who is arbor networksarchivos.usuaria.org.ar/documentos/ddos.pdf · arbor networks overview . ddos...
TRANSCRIPT
![Page 2: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/2.jpg)
DoS & DDoS…. Unavailability! Interruption!
• Denial of Service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet
• A Distributed Denial of Service (DDoS) is where the attack source is more than one, often thousands of, unique IP addresses. It is analogous to a group of people crowding the entry door or gate to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting normal operations.
![Page 3: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/3.jpg)
DDoS type of Attacks
3
1. Volumetric Attacks Also known as “floods,” the goal of this type of attack is to cause congestion and send so much traffic that it overwhelms the bandwidth of the site. Attacks are typically executed using botnets, an army of computers infected with malicious software and controlled as a group by the hacker 2. TCP State-Exhaustion Attacks (Statefull devices) This type of attack focuses on actual web servers, firewalls and load balancers to disrupt connections, resulting in exhausting their finite number of concurrent connections the device can support 3. Application Layer Attacks This type of attack, also known as Layer 7 attacks, specifically targets weaknesses in an application or server with the goal of establishing a connection and exhausting it by monopolizing processes and transactions. These sophisticated threats are harder to detect because not many machines are required to attack, generating a low traffic rate that appears to be legitimate.
![Page 4: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/4.jpg)
DDoS 10 years Timeline
4
On New Year’s eve, the BBC website and iPlayer service went down due to a massive Distributed Denial of Service (DDoS) attack. The attack peaked up to 602 Gbps, according to the claims made by the New World Hacking group, who took the responsibility of the attack. In another recent attack, the Republican presidential candidate Donald Trump’s main campaign website was also targeted by the same group.
![Page 5: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/5.jpg)
DDoS Facts
5
FREQUENT & COMPLEX by COMBINATION
![Page 6: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/6.jpg)
DDoS Drivers/Motivators
6
30%
25% 20%
13%
12%
![Page 7: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/7.jpg)
BotNets
Loud Quiet
ATTACK SPECTRUM
The New Breed of Advanced Threats
![Page 8: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/8.jpg)
Arbor Networks Overview
DDoS Advanced Threats Arbor Cloud Cloud Signaling
+140 Tbps Visibility
Good traffic Malicious traffic & malware
Public Clouds
Corporate Networks
Mobile Carrier
Private Clouds
Service Provider
User / Attacker
Internal Employee
Spectrum Peakflow MNA
Peakflow SP/TMS ATLAS
Peakflow SP/TMS
PravailAPS
PravailAPS
Arbor Network-Wide Product Portfolio
Spectrum
90% of Gartner Cloud and Web Hoster MQ Providers
100% of Tier 1 and 60% of Tier 2 Service Providers
9/10 of Top Online Brands
![Page 9: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/9.jpg)
Arbor: Securing the World’s Largest Networks
100% Percentage of world’s Tier 1 service providers who are Arbor customers
130 Number of countries with Arbor products deployed
+140 Tbps
Amount of global traffic monitored by the ATLAS security intelligence initiative right now – 330+ ISPs sharing real-time data Very Significant portion of global Internet traffic!
#1
Arbor market position in Carrier, Enterprise and Mobile DDoS equipment market segments – 67% of total market [Infonetics Research]
Number of years Arbor has been delivering innovative security and network visibility technologies & products
16
9
![Page 10: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/10.jpg)
ATLAS: Active Threat Level Analysis System
ATLAS sensors are deployed in global internet darknet space to discover and classify attack activity
The information is sent to an ATLAS central repository where it is combined with Arbor, third-party, and vulnerability data
ASERT analyzes combined data and converts into actionable intelligence which is posted on the ATLAS public portal and updated to customer’s devices
Peakflow SP Pravail NSI
ISP Network DARKNET
ATLAS SENSOR
Peakflow SP Pravail NSI
ISP Network DARKNET
ATLAS SENSOR
Peakflow SP Pravail NSI
ISP Network DARKNET
ATLAS SENSOR
ATLAS DATA CENTER
Monitoring of worldwide
infrastructure for network-borne
threats.
Malware Botnets Phishing
P2P
Behavioral Fingerprint
Identify Analyze Protect
1
2
3
1
2
3
10
![Page 12: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/12.jpg)
DDoS and Risk Planning
12
![Page 13: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/13.jpg)
Solution Overview DDoS Defense
![Page 14: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/14.jpg)
DDoS Attack? It will never happen to me…
14
![Page 15: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/15.jpg)
DDoS Attack, It will happen…
15
![Page 16: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/16.jpg)
More Attack Motivations Greater Availability of Botnets
Increased Volume Increased Complexity Increased Frequency
Largest volumetric DDoS has grown from8 to 600
Gbps in 10 years
Over 25% of attacks are now application-based DDoS mostly targeting
HTTP, DNS, SMTP
>50% of data center operators experience >10
attacks per month
DDoS is an Exploding & Evolving Trend
more attacks
Geopolitical “Burma taken offline by DDOS attack”
Protests “Visa, PayPal, and MasterCard attacked”
Extortion “Techwatch weathers DDoS extortion attack”
Better Bots More infected PCs with faster connections
Easy Access Using web 2.0 tools to control botnets
Commoditized Cloud-based botnets, cheaper
![Page 17: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/17.jpg)
DDoS Misconceptions
“My firewall/IPS provides DDoS protection”
“I have enough bandwidth to absorb DDoS attacks”
“No one would want to attack my business.”
38% 49%
13%
Did Your Firewall/IPS Fail Due to DDoS Within
Last 12 Months?
No
Yes
Not Deployed
0,14 1,2 2,5 10 17 24 40 49
100
60
0
50
100
150 Largest Attack in
Gbps
Source: Arbor Worldwide Infrastructure Security Report
Rent a botnet for as little as $50 per day
FACT FACT FACT
Most large data center operators have seen their
firewalls/IPS fail due to DDoS
Multigigabit attacks are common and can overwhelm
the largest networks
Most data centers suffer downtime every year
due to DDoS.
17
![Page 18: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/18.jpg)
Botnet is a Business
• A large number of Botnet tools is available for purchase for you to create your own Botnet
• Botnet Tools today are an industry of its own
• You can – Buy software to create your own Botnet or – Hire Botnets to generate attacks
18
![Page 19: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/19.jpg)
Commercial DDoS Botnets - Darkness
• Popular bot, still in use. Many leaked versions. • Widely mentioned in underground forums, competitive
19
![Page 20: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/20.jpg)
Darkness – Control Panel
• 45,000 bots, 6900 online
20
![Page 21: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/21.jpg)
DirtJumper
• Popular. 20,000 bots attacked Brian Krebs, Nov 2011. • 70,446 bots total – 668 active
21
![Page 22: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/22.jpg)
Dirt Jumper 2
• HTTP flood, Synchronous flood, Download flood, POST flood options
22
![Page 23: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/23.jpg)
Dirt Jumper 3
• 2 HTTP GET attacks, HTTP POST attack • Increased randomization of attack header
23
![Page 24: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/24.jpg)
DDoS Services using Dirt Jumper 3
• Version 3 featured prominently in underground advertisement • Also mentions Optima (Darkness) and G-Bot • Anti-DDoS attacks mentioned
24
![Page 25: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/25.jpg)
Dirt Jumper 5
• New features, anti-DDoS protection evasion
25
![Page 26: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/26.jpg)
Pandora
• $800, cracked for $100 • Attacks look just like Dirt Jumper 5 and Khan bots • March 2012
26
![Page 27: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/27.jpg)
Di BoTNet
• Re-uses Dirt Jumper code, adds “bot killer” feature • March 2012
27
![Page 28: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/28.jpg)
Armageddon
• Very popular bot, active competitor to other Russian bots • Involved in politically motivated attacks in Russia • Observed attacking HTTP and other various ports • Features “Anti-DDoS” attack style and increased attack diversity
28
![Page 29: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/29.jpg)
Commercial DDoS Services
• March 2012, claims private version of Dirt Jumper 5 • $200/week • Five minute test can account for very short attacks
29
![Page 30: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/30.jpg)
microsoftDDoS
• March 2012. $800/month. 15 minute test • Money returned if site comes back online • Anonymous logo used, yet competitive ideology
30
![Page 31: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/31.jpg)
Killer-G
• March 2012. $600/month. 10 minute test • G-bot (AKA Piranha, Drooptroop)
31
![Page 32: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/32.jpg)
DDoS Service Marketing
32
![Page 33: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/33.jpg)
Commercial DDoS Services
33
![Page 34: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/34.jpg)
Commercial DDoS services
34
![Page 35: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/35.jpg)
Commercial DDoS Services
35
![Page 36: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/36.jpg)
Distributed Denial of Service (DDoS)
Targeting your Network, Services and
Customers
36
![Page 37: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/37.jpg)
Volumetric, Brute Force Attacks
• Traffic Floods – Exhaust resources by
creating high bps or pps volumes
– Overwhelm the infrastructure – links, routers, switches, servers
DDoS Attack Categories
Layer 4-7, Smarter and Slow Attacks
• TCP resource exhaustion – Exhaust resources in
servers, load balancers, firewalls or routers
• Application Layer – Take out specific services
or applications
37
![Page 38: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/38.jpg)
DDoS Attacks: Volumetric
Volumetric DDoS attacks are designed to saturate and overwhelm network resources, circuits etc by brute force
Attack Traffic
Good Traffic
ISP 2
ISP 1
ISP n
ISP
SATURATION
Target Applications &
Services
Firewall IPS Load
Balancer
DATA CENTER
38
![Page 39: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/39.jpg)
Distributed Denial of Service (DDoS) Volumetric Attack - Filling up your network capacity
39
![Page 40: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/40.jpg)
Stopping Volumetric Attacks
Cloud-based: Volumetric DDoS mitigation must be done up stream, before traffic gets to Data Center
Activated “on demand”: only active when an attack is detected or reported
Cloud-based DDoS Protection
ISP 2
ISP 1
ISP n
ISP
Peakflow SP/TMS
SCRUBBING CENTER
DATA CENTER
Firewall IPS Load
Balancer
40
![Page 41: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/41.jpg)
Layer 4-7, Smart DDoS Attacks
Use much less bandwidth; harder to detect; target applications where they slowly exhaust resources.
ISP 2
ISP 1
ISP n
ISP
EXHAUSTION
Firewall IPS Load
Balancer
Target Applications &
Services
DATA CENTER EXHAUSTION
41
![Page 42: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/42.jpg)
Distributed Denial of Service (DDoS) Slow Attacks - Taking down your services
42
![Page 43: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/43.jpg)
Stopping Layer 4-7, Smart Attacks
CPE-based: L4-7 DDoS mitigation must be done at the Data Center Always ON: immediate mitigation Fine-tuned to the services behind it to minimize false positives and
false negatives
ISP 2
ISP 1
ISP n
ISP
Target Applications &
Services
CPE-based DDoS Protection
Firewall IPS Load
Balancer
DATA CENTER
43
![Page 44: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/44.jpg)
CPE-based DDoS Defense
• Multifunctional Devices are
not good for DDoS – Security devices “enhanced”
with DDoS functionalities • Firewalls, IPSs, Load balancers
• Specialized Devices – IDMS appliances
• Pravail APS
Think about it: If Firewalls, which are present everywhere, could really handle DDoS attacks,
we would not hear so many stories of sites taken by DDoS, right?
Firewall IPS Load Balancer
44
![Page 45: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/45.jpg)
CPE-Based DDoS Defense Comparison
Pravail APS IPS WAF FW
Application-Layer DDoS Protection
Flood Attack Protection via Cloud Signaling
Protected from State-Exhausting Attacks
Asymmetric DDoS Threat Protection
Easy Inline Deployment
Botnet Detection & Protection
Look for Security & Network Engineering Budgets for Funding
Excellent Good Fair Poor 45
![Page 46: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/46.jpg)
The Evolving Threat Against Data Centers Attackers use a combination of techniques
ISP 2
ISP 1
ISP n
ISP
EXHAUSTION
Load Balancer
Target Applications &
Services
DATA CENTER
SATURATION
Exhaustion of Service
Layer 4-7, Smart DDoS Impact
Volumetric, Brute Force DDoS Impact
Firewall IPS Load
Balancer
46
![Page 47: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/47.jpg)
DDoS Defense Offers in the Market
ISP 2
ISP 1
ISP n
ISP
SCRUBBING CENTER
Cloud Signaling
Cloud-based DDoS Protection
CPE-based DDoS Protection
Firewall IPS
Load Balancer
Target Applications &
Services
DATA CENTER
47
![Page 48: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/48.jpg)
Cloud Signaling
• Immediate protection with seamless handoff to ISP’s DDoS filtration services
– “Clean Pipes”
Arbor Peakflow SP / TMS-based DDoS
Service
Arbor Pravail APS
Data
Cen
ter N
etw
ork
Firewall / IPS / WAF
Publ
ic F
acin
g Se
rver
s
Subscriber Network Subscriber Network
Internet Service Provider
Cloud Signaling Status
Gain full protection from a single console by signaling to the cloud Utilize Cloud Signaling Coalition for volumetric DDoS protection
1. Service Operating Normally
2. Attack Begins and Initially Blocked by Pravail APS
3. Attack Grows Exceeding Bandwidth
4. Cloud Signal Launched
5. Customer Fully Protected!
SATURATION
Subscriber Network Subscriber Network
48
![Page 49: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/49.jpg)
Cloud Signaling Deployment Options • Cloud Signaling can work with two options of
Cloud-based DDoS Mitigation service offerings:
• Cloud Signaling is an advanced feature! – Reduce time to start Cloud-based mitigation,
increasing availability, with Cloud Signaling
LOCAL- ISP DDoS mitigation infrastructure directly upstream to the Data Center
Carrier- agnostic
Provider DDoS mitigation infrastructure is somewhere in the internet Cloud, even in a different country
49
![Page 50: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/50.jpg)
Pravail APS + Arbor Cloud
ISP 2
ISP 1
ISP n
ISP Firewall
IPS Load
Balancer
Target Applications &
Services
DATA CENTER
SCRUBBING CENTER Cloud-based
DDoS Protection
On-premise DDoS Protection
Cloud Signaling
50
![Page 51: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/51.jpg)
Comments? Questions?
![Page 52: Who is Arbor Networksarchivos.usuaria.org.ar/documentos/DDoS.pdf · Arbor Networks Overview . DDoS . Advanced Threats Arbor Cloud . Cloud Signaling +140 Tbps Visibility . Good traffic](https://reader034.vdocuments.us/reader034/viewer/2022051409/601bef2fcd95cd6b4a15639d/html5/thumbnails/52.jpg)
Thank You !