SlideShare una empresa de Scribd logo

Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com

Rishabh Dangwal
Rishabh Dangwal

A simple presentation on understanding DDOS and DDOS mitigation solutions.

Tecnología
1 de 16
Understanding DDOS Mitigation Rishabh Dangwal About me : Trivia geek, redbull addict & Independent security enthusiastic, currently employed at Tulip Telecom www.theprohack.com
DDOS Mitigation Mitigation : mit·i·ga·tion. /ˌ ɪʃən/ Spelled[mit-i- mɪtɪˌge gey-shuhn] noun. the act of lessening the force or intensity of something • Understanding DDOS • Countermeasures • Mitigation
DOS • Attack that makes a designated service unavailable to the targeted users • Exploits limitations of the system as an inherent universal vulnerability • Limitations : CPU, Memory,Bandwidth
DDOS • Distributed DOS • A coordinated effort • Botnets are in fashion • Firewalls & IPS are NOT enough • NO 100% solution present , so you can ONLY slow it down
DDOS Continued .. • Protocol Attacks – exploit protocol vulnerabilities/limitations • Bandwidth Attacks – overflow and consume resources , mostly flood attacks • Software Attacks – exploit network software architecture
Typical Countermeasures • SYN Proxy • Limiting Number of Connections • Aggressive Aging • Source Rate Limiting • Dynamic Filtering • Active Verification • Anomaly Recognition • Granular Rate limiting • Whitelisting/Blacklisting • Dark Address Prevention
How DDOS Mitigation solutions work ? • Monitor • Identify • Mitigate
Monitor • Devices are generally added to monitoring sensors/servers/software via SNMP polling/BGP peering • Traffic thresholds are set • Devices..are monitored • Incase of trouble, alerts are generated
Identify • Traffic is identified and profiled according to set parameters, configurations and algorithms • Once identified , identify type of attack • Protocol misuse – DNS / ICMP /TCP Null / TCP RST Flood, IP fragment • Bandwidth misuse
Typical Parameters • Advanced Boolean Match / AS Path Reg exp – by using Regular expressing matching in traffic or on AS Path field of BGP • CIDR – traffic identification using by network prefixes and CIDR blocks • BGP Communities – traffic identification using BGP Communities. • Physical Interfaces – traffic identification by monitoring router’s physical interface through which the traffic is passing. • Peer ASNs & Local ASN/Sub AS – traffic identification by using peer AS numbers field of BGP or by using Local or Sub AS Numbers for the network.
Mitigate • Traffic diversion • Categorize and “scrubbing” the traffic • Bringing the clean traffic to the cloud
Traffic diversion • Generate prefix IP address • BGP route injection to predefined router • Divert traffic
Categorize and scrub traffic • Custom Settings • Traffic Filtering & Malformed DNS packets filtering • DNS Authentication • HTTP request limiting / object limiting • Malformed HTTP & SIP packets filtering • TCP Connection Reset & TCP SYN Authentication • Zombie Removal • Baseline Network Policy Enforcement • Packet shaping • Filter/Allow based on payload • Signature based detection & Mitigation
Tada .. • Once done, Clean traffic is sent to rightful customers • Attack patterns are jotted down for future reference & threat categorization • More smiles, less caffeine
Questions ?
Thank You :] feedback appreciated at admin@theprohack.com

Recomendados

Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Hacking L2 Switches
Hacking L2 SwitchesHacking L2 Switches
Hacking L2 SwitchesNavaneetha Sankar
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Router and Routing Protocol Attacks
Router and Routing Protocol AttacksRouter and Routing Protocol Attacks
Router and Routing Protocol AttacksConferencias FIST
 
Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security TestingConferencias FIST
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 

Recomendados

Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Hacking L2 Switches
Hacking L2 SwitchesHacking L2 Switches
Hacking L2 SwitchesNavaneetha Sankar
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Router and Routing Protocol Attacks
Router and Routing Protocol AttacksRouter and Routing Protocol Attacks
Router and Routing Protocol AttacksConferencias FIST
 
Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security TestingConferencias FIST
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 
Lec21 22
Lec21 22Lec21 22
Lec21 22namish_maheshwari
 
CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5jemtallon
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7jemtallon
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Ciscoguestd05b31
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
pps Matters
pps Matterspps Matters
pps MattersBangladesh Network Operators Group
 
Rdma 1
Rdma 1Rdma 1
Rdma 1Anna Kim
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallVishal Kumar
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startupFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
BGP persistence
BGP persistenceBGP persistence
BGP persistenceBertrand Duvivier
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX networkAlexandre De Oliveira
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPROIDEA
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlanteknetir
 
Gateway and firewall
Gateway and firewallGateway and firewall
Gateway and firewallvinayh.vaghamshi _
 
Topic22
Topic22Topic22
Topic22Anne Starr
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21jemtallon
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)Chandan Jha
 
SS7 & SIGTRAN
SS7 & SIGTRANSS7 & SIGTRAN
SS7 & SIGTRANStephanie Galloway-Williams
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 

Más contenido relacionado

La actualidad más candente

CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5jemtallon
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7jemtallon
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallVishal Kumar
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPROIDEA
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlanteknetir
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21jemtallon
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)Chandan Jha
 

La actualidad más candente (20)

Lec21 22
Lec21 22Lec21 22
Lec21 22
 
CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
 
pps Matters
pps Matterspps Matters
pps Matters
 
Rdma 1
Rdma 1Rdma 1
Rdma 1
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startup
 
BGP persistence
BGP persistenceBGP persistence
BGP persistence
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX network
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlan
 
Gateway and firewall
Gateway and firewallGateway and firewall
Gateway and firewall
 
Topic22
Topic22Topic22
Topic22
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)
 
SS7 & SIGTRAN
SS7 & SIGTRANSS7 & SIGTRAN
SS7 & SIGTRAN
 

Similar a Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com

PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
DDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkDDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkHaltdos
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewMarketingArrowECS_CZ
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPROIDEA
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptxOzkan E
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationWilson Rogerio Lopes
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
DDoS Protection - Detect & Mitigate DDoS Attacks
DDoS Protection - Detect & Mitigate DDoS AttacksDDoS Protection - Detect & Mitigate DDoS Attacks
DDoS Protection - Detect & Mitigate DDoS AttacksNikitaJain90132
 

Similar a Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com (20)

PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
Addios!
Addios!Addios!
Addios!
 
DDoS - unstoppable menace
DDoS - unstoppable menaceDDoS - unstoppable menace
DDoS - unstoppable menace
 
DDoS - unstoppable menace
DDoS - unstoppable menaceDDoS - unstoppable menace
DDoS - unstoppable menace
 
DDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkDDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT Network
 
ids.ppt
ids.pptids.ppt
ids.ppt
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
DDoS attacks
DDoS attacksDDoS attacks
DDoS attacks
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptx
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
DDoS Protection - Detect & Mitigate DDoS Attacks
DDoS Protection - Detect & Mitigate DDoS AttacksDDoS Protection - Detect & Mitigate DDoS Attacks
DDoS Protection - Detect & Mitigate DDoS Attacks
 

Más de Rishabh Dangwal

Cliffnotes on Blue Teaming
Cliffnotes on Blue TeamingCliffnotes on Blue Teaming
Cliffnotes on Blue TeamingRishabh Dangwal
 
An introduction to SwiftNET
An introduction to SwiftNETAn introduction to SwiftNET
An introduction to SwiftNETRishabh Dangwal
 
Network nags - when security fails
Network nags - when security failsNetwork nags - when security fails
Network nags - when security failsRishabh Dangwal
 
Introduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesIntroduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesRishabh Dangwal
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalRishabh Dangwal
 
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh DangwalA guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh DangwalRishabh Dangwal
 

Más de Rishabh Dangwal (7)

Cliffnotes on Blue Teaming
Cliffnotes on Blue TeamingCliffnotes on Blue Teaming
Cliffnotes on Blue Teaming
 
An introduction to SwiftNET
An introduction to SwiftNETAn introduction to SwiftNET
An introduction to SwiftNET
 
Network nags - when security fails
Network nags - when security failsNetwork nags - when security fails
Network nags - when security fails
 
Introduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesIntroduction to Wan Acceleration Devices
Introduction to Wan Acceleration Devices
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh Dangwal
 
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh DangwalA guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
 

Último

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 

Último (20)

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 

Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com

  • 1. Understanding DDOS Mitigation Rishabh Dangwal About me : Trivia geek, redbull addict & Independent security enthusiastic, currently employed at Tulip Telecom www.theprohack.com
  • 2. DDOS Mitigation Mitigation : mit·i·ga·tion. /ˌ ɪʃən/ Spelled[mit-i- mɪtɪˌge gey-shuhn] noun. the act of lessening the force or intensity of something • Understanding DDOS • Countermeasures • Mitigation
  • 3. DOS • Attack that makes a designated service unavailable to the targeted users • Exploits limitations of the system as an inherent universal vulnerability • Limitations : CPU, Memory,Bandwidth
  • 4. DDOS • Distributed DOS • A coordinated effort • Botnets are in fashion • Firewalls & IPS are NOT enough • NO 100% solution present , so you can ONLY slow it down
  • 5. DDOS Continued .. • Protocol Attacks – exploit protocol vulnerabilities/limitations • Bandwidth Attacks – overflow and consume resources , mostly flood attacks • Software Attacks – exploit network software architecture
  • 6. Typical Countermeasures • SYN Proxy • Limiting Number of Connections • Aggressive Aging • Source Rate Limiting • Dynamic Filtering • Active Verification • Anomaly Recognition • Granular Rate limiting • Whitelisting/Blacklisting • Dark Address Prevention
  • 7. How DDOS Mitigation solutions work ? • Monitor • Identify • Mitigate
  • 8. Monitor • Devices are generally added to monitoring sensors/servers/software via SNMP polling/BGP peering • Traffic thresholds are set • Devices..are monitored • Incase of trouble, alerts are generated
  • 9. Identify • Traffic is identified and profiled according to set parameters, configurations and algorithms • Once identified , identify type of attack • Protocol misuse – DNS / ICMP /TCP Null / TCP RST Flood, IP fragment • Bandwidth misuse
  • 10. Typical Parameters • Advanced Boolean Match / AS Path Reg exp – by using Regular expressing matching in traffic or on AS Path field of BGP • CIDR – traffic identification using by network prefixes and CIDR blocks • BGP Communities – traffic identification using BGP Communities. • Physical Interfaces – traffic identification by monitoring router’s physical interface through which the traffic is passing. • Peer ASNs & Local ASN/Sub AS – traffic identification by using peer AS numbers field of BGP or by using Local or Sub AS Numbers for the network.
  • 11. Mitigate • Traffic diversion • Categorize and “scrubbing” the traffic • Bringing the clean traffic to the cloud
  • 12. Traffic diversion • Generate prefix IP address • BGP route injection to predefined router • Divert traffic
  • 13. Categorize and scrub traffic • Custom Settings • Traffic Filtering & Malformed DNS packets filtering • DNS Authentication • HTTP request limiting / object limiting • Malformed HTTP & SIP packets filtering • TCP Connection Reset & TCP SYN Authentication • Zombie Removal • Baseline Network Policy Enforcement • Packet shaping • Filter/Allow based on payload • Signature based detection & Mitigation
  • 14. Tada .. • Once done, Clean traffic is sent to rightful customers • Attack patterns are jotted down for future reference & threat categorization • More smiles, less caffeine
  • 16. Thank You :] feedback appreciated at admin@theprohack.com