SlideShare una empresa de Scribd logo

FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and BGP Hijacks

ThousandEyes
ThousandEyes

The network is a key component in application delivery and is often a direct or indirect target of security attacks such as DDoS and BGP hijacking. Mitigation strategies often involve using a third party cloud service without any visibility into whether the mitigation is working well. Using real life examples, we will show how one can measure the user perceived impact of an ongoing attack, as well as identify which aspects of the mitigation are not working as desired. With this detailed availability and performance data at the various layers, financial firms can learn how to better manage ongoing attacks.

Tecnología
1 de 32
Descargar para leer sin conexión
Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and BGP Hijacks Mohit Lad CEO, ThousandEyes
1 About ThousandEyes What We Do Our Customers’ Stories Network performance management designed for today’s dynamic and complex networks Used by 4 of the world’s top banks Founded in 2010 with an HQ in San Francisco CA and a London office Recognized by Gartner and EMA Reduced time to troubleshoot globally load balanced infrastructure Solved multi-week support issue due to an ISP cable cut in Asia Improved customer experience during the Brazil World Cup
2 Today’s Cyber Threat Landscape • Increasing size, frequency and severity of attacks • Exposure via external vendors (DNS, CDN, ISPs) • Greater complexity of corporate networks • Increasing importance of network for business operations
3 More Networks Connected to the Internet Source: CIDR Report Global Routing Table Growth
4 More Devices Connected to the Internet Source: Akamai State of the Internet Reports, Q2 2010-14; Akamai blog 1,600 1,400 1,200 1,000 800 600 400 200 0 2007 2008 2009 2010 2011 2012 2013 2014 Millions IPv6 IPv4 Unique IP Addresses Observed
5 Size of DDoS Attacks Increasing 50% YoY Source: Verizon Data Breach Report 2014
6 Major DDoS Attacks in 2014 400 350 300 250 200 150 100 50 0 Attack Volume Rising Major Attacks in 2014 Q4 12 Q1 13 Q2 13 Q3 13 Q4 13 Q1 14 Q2 14 February: Bitstamp April: UltraDNS August: PlayStation Network, Blizzard Source: Akamai State of the Internet Q2 2014
7 Three Network Security Threats We’ll Cover BGP Hijacks DDoS Attacks DNS Poisoning
BGP Hijacks
9 A Primer on BGP Hijacks AS 14340 Salesforce AS 2914 NTT Autonomous System AS 7018 AT&T AS 3356 Level3 Border Router Salesforce advertises routes among BGP peers to upstream ISPs Salesforce.com advertises prefix 96.43.144.0/22 AT&T receives route advertisements to Salesforce via Level3 and NTT AS 4761 Indosat Traffic Path
10 A Primer on BGP Hijacks AS 14340 Salesforce AS 2914 NTT AS 7018 AT&T AS 3356 Level3 Indosat also advertises prefix 96.43.144.0/22, ‘hijacking’ Salesforce’s routes AS 4761 Indosat Traffic Path AT&T now directs Salesforce-destined traffic to Indosat
11 BGP Hijack: Normal Routes to PayPal PayPal / Akamai prefix Akamai Autonomous System Comcast upstream
Locations with completely 12 BGP Hijack: Routes Advertised from Indosat PayPal / Akamai prefix Correct Autonomous System Hijacked hijacked routes Autonomous System
13 BGP Hijack: PCCW Has No Routes to PayPal PCCW Network only connected to Indosat Not to Akamai / PayPal
14 BGP Hijack: Causing All Traffic to Drop Traffic transiting PCCW has no routes and terminates
DDoS Attacks
16 Network Topology of a DDoS Attack Attackers flood your web service from around the world Sydney Portland, OR London YourBank.com Chicago, IL Tokyo Atlanta Internet Enterprise
17 DDoS Mitigation Strategy 1: On-Premises Sydney Portland, OR London YourBank.com Chicago, IL Tokyo Atlanta Appliance at network edge monitors and mitigates application-layer attacks Internet On-Premises Enterprise DDoS Mitigation Appliance
18 DDoS Mitigation Strategy 2: ISP Collaboration Sydney Portland, OR ISP 1 London YourBank.com Chicago, IL Tokyo Atlanta Attack traffic is routed by ISPs to a remote-triggered black hole ISP 2 Internet Remote- Enterprise Triggered Black Hole
19 DDoS Mitigation Strategy 3: Cloud-Based Sydney Portland, OR London YourBank.com Chicago, IL Tokyo Atlanta Traffic is rerouted, using DNS or BGP, to cloud-based scrubbing centers and ‘real’ traffic is routed back to your network Internet Scrubbing Enterprise Center
20 Why Monitor DDoS Attacks Global Availability Mitigation Deployment Mitigation Performance Vendor Collaboration
21 DDoS Attack: Drop in Global Availability Problems at TCP connection and HTTP receive phases Global availability issues Availability dip to 0%
22 DDoS Attack: Increased Packet Loss and Latency Loss, latency and jitter Loss during height of attack
23 DDoS Attack: Congested Nodes in Upstream ISPs Nodes with >25% packet loss Packet loss in upstream ISPs Verizon and AT&T HSBC bank website under attack High packet loss from all testing points
24 DDoS Attack: Mitigation Effectiveness Verisign DDoS mitigation networks in yellow
25 DDoS Attack: Mitigation Handoff Using BGP New Autonomous System (VeriSign) Prior Autonomous System (HSBC) HSBC prefix New routes Withdrawn routes
DNS Cache Poisoning
27 DNS Cache Poisoning Local DNS Cache www.attack.com Attacker DNS Server dns.attack.com Authoritative DNS Server dns.website.com Attacker www.website.com Attacker inserts a false record into the DNS cache Unsecured DNS server, no DNSSEC, no port randomization User 1 User requests DNS record for www.website.com 2 Looks up record on spoofed name server 3 User accesses spoofed URL 4
28 Blocking Facebook in China DNS availability in China <10%
29 Redirecting Facebook to Alternate IP Addresses Facebook is typically routed to 173.252.110.27, except in China
• Understand network topology and dependencies • Focus on critical network services 30 Key Capabilities to Monitor Network Security • Reachability to your address blocks • Path changes and more specific prefixes upstream Get global visibility Alert on routing to your network • DNS, CDN and hosting providers • DDoS mitigation vendors and ISPs Track efficacy of external services Implement DNSSEC • Prevent cache poisoning on your resolvers • Monitor for poisoning of your records on other networks
It’s time to see the entire picture.

Recomendados

Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
ThousandEyes
 
Discover Network Insights with Reports
Discover Network Insights with ReportsDiscover Network Insights with Reports
Discover Network Insights with Reports
ThousandEyes
 
Monitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsMonitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online Operations
ThousandEyes
 
2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis 2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis
ThousandEyes
 
Diagnosing Internet Outages
Diagnosing Internet OutagesDiagnosing Internet Outages
Diagnosing Internet Outages
ThousandEyes
 
Endpoint Agent Part 1: End User Experience
Endpoint Agent Part 1: End User ExperienceEndpoint Agent Part 1: End User Experience
Endpoint Agent Part 1: End User Experience
ThousandEyes
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent Tests
ThousandEyes
 
ISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black BoxISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black Box
ThousandEyes
 

Recomendados

Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
ThousandEyes
 
Discover Network Insights with Reports
Discover Network Insights with ReportsDiscover Network Insights with Reports
Discover Network Insights with Reports
ThousandEyes
 
Monitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsMonitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online Operations
ThousandEyes
 
2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis 2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis
ThousandEyes
 
Diagnosing Internet Outages
Diagnosing Internet OutagesDiagnosing Internet Outages
Diagnosing Internet Outages
ThousandEyes
 
Endpoint Agent Part 1: End User Experience
Endpoint Agent Part 1: End User ExperienceEndpoint Agent Part 1: End User Experience
Endpoint Agent Part 1: End User Experience
ThousandEyes
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent Tests
ThousandEyes
 
ISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black BoxISP Connectivity Webinar: No Longer a Black Box
ISP Connectivity Webinar: No Longer a Black Box
ThousandEyes
 
Optimizing AS Paths
Optimizing AS PathsOptimizing AS Paths
Optimizing AS Paths
ThousandEyes
 
Endpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
Endpoint Agent Part 3: LAN, Wireless, Gateways and ProxiesEndpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
Endpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
ThousandEyes
 
Monitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentMonitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint Agent
ThousandEyes
 
Monitoring Route Changes
Monitoring Route ChangesMonitoring Route Changes
Monitoring Route Changes
ThousandEyes
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12
ThousandEyes
 
Detecting Hijacks and Leaks
Detecting Hijacks and LeaksDetecting Hijacks and Leaks
Detecting Hijacks and Leaks
ThousandEyes
 
Optimizing WAN to Deliver SharePoint Online Globally
Optimizing WAN to Deliver SharePoint Online GloballyOptimizing WAN to Deliver SharePoint Online Globally
Optimizing WAN to Deliver SharePoint Online Globally
ThousandEyes
 
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet OutagesNANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
ThousandEyes
 
ThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your Network
ThousandEyes
 
Troubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNsTroubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNs
ThousandEyes
 
Enterprise and Wide Area Network Visibility
Enterprise and Wide Area Network VisibilityEnterprise and Wide Area Network Visibility
Enterprise and Wide Area Network Visibility
ThousandEyes
 
Monitoring IPv6 Networks
Monitoring IPv6 NetworksMonitoring IPv6 Networks
Monitoring IPv6 Networks
ThousandEyes
 
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from AnywhereEndpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
ThousandEyes
 
Tips for Optimizing Web Performance
Tips for Optimizing Web PerformanceTips for Optimizing Web Performance
Tips for Optimizing Web Performance
ThousandEyes
 
Better Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectBetter Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes Connect
ThousandEyes
 
Monitoring Network Performance in China
Monitoring Network Performance in ChinaMonitoring Network Performance in China
Monitoring Network Performance in China
ThousandEyes
 
Monitoring DNS Records and Servers
Monitoring DNS Records and ServersMonitoring DNS Records and Servers
Monitoring DNS Records and Servers
ThousandEyes
 
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNowMeasuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
ThousandEyes
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyes
ThousandEyes
 
Monitoring the Pixel-Serving Architecture at Quantcast
Monitoring the Pixel-Serving Architecture at Quantcast Monitoring the Pixel-Serving Architecture at Quantcast
Monitoring the Pixel-Serving Architecture at Quantcast
ThousandEyes
 
Lighting presentation group 97
Lighting presentation group 97Lighting presentation group 97
Lighting presentation group 97
garomero2
 
Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊
Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊
Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊
Chibi Wu
 

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Optimizing AS Paths
Optimizing AS PathsOptimizing AS Paths
Optimizing AS Paths
 
Endpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
Endpoint Agent Part 3: LAN, Wireless, Gateways and ProxiesEndpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
Endpoint Agent Part 3: LAN, Wireless, Gateways and Proxies
 
Monitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentMonitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint Agent
 
Monitoring Route Changes
Monitoring Route ChangesMonitoring Route Changes
Monitoring Route Changes
 
ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12ThousandEyes at Network Field Day 12
ThousandEyes at Network Field Day 12
 
Detecting Hijacks and Leaks
Detecting Hijacks and LeaksDetecting Hijacks and Leaks
Detecting Hijacks and Leaks
 
Optimizing WAN to Deliver SharePoint Online Globally
Optimizing WAN to Deliver SharePoint Online GloballyOptimizing WAN to Deliver SharePoint Online Globally
Optimizing WAN to Deliver SharePoint Online Globally
 
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet OutagesNANOG 68: Decoding Performance Data from Large-Scale Internet Outages
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
 
ThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your NetworkThousandEyes Alerting Essentials for Your Network
ThousandEyes Alerting Essentials for Your Network
 
Troubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNsTroubleshooting Remote Workers and VPNs
Troubleshooting Remote Workers and VPNs
 
Enterprise and Wide Area Network Visibility
Enterprise and Wide Area Network VisibilityEnterprise and Wide Area Network Visibility
Enterprise and Wide Area Network Visibility
 
Monitoring IPv6 Networks
Monitoring IPv6 NetworksMonitoring IPv6 Networks
Monitoring IPv6 Networks
 
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from AnywhereEndpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
Endpoint Agent Part 2: Monitoring SaaS Apps from Anywhere
 
Tips for Optimizing Web Performance
Tips for Optimizing Web PerformanceTips for Optimizing Web Performance
Tips for Optimizing Web Performance
 
Better Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes ConnectBetter Than Best Effort at Bloomberg from ThousandEyes Connect
Better Than Best Effort at Bloomberg from ThousandEyes Connect
 
Monitoring Network Performance in China
Monitoring Network Performance in ChinaMonitoring Network Performance in China
Monitoring Network Performance in China
 
Monitoring DNS Records and Servers
Monitoring DNS Records and ServersMonitoring DNS Records and Servers
Monitoring DNS Records and Servers
 
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNowMeasuring and Troubleshooting Performance of Global Data Centers at ServiceNow
Measuring and Troubleshooting Performance of Global Data Centers at ServiceNow
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyes
 
Monitoring the Pixel-Serving Architecture at Quantcast
Monitoring the Pixel-Serving Architecture at Quantcast Monitoring the Pixel-Serving Architecture at Quantcast
Monitoring the Pixel-Serving Architecture at Quantcast
 

Destacado

Lighting presentation group 97
Lighting presentation group 97Lighting presentation group 97
Lighting presentation group 97
garomero2
 
Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊
Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊
Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊
Chibi Wu
 
SC Galatasaray: To work with fans and generate profit in social media (Ertug ...
SC Galatasaray: To work with fans and generate profit in social media (Ertug ...SC Galatasaray: To work with fans and generate profit in social media (Ertug ...
SC Galatasaray: To work with fans and generate profit in social media (Ertug ...
ResultSportsUkraine
 
добрые советы 4
добрые советы 4добрые советы 4
добрые советы 4
Usman Suleymanov
 
Oliver Pirate Project
Oliver Pirate ProjectOliver Pirate Project
Oliver Pirate Project
Joan Bennett
 

Destacado (14)

Lighting presentation group 97
Lighting presentation group 97Lighting presentation group 97
Lighting presentation group 97
 
Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊
Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊
Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊
 
город
городгород
город
 
п.п. в быту
п.п. в бытуп.п. в быту
п.п. в быту
 
VoIP Monitoring and Troubleshooting
VoIP Monitoring and TroubleshootingVoIP Monitoring and Troubleshooting
VoIP Monitoring and Troubleshooting
 
Managing Network Performance Within and Beyond Your Enterprise
Managing Network Performance Within and Beyond Your EnterpriseManaging Network Performance Within and Beyond Your Enterprise
Managing Network Performance Within and Beyond Your Enterprise
 
Catalogue
CatalogueCatalogue
Catalogue
 
Business Plan
Business Plan Business Plan
Business Plan
 
Social Media's Affect on Interaction
Social Media's Affect on InteractionSocial Media's Affect on Interaction
Social Media's Affect on Interaction
 
Nando evento infantiles- empresa infatil
Nando evento infantiles- empresa infatilNando evento infantiles- empresa infatil
Nando evento infantiles- empresa infatil
 
Yl essential-oils
Yl essential-oilsYl essential-oils
Yl essential-oils
 
SC Galatasaray: To work with fans and generate profit in social media (Ertug ...
SC Galatasaray: To work with fans and generate profit in social media (Ertug ...SC Galatasaray: To work with fans and generate profit in social media (Ertug ...
SC Galatasaray: To work with fans and generate profit in social media (Ertug ...
 
добрые советы 4
добрые советы 4добрые советы 4
добрые советы 4
 
Oliver Pirate Project
Oliver Pirate ProjectOliver Pirate Project
Oliver Pirate Project
 

Similar a FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and BGP Hijacks

Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS PoisoningMonitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
ThousandEyes
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
Raleigh ISSA
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attack
yennhi2812
 
Optimizing Network Connectivity to your Data Center
Optimizing Network Connectivity to your Data CenterOptimizing Network Connectivity to your Data Center
Optimizing Network Connectivity to your Data Center
ThousandEyes
 

Similar a FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and BGP Hijacks (20)

Visualizing Network Security Threats
Visualizing Network Security ThreatsVisualizing Network Security Threats
Visualizing Network Security Threats
 
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS PoisoningMonitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
 
Bezpečnostní architektura F5
Bezpečnostní architektura F5Bezpečnostní architektura F5
Bezpečnostní architektura F5
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
 
Owning End-to-end Application Experience With ThousandEyes
Owning End-to-end Application Experience With ThousandEyesOwning End-to-end Application Experience With ThousandEyes
Owning End-to-end Application Experience With ThousandEyes
 
MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attack
 
Optimizing Network Connectivity to your Data Center
Optimizing Network Connectivity to your Data CenterOptimizing Network Connectivity to your Data Center
Optimizing Network Connectivity to your Data Center
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
eSentinel™ – 360° Cybersecurity Platform Simplified
eSentinel™ – 360° Cybersecurity Platform SimplifiedeSentinel™ – 360° Cybersecurity Platform Simplified
eSentinel™ – 360° Cybersecurity Platform Simplified
 
DDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring ProjectDDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring Project
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyes
 
SANOG 40: DDoS in South Asia
SANOG 40: DDoS in South AsiaSANOG 40: DDoS in South Asia
SANOG 40: DDoS in South Asia
 
Signpost at FOCI 2013
Signpost at FOCI 2013Signpost at FOCI 2013
Signpost at FOCI 2013
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyes
 

Más de ThousandEyes

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
ThousandEyes
 

Más de ThousandEyes (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
 
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
Assure Patient and Clinician Digital Experiences with ThousandEyes for Health...
 
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes Webinar
 
New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024
 
The Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThe Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and Takeaways
 
Enhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersEnhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for Partners
 
The Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThe Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and Takeaways
 
The Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThe Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and Takeaways
 
ThousandEyes Enterprise Digital Workshop - Spanish
ThousandEyes Enterprise Digital Workshop - SpanishThousandEyes Enterprise Digital Workshop - Spanish
ThousandEyes Enterprise Digital Workshop - Spanish
 
ThousandEyes Enterprise Digital Workshop - German
ThousandEyes Enterprise Digital Workshop - GermanThousandEyes Enterprise Digital Workshop - German
ThousandEyes Enterprise Digital Workshop - German
 
ThousandEyes Enterprise Digital Workshop
ThousandEyes Enterprise Digital WorkshopThousandEyes Enterprise Digital Workshop
ThousandEyes Enterprise Digital Workshop
 

Último

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Último (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and BGP Hijacks

  • 1. Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and BGP Hijacks Mohit Lad CEO, ThousandEyes
  • 2. 1 About ThousandEyes What We Do Our Customers’ Stories Network performance management designed for today’s dynamic and complex networks Used by 4 of the world’s top banks Founded in 2010 with an HQ in San Francisco CA and a London office Recognized by Gartner and EMA Reduced time to troubleshoot globally load balanced infrastructure Solved multi-week support issue due to an ISP cable cut in Asia Improved customer experience during the Brazil World Cup
  • 3. 2 Today’s Cyber Threat Landscape • Increasing size, frequency and severity of attacks • Exposure via external vendors (DNS, CDN, ISPs) • Greater complexity of corporate networks • Increasing importance of network for business operations
  • 4. 3 More Networks Connected to the Internet Source: CIDR Report Global Routing Table Growth
  • 5. 4 More Devices Connected to the Internet Source: Akamai State of the Internet Reports, Q2 2010-14; Akamai blog 1,600 1,400 1,200 1,000 800 600 400 200 0 2007 2008 2009 2010 2011 2012 2013 2014 Millions IPv6 IPv4 Unique IP Addresses Observed
  • 6. 5 Size of DDoS Attacks Increasing 50% YoY Source: Verizon Data Breach Report 2014
  • 7. 6 Major DDoS Attacks in 2014 400 350 300 250 200 150 100 50 0 Attack Volume Rising Major Attacks in 2014 Q4 12 Q1 13 Q2 13 Q3 13 Q4 13 Q1 14 Q2 14 February: Bitstamp April: UltraDNS August: PlayStation Network, Blizzard Source: Akamai State of the Internet Q2 2014
  • 8. 7 Three Network Security Threats We’ll Cover BGP Hijacks DDoS Attacks DNS Poisoning
  • 10. 9 A Primer on BGP Hijacks AS 14340 Salesforce AS 2914 NTT Autonomous System AS 7018 AT&T AS 3356 Level3 Border Router Salesforce advertises routes among BGP peers to upstream ISPs Salesforce.com advertises prefix 96.43.144.0/22 AT&T receives route advertisements to Salesforce via Level3 and NTT AS 4761 Indosat Traffic Path
  • 11. 10 A Primer on BGP Hijacks AS 14340 Salesforce AS 2914 NTT AS 7018 AT&T AS 3356 Level3 Indosat also advertises prefix 96.43.144.0/22, ‘hijacking’ Salesforce’s routes AS 4761 Indosat Traffic Path AT&T now directs Salesforce-destined traffic to Indosat
  • 12. 11 BGP Hijack: Normal Routes to PayPal PayPal / Akamai prefix Akamai Autonomous System Comcast upstream
  • 13. Locations with completely 12 BGP Hijack: Routes Advertised from Indosat PayPal / Akamai prefix Correct Autonomous System Hijacked hijacked routes Autonomous System
  • 14. 13 BGP Hijack: PCCW Has No Routes to PayPal PCCW Network only connected to Indosat Not to Akamai / PayPal
  • 15. 14 BGP Hijack: Causing All Traffic to Drop Traffic transiting PCCW has no routes and terminates
  • 17. 16 Network Topology of a DDoS Attack Attackers flood your web service from around the world Sydney Portland, OR London YourBank.com Chicago, IL Tokyo Atlanta Internet Enterprise
  • 18. 17 DDoS Mitigation Strategy 1: On-Premises Sydney Portland, OR London YourBank.com Chicago, IL Tokyo Atlanta Appliance at network edge monitors and mitigates application-layer attacks Internet On-Premises Enterprise DDoS Mitigation Appliance
  • 19. 18 DDoS Mitigation Strategy 2: ISP Collaboration Sydney Portland, OR ISP 1 London YourBank.com Chicago, IL Tokyo Atlanta Attack traffic is routed by ISPs to a remote-triggered black hole ISP 2 Internet Remote- Enterprise Triggered Black Hole
  • 20. 19 DDoS Mitigation Strategy 3: Cloud-Based Sydney Portland, OR London YourBank.com Chicago, IL Tokyo Atlanta Traffic is rerouted, using DNS or BGP, to cloud-based scrubbing centers and ‘real’ traffic is routed back to your network Internet Scrubbing Enterprise Center
  • 21. 20 Why Monitor DDoS Attacks Global Availability Mitigation Deployment Mitigation Performance Vendor Collaboration
  • 22. 21 DDoS Attack: Drop in Global Availability Problems at TCP connection and HTTP receive phases Global availability issues Availability dip to 0%
  • 23. 22 DDoS Attack: Increased Packet Loss and Latency Loss, latency and jitter Loss during height of attack
  • 24. 23 DDoS Attack: Congested Nodes in Upstream ISPs Nodes with >25% packet loss Packet loss in upstream ISPs Verizon and AT&T HSBC bank website under attack High packet loss from all testing points
  • 25. 24 DDoS Attack: Mitigation Effectiveness Verisign DDoS mitigation networks in yellow
  • 26. 25 DDoS Attack: Mitigation Handoff Using BGP New Autonomous System (VeriSign) Prior Autonomous System (HSBC) HSBC prefix New routes Withdrawn routes
  • 28. 27 DNS Cache Poisoning Local DNS Cache www.attack.com Attacker DNS Server dns.attack.com Authoritative DNS Server dns.website.com Attacker www.website.com Attacker inserts a false record into the DNS cache Unsecured DNS server, no DNSSEC, no port randomization User 1 User requests DNS record for www.website.com 2 Looks up record on spoofed name server 3 User accesses spoofed URL 4
  • 29. 28 Blocking Facebook in China DNS availability in China <10%
  • 30. 29 Redirecting Facebook to Alternate IP Addresses Facebook is typically routed to 173.252.110.27, except in China
  • 31. • Understand network topology and dependencies • Focus on critical network services 30 Key Capabilities to Monitor Network Security • Reachability to your address blocks • Path changes and more specific prefixes upstream Get global visibility Alert on routing to your network • DNS, CDN and hosting providers • DDoS mitigation vendors and ISPs Track efficacy of external services Implement DNSSEC • Prevent cache poisoning on your resolvers • Monitor for poisoning of your records on other networks
  • 32. It’s time to see the entire picture.