network During a DDoS Attack](https://reader034.vdocuments.us/reader034/viewer/2022052311/5587b443d8b42abc688b45d7/html5/thumbnails/18.jpg)
View the Live Demo https://vimeo.com/104451012