SlideShare una empresa de Scribd logo

HKNOG 1.0 - DDoS attacks in an IPv6 World

Tom Paseka
Tom Paseka

How DDoS attacks are different in an IPv6 world

Tecnología
1 de 42
Descargar para leer sin conexión
DDOS attacks in an IPv6 World Tom Paseka HKNOG 1.0 September 2014
Who are we? 2
How does CloudFlare Work? 3 CloudFlare works at the network level. • Once a website is part of the CloudFlare community, its web traffic is routed through CloudFlare’s global network of 24 (and growing) data centers. • At each edge node, CloudFlare manages DNS, caching, bot filtering, web content optimization and third party app installations.
IPv6 Gateway With the Internet's explosive growth and the number of on-net devices closing in on IPv4's maximum capacity, CloudFlare now offers an automatic IPv6 gateway seamlessly bridging the IPv4 and IPv6 networks. • For most businesses, upgrading to the IPv6 protocol is costly and time consuming. • CloudFlare’s solution requires NO hardware, software, or other infrastructure changes by the site owner or hosting provider. • Enabled via the flip of a switch on the site owner’s CloudFlare dashboard. • Users can choose two options: (FULL) which will enable IPv6 on all subdomains that are CloudFlare Enabled, or (SAFE) which will automatically create specific IPv6-only subdomains (e.g. www.ipv6.yoursite.com). 4
DDoS Overview
DDoS Overview • Purpose of a DDoS is to overwhelm an internet resource, to take it offline • This can be: • Volumetric (eg. High Gbps, High PPS or SYN Flooding). To overwhelm infrastructure to the website / resource. SYN floods overwhelm the • Application based (eg. Excessive HTTP POST or search) To overwhelm the application or server. • A website suddenly becoming very popular can also be like a DDOS
DDoS Overview • Growing Trend • Increasing in size all the time • Now regularly attacks are greater than 400Gbps+ • Source: http://www.arbornetworks.com/ images/PeakDDoSAttack_rev2.jpg
DDoS Overview • Large scale DDoS is a common occurrence. • Used for exploitation, even for relatively low amounts (US$500 and below). • Online services available for purchase of DDoS • Known as ‘Booters’ • Large purpose is to kick competitors off online-games so they forfeit the game • Free trails are often available for ‘Booters’ too!
So, what’s this got to do with IPv6?
So, what’s this got to do with IPv6? Nothing?
So, what’s this got to do with IPv6? Or maybe a lot?
So, what’s this got to do with IPv6? Aged tools without IPv6 support: NetFlow (v5): Interface (SNMP) Graph:
So, what’s this got to do with IPv6? Aged tools without IPv6 support: NetFlow (v5): Interface (SNMP) Graph:
So, what’s this got to do with IPv6? Aged tools without IPv6 support: NetFlow (v5): Interface (SNMP) Graph: ?
So, what’s this got to do with IPv6? [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet f? Possible completions: > flow Include flow NLRI [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet6 f? No valid completions
So, what’s this got to do with IPv6? [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet f? Possible completions: > flow Include flow NLRI [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet6 f? No valid completions
So, what’s this got to do with IPv6? [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet f? Possible completions: > flow Include flow NLRI [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet6 f? No valid completions
So, what’s this got to do with IPv6? [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet f? Possible completions: > flow Include flow NLRI [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet6 f? No valid completions L
So, what’s this got to do with IPv6? • Without supporting systems, many things may be impeded: • Ability to identify attacks: No NetFlow data? • Ability to filter the attacks: IP Tables support? (ip6tables) IP ACL / Access-lists BGP FlowSpec Remotely Triggered Black Holing
So, what’s this got to do with IPv6? • So, is this IPv6’s fault? • Looking at the vendors in the room. • Why is any product released without FULL IPv6 support today.
So, what’s this got to do with IPv6? • A lot of IPv6 deployments feel like “best effort” • Best effort doesn’t cut it under big attacks and with security • We all still have a long way to come.
IPv6 Attacks in the Wild
IPv6 Attacks in the Wild • For the most part, in our experience, they’re the same as IPv4 based attacks. • Typically, attack scope is smaller, due to much smaller number of IPv6 hosts on the internet • Not true for all attacks
IPv6 Attacks in the Wild • DNS cache-busted query attacks. • Not only a IPv6 attack, but interesting because of how it came in over IPv6. • Botnet bots, query through their normal configured recursors, using random strings which aren’t cachable
IPv6 Attacks in the Wild Queries look like this: ebepexklyfaxmloh.www.popvote.hk ktylstudkr.www.popvote.hk ohunarajmbkrej.www.popvote.hk wwtdheilzcv.www.popvote.hk zktvvotoyrewaku.www.popvote.hk ……. khyhavsnijslyb.www.popvote.hk gchjpexychflvfv.api-token.popvote.hk ruqnpvp.api-token.popvote.hk fapzefvgowzonss.api-token.popvote.hk mcvhothfketpgre.api-token.popvote.hk
IPv6 Attacks in the Wild • We see about equal break down between normal DNS traffic and Attack DNS traffic with IPv4 and IPv6 • Often in ISP networks, first thing IPv6 enabled on is their own infrastructure, eg: DNS Servers • When infrastructure is dual stacked, the abuse will follow! IPv6 IPv4 $ host tom.ns.cloudflare.com tom.ns.cloudflare.com has address 173.245.59.147 tom.ns.cloudflare.com has IPv6 address 2400:cb00:2049:1::adf5:3b93
IPv6 Attacks in the Wild • These attacks are very effective • Attacks growing past 100M PPS (packets per second) • With the prior ratio of IPv6 traffic • That’s ~20M PPS of IPv6 traffic
IPv6 Attacks in the Wild • About the same amount of IPv6 PPS going across AMS-IX Internet exchange!
IPv6 Attacks in the Wild • IPv6 SYN Floods (and other flooding based attacks) • Botnet send commands/attacks to direct traffic towards a hostname, eg: example.com $ host example.com example.com has address 93.184.216.119 example.com has IPv6 address 2606:2800:220:6d:26bf: 1447:1097:aa7
IPv6 Attacks in the Wild • Botnet master may not be intentional to send traffic towards IPv6 hosts • But bots inside the botnet see the AAAA and send traffic that way • IPv6 preferred selection.
IPv6 Attacks in the Wild Aged tools without IPv6 support: NetFlow (v5): Interface (SNMP) Graph: ?
IPv6 Attacks in the Wild Is all of this interesting?
IPv6 Attacks in the Wild • Show’s IPv6 adoption is growing, not just in users networks, but other parts of the internet. • Expands scope of where IPv6 attacks can come in • Helps change the IPv4 only mindset
Moving Forward
Moving Forward
Moving Forward • We’re making sure IPv6 is enabled for everyone • Previously, we had IPv6 as an option, now its default on and enabled for all our customers
Moving Forward
Moving Forward • This is just the tip of the iceberg • Nothing over IPv6 has been that unique yet • Most attacks are still directed at an IP (IPv4) Address • Most sophisticated are still IPv4 only • Who knows what is coming next?
Moving Forward • Unless we can see what’s happening now • We can’t know what to expect going forward • Except that if you’re not prepared with the same principles in IPv4 security, IPv6 will byte you. • Once you’ve reached equality in IPv4 and IPv6, the issues of IPv4 v. IPv6 in attacks is moot.
Questions?
Thank You!
HKNOG 1.0 - DDoS attacks in an IPv6 World

Recomendados

CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gapCloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gapTom Paseka
 
The curse of the open recursor
The curse of the open recursorThe curse of the open recursor
The curse of the open recursorTom Paseka
 
Welcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, MongoliaWelcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, MongoliaAPNIC
 
Zombie DNS
Zombie DNSZombie DNS
Zombie DNSAPNIC
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73APNIC
 
Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24APNIC
 
APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationTom Paseka
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27APNIC
 

Recomendados

CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gapCloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gapTom Paseka
 
The curse of the open recursor
The curse of the open recursorThe curse of the open recursor
The curse of the open recursorTom Paseka
 
Welcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, MongoliaWelcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, MongoliaAPNIC
 
Zombie DNS
Zombie DNSZombie DNS
Zombie DNSAPNIC
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73APNIC
 
Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24APNIC
 
APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationTom Paseka
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27APNIC
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetAPNIC
 
btNOG 4: IPv6 deployment - where are we now?
btNOG 4: IPv6 deployment - where are we now?btNOG 4: IPv6 deployment - where are we now?
btNOG 4: IPv6 deployment - where are we now?APNIC
 
Testing Rolling Roots
Testing Rolling RootsTesting Rolling Roots
Testing Rolling RootsAPNIC
 
Slides from Introduction to IPv6
Slides from Introduction to IPv6Slides from Introduction to IPv6
Slides from Introduction to IPv6Cyren, Inc
 
NANOG 84: DNS Openness
NANOG 84: DNS OpennessNANOG 84: DNS Openness
NANOG 84: DNS OpennessAPNIC
 
More specific announcments in BGP
More specific announcments in BGPMore specific announcments in BGP
More specific announcments in BGPAPNIC
 
PacNOG 29: Routing security is more than RPKI
PacNOG 29: Routing security is more than RPKIPacNOG 29: Routing security is more than RPKI
PacNOG 29: Routing security is more than RPKIAPNIC
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60RIPE Meetings
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?APNIC
 
IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNICAPNIC
 
OARC 26: Who's asking
OARC 26: Who's askingOARC 26: Who's asking
OARC 26: Who's askingAPNIC
 
Measuring the end user
Measuring the end userMeasuring the end user
Measuring the end userAPNIC
 
28th TWNIC OPM and TWNOG 2017: Security best practices for network operators
28th TWNIC OPM and TWNOG 2017: Security best practices for network operators28th TWNIC OPM and TWNOG 2017: Security best practices for network operators
28th TWNIC OPM and TWNOG 2017: Security best practices for network operatorsAPNIC
 
APNIC Update: btNOG 3
APNIC Update: btNOG 3APNIC Update: btNOG 3
APNIC Update: btNOG 3APNIC
 
Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyRolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyAPNIC
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & TroubleshootingAPNIC
 
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasRIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasAPNIC
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisBangladesh Network Operators Group
 
Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!APNIC
 
VNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateVNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateAPNIC
 
ASERT's DDoS Malware Corral, Volume 2
ASERT's DDoS Malware Corral, Volume 2ASERT's DDoS Malware Corral, Volume 2
ASERT's DDoS Malware Corral, Volume 2dschwarz_arbor
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackImperva
 

Más contenido relacionado

La actualidad más candente

Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetAPNIC
 
btNOG 4: IPv6 deployment - where are we now?
btNOG 4: IPv6 deployment - where are we now?btNOG 4: IPv6 deployment - where are we now?
btNOG 4: IPv6 deployment - where are we now?APNIC
 
Testing Rolling Roots
Testing Rolling RootsTesting Rolling Roots
Testing Rolling RootsAPNIC
 
Slides from Introduction to IPv6
Slides from Introduction to IPv6Slides from Introduction to IPv6
Slides from Introduction to IPv6Cyren, Inc
 
NANOG 84: DNS Openness
NANOG 84: DNS OpennessNANOG 84: DNS Openness
NANOG 84: DNS OpennessAPNIC
 
More specific announcments in BGP
More specific announcments in BGPMore specific announcments in BGP
More specific announcments in BGPAPNIC
 
PacNOG 29: Routing security is more than RPKI
PacNOG 29: Routing security is more than RPKIPacNOG 29: Routing security is more than RPKI
PacNOG 29: Routing security is more than RPKIAPNIC
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60RIPE Meetings
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?APNIC
 
IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNICAPNIC
 
OARC 26: Who's asking
OARC 26: Who's askingOARC 26: Who's asking
OARC 26: Who's askingAPNIC
 
Measuring the end user
Measuring the end userMeasuring the end user
Measuring the end userAPNIC
 
28th TWNIC OPM and TWNOG 2017: Security best practices for network operators
28th TWNIC OPM and TWNOG 2017: Security best practices for network operators28th TWNIC OPM and TWNOG 2017: Security best practices for network operators
28th TWNIC OPM and TWNOG 2017: Security best practices for network operatorsAPNIC
 
APNIC Update: btNOG 3
APNIC Update: btNOG 3APNIC Update: btNOG 3
APNIC Update: btNOG 3APNIC
 
Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyRolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyAPNIC
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & TroubleshootingAPNIC
 
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasRIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasAPNIC
 
Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!APNIC
 
VNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateVNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateAPNIC
 

La actualidad más candente (20)

Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
 
btNOG 4: IPv6 deployment - where are we now?
btNOG 4: IPv6 deployment - where are we now?btNOG 4: IPv6 deployment - where are we now?
btNOG 4: IPv6 deployment - where are we now?
 
Testing Rolling Roots
Testing Rolling RootsTesting Rolling Roots
Testing Rolling Roots
 
Slides from Introduction to IPv6
Slides from Introduction to IPv6Slides from Introduction to IPv6
Slides from Introduction to IPv6
 
NANOG 84: DNS Openness
NANOG 84: DNS OpennessNANOG 84: DNS Openness
NANOG 84: DNS Openness
 
More specific announcments in BGP
More specific announcments in BGPMore specific announcments in BGP
More specific announcments in BGP
 
PacNOG 29: Routing security is more than RPKI
PacNOG 29: Routing security is more than RPKIPacNOG 29: Routing security is more than RPKI
PacNOG 29: Routing security is more than RPKI
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60
 
Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?Is IPv6 Security Still an Afterthought?
Is IPv6 Security Still an Afterthought?
 
IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNIC
 
OARC 26: Who's asking
OARC 26: Who's askingOARC 26: Who's asking
OARC 26: Who's asking
 
Measuring the end user
Measuring the end userMeasuring the end user
Measuring the end user
 
28th TWNIC OPM and TWNOG 2017: Security best practices for network operators
28th TWNIC OPM and TWNOG 2017: Security best practices for network operators28th TWNIC OPM and TWNOG 2017: Security best practices for network operators
28th TWNIC OPM and TWNOG 2017: Security best practices for network operators
 
APNIC Update: btNOG 3
APNIC Update: btNOG 3APNIC Update: btNOG 3
APNIC Update: btNOG 3
 
Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyRolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing Key
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & Troubleshooting
 
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasRIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security Analysis
 
Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!
 
VNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment UpdateVNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment Update
 

Destacado

ASERT's DDoS Malware Corral, Volume 2
ASERT's DDoS Malware Corral, Volume 2ASERT's DDoS Malware Corral, Volume 2
ASERT's DDoS Malware Corral, Volume 2dschwarz_arbor
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackImperva
 
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...ShortestPathFirst
 
Preparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS AttackPreparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS AttackImperva
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaPavel Odintsov
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)btpsec
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
Bonnes pratiques anti-DDOS
Bonnes pratiques anti-DDOSBonnes pratiques anti-DDOS
Bonnes pratiques anti-DDOSJulien SIMON
 
Dağıtık Servis Dışı Bırakma Saldırıları
Dağıtık Servis Dışı Bırakma SaldırılarıDağıtık Servis Dışı Bırakma Saldırıları
Dağıtık Servis Dışı Bırakma SaldırılarıFerhat Ozgur Catak
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
DoS DDoS Saldırıları ve Korunma Yöntemleri Kitabı
DoS DDoS Saldırıları ve Korunma Yöntemleri KitabıDoS DDoS Saldırıları ve Korunma Yöntemleri Kitabı
DoS DDoS Saldırıları ve Korunma Yöntemleri KitabıBGA Cyber Security
 
Adli Bilişim Açısından DoS ve DDoS Saldırıları ve Korunma Yöntemleri
Adli Bilişim Açısından DoS ve DDoS Saldırıları ve Korunma YöntemleriAdli Bilişim Açısından DoS ve DDoS Saldırıları ve Korunma Yöntemleri
Adli Bilişim Açısından DoS ve DDoS Saldırıları ve Korunma YöntemleriBGA Cyber Security
 
Özgür yazılımlarla DDOS Engelleme
Özgür yazılımlarla DDOS EngellemeÖzgür yazılımlarla DDOS Engelleme
Özgür yazılımlarla DDOS EngellemeBGA Cyber Security
 
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriTemel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriBGA Cyber Security
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareCloudflare
 
DDoS Attacks and Countermeasures
DDoS Attacks and CountermeasuresDDoS Attacks and Countermeasures
DDoS Attacks and Countermeasuresthaidn
 

Destacado (18)

ASERT's DDoS Malware Corral, Volume 2
ASERT's DDoS Malware Corral, Volume 2ASERT's DDoS Malware Corral, Volume 2
ASERT's DDoS Malware Corral, Volume 2
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
 
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
 
Preparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS AttackPreparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS Attack
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner Maia
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
 
Bonnes pratiques anti-DDOS
Bonnes pratiques anti-DDOSBonnes pratiques anti-DDOS
Bonnes pratiques anti-DDOS
 
Dağıtık Servis Dışı Bırakma Saldırıları
Dağıtık Servis Dışı Bırakma SaldırılarıDağıtık Servis Dışı Bırakma Saldırıları
Dağıtık Servis Dışı Bırakma Saldırıları
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
DoS DDoS Saldırıları ve Korunma Yöntemleri Kitabı
DoS DDoS Saldırıları ve Korunma Yöntemleri KitabıDoS DDoS Saldırıları ve Korunma Yöntemleri Kitabı
DoS DDoS Saldırıları ve Korunma Yöntemleri Kitabı
 
Adli Bilişim Açısından DoS ve DDoS Saldırıları ve Korunma Yöntemleri
Adli Bilişim Açısından DoS ve DDoS Saldırıları ve Korunma YöntemleriAdli Bilişim Açısından DoS ve DDoS Saldırıları ve Korunma Yöntemleri
Adli Bilişim Açısından DoS ve DDoS Saldırıları ve Korunma Yöntemleri
 
Syn Flood DDoS Saldırıları
Syn Flood DDoS SaldırılarıSyn Flood DDoS Saldırıları
Syn Flood DDoS Saldırıları
 
Özgür yazılımlarla DDOS Engelleme
Özgür yazılımlarla DDOS EngellemeÖzgür yazılımlarla DDOS Engelleme
Özgür yazılımlarla DDOS Engelleme
 
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriTemel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
 
DDoS Attacks and Countermeasures
DDoS Attacks and CountermeasuresDDoS Attacks and Countermeasures
DDoS Attacks and Countermeasures
 

Similar a HKNOG 1.0 - DDoS attacks in an IPv6 World

Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentationjohnmcclure00
 
fgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdffgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdfFernandoGont
 
IPv6 IAB/IETF Activities Report from ARIN 32
IPv6 IAB/IETF Activities Report from ARIN 32IPv6 IAB/IETF Activities Report from ARIN 32
IPv6 IAB/IETF Activities Report from ARIN 32ARIN
 
[En] IPVS for Docker Containers
[En] IPVS for Docker Containers[En] IPVS for Docker Containers
[En] IPVS for Docker ContainersAndrey Sibirev
 
IPVS for Docker Containers
IPVS for Docker ContainersIPVS for Docker Containers
IPVS for Docker ContainersBob Sokol
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringChristian Elsen
 
what/why/how of IPv6 || 2002:3239:43c3::1
what/why/how of IPv6 || 2002:3239:43c3::1what/why/how of IPv6 || 2002:3239:43c3::1
what/why/how of IPv6 || 2002:3239:43c3::1Anshu Prateek
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesDon Anto
 
NEW LAUNCH IPv6 in the Cloud: Protocol and AWS Service Overview
NEW LAUNCH IPv6 in the Cloud: Protocol and AWS Service OverviewNEW LAUNCH IPv6 in the Cloud: Protocol and AWS Service Overview
NEW LAUNCH IPv6 in the Cloud: Protocol and AWS Service OverviewAmazon Web Services
 
IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013Zivaro Inc
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksSkeeve Stevens
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
IPv6 enterprise security - The NAT Returns
IPv6 enterprise security - The NAT ReturnsIPv6 enterprise security - The NAT Returns
IPv6 enterprise security - The NAT ReturnsSanjeev Gupta
 
SUSE - performance analysis-with_ceph
SUSE - performance analysis-with_cephSUSE - performance analysis-with_ceph
SUSE - performance analysis-with_cephinwin stack
 

Similar a HKNOG 1.0 - DDoS attacks in an IPv6 World (20)

IPV6 a tale of two protocols
IPV6 a tale of two protocolsIPV6 a tale of two protocols
IPV6 a tale of two protocols
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentation
 
fgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdffgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdf
 
Ventajas de IPv6
Ventajas de IPv6Ventajas de IPv6
Ventajas de IPv6
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
IPv6 IAB/IETF Activities Report from ARIN 32
IPv6 IAB/IETF Activities Report from ARIN 32IPv6 IAB/IETF Activities Report from ARIN 32
IPv6 IAB/IETF Activities Report from ARIN 32
 
[En] IPVS for Docker Containers
[En] IPVS for Docker Containers[En] IPVS for Docker Containers
[En] IPVS for Docker Containers
 
IPVS for Docker Containers
IPVS for Docker ContainersIPVS for Docker Containers
IPVS for Docker Containers
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
 
what/why/how of IPv6 || 2002:3239:43c3::1
what/why/how of IPv6 || 2002:3239:43c3::1what/why/how of IPv6 || 2002:3239:43c3::1
what/why/how of IPv6 || 2002:3239:43c3::1
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & Securities
 
NEW LAUNCH IPv6 in the Cloud: Protocol and AWS Service Overview
NEW LAUNCH IPv6 in the Cloud: Protocol and AWS Service OverviewNEW LAUNCH IPv6 in the Cloud: Protocol and AWS Service Overview
NEW LAUNCH IPv6 in the Cloud: Protocol and AWS Service Overview
 
IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013IPv6 Security - Hacker Halted 2013
IPv6 Security - Hacker Halted 2013
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
IPv6 on the Interop Network
IPv6 on the Interop NetworkIPv6 on the Interop Network
IPv6 on the Interop Network
 
IPv6 enterprise security - The NAT Returns
IPv6 enterprise security - The NAT ReturnsIPv6 enterprise security - The NAT Returns
IPv6 enterprise security - The NAT Returns
 
SUSE - performance analysis-with_ceph
SUSE - performance analysis-with_cephSUSE - performance analysis-with_ceph
SUSE - performance analysis-with_ceph
 

Más de Tom Paseka

Peering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringPeering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringTom Paseka
 
The New Edge of the Network
The New Edge of the NetworkThe New Edge of the Network
The New Edge of the NetworkTom Paseka
 
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?Tom Paseka
 
Detecting spoofing at IxP's
Detecting spoofing at IxP'sDetecting spoofing at IxP's
Detecting spoofing at IxP'sTom Paseka
 
Interconnection landscape in Asia - TPIX Peering Forum 2017
Interconnection landscape in Asia - TPIX Peering Forum 2017Interconnection landscape in Asia - TPIX Peering Forum 2017
Interconnection landscape in Asia - TPIX Peering Forum 2017Tom Paseka
 
DDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetDDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetTom Paseka
 
KINX Peering Forum - A Brief Overview of Regulation of Interconnection
KINX Peering Forum - A Brief Overview of Regulation of InterconnectionKINX Peering Forum - A Brief Overview of Regulation of Interconnection
KINX Peering Forum - A Brief Overview of Regulation of InterconnectionTom Paseka
 
Interconnection in Regional Markets
Interconnection in Regional MarketsInterconnection in Regional Markets
Interconnection in Regional MarketsTom Paseka
 
BBIX Asia Internet
BBIX Asia InternetBBIX Asia Internet
BBIX Asia InternetTom Paseka
 
New Zealand and the world as a CDN
New Zealand and the world as a CDNNew Zealand and the world as a CDN
New Zealand and the world as a CDNTom Paseka
 
flowspec @ APF 2013
flowspec @ APF 2013flowspec @ APF 2013
flowspec @ APF 2013Tom Paseka
 
Unicast vs Anycast
Unicast vs AnycastUnicast vs Anycast
Unicast vs AnycastTom Paseka
 
Routing for an Anycast CDN
Routing for an Anycast CDNRouting for an Anycast CDN
Routing for an Anycast CDNTom Paseka
 

Más de Tom Paseka (14)

Peering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringPeering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in Peering
 
The New Edge of the Network
The New Edge of the NetworkThe New Edge of the Network
The New Edge of the Network
 
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
HKNOG 6.0 Next Generation Networks - will automation put us out of jobs?
 
Detecting spoofing at IxP's
Detecting spoofing at IxP'sDetecting spoofing at IxP's
Detecting spoofing at IxP's
 
Interconnection landscape in Asia - TPIX Peering Forum 2017
Interconnection landscape in Asia - TPIX Peering Forum 2017Interconnection landscape in Asia - TPIX Peering Forum 2017
Interconnection landscape in Asia - TPIX Peering Forum 2017
 
DDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internetDDoS And Spoofing, a risk to the decentralized internet
DDoS And Spoofing, a risk to the decentralized internet
 
KINX Peering Forum - A Brief Overview of Regulation of Interconnection
KINX Peering Forum - A Brief Overview of Regulation of InterconnectionKINX Peering Forum - A Brief Overview of Regulation of Interconnection
KINX Peering Forum - A Brief Overview of Regulation of Interconnection
 
Interconnection in Regional Markets
Interconnection in Regional MarketsInterconnection in Regional Markets
Interconnection in Regional Markets
 
BBIX Asia Internet
BBIX Asia InternetBBIX Asia Internet
BBIX Asia Internet
 
New Zealand and the world as a CDN
New Zealand and the world as a CDNNew Zealand and the world as a CDN
New Zealand and the world as a CDN
 
flowspec @ APF 2013
flowspec @ APF 2013flowspec @ APF 2013
flowspec @ APF 2013
 
nanog
nanognanog
nanog
 
Unicast vs Anycast
Unicast vs AnycastUnicast vs Anycast
Unicast vs Anycast
 
Routing for an Anycast CDN
Routing for an Anycast CDNRouting for an Anycast CDN
Routing for an Anycast CDN
 

Último

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 

Último (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 

HKNOG 1.0 - DDoS attacks in an IPv6 World

  • 1. DDOS attacks in an IPv6 World Tom Paseka HKNOG 1.0 September 2014
  • 3. How does CloudFlare Work? 3 CloudFlare works at the network level. • Once a website is part of the CloudFlare community, its web traffic is routed through CloudFlare’s global network of 24 (and growing) data centers. • At each edge node, CloudFlare manages DNS, caching, bot filtering, web content optimization and third party app installations.
  • 4. IPv6 Gateway With the Internet's explosive growth and the number of on-net devices closing in on IPv4's maximum capacity, CloudFlare now offers an automatic IPv6 gateway seamlessly bridging the IPv4 and IPv6 networks. • For most businesses, upgrading to the IPv6 protocol is costly and time consuming. • CloudFlare’s solution requires NO hardware, software, or other infrastructure changes by the site owner or hosting provider. • Enabled via the flip of a switch on the site owner’s CloudFlare dashboard. • Users can choose two options: (FULL) which will enable IPv6 on all subdomains that are CloudFlare Enabled, or (SAFE) which will automatically create specific IPv6-only subdomains (e.g. www.ipv6.yoursite.com). 4
  • 6. DDoS Overview • Purpose of a DDoS is to overwhelm an internet resource, to take it offline • This can be: • Volumetric (eg. High Gbps, High PPS or SYN Flooding). To overwhelm infrastructure to the website / resource. SYN floods overwhelm the • Application based (eg. Excessive HTTP POST or search) To overwhelm the application or server. • A website suddenly becoming very popular can also be like a DDOS
  • 7. DDoS Overview • Growing Trend • Increasing in size all the time • Now regularly attacks are greater than 400Gbps+ • Source: http://www.arbornetworks.com/ images/PeakDDoSAttack_rev2.jpg
  • 8. DDoS Overview • Large scale DDoS is a common occurrence. • Used for exploitation, even for relatively low amounts (US$500 and below). • Online services available for purchase of DDoS • Known as ‘Booters’ • Large purpose is to kick competitors off online-games so they forfeit the game • Free trails are often available for ‘Booters’ too!
  • 9. So, what’s this got to do with IPv6?
  • 10. So, what’s this got to do with IPv6? Nothing?
  • 11. So, what’s this got to do with IPv6? Or maybe a lot?
  • 12. So, what’s this got to do with IPv6? Aged tools without IPv6 support: NetFlow (v5): Interface (SNMP) Graph:
  • 13. So, what’s this got to do with IPv6? Aged tools without IPv6 support: NetFlow (v5): Interface (SNMP) Graph:
  • 14. So, what’s this got to do with IPv6? Aged tools without IPv6 support: NetFlow (v5): Interface (SNMP) Graph: ?
  • 15. So, what’s this got to do with IPv6? [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet f? Possible completions: > flow Include flow NLRI [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet6 f? No valid completions
  • 16. So, what’s this got to do with IPv6? [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet f? Possible completions: > flow Include flow NLRI [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet6 f? No valid completions
  • 17. So, what’s this got to do with IPv6? [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet f? Possible completions: > flow Include flow NLRI [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet6 f? No valid completions
  • 18. So, what’s this got to do with IPv6? [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet f? Possible completions: > flow Include flow NLRI [edit protocols bgp group ROUTESERVER neighbor] tom@edge01.syd01# set family inet6 f? No valid completions L
  • 19. So, what’s this got to do with IPv6? • Without supporting systems, many things may be impeded: • Ability to identify attacks: No NetFlow data? • Ability to filter the attacks: IP Tables support? (ip6tables) IP ACL / Access-lists BGP FlowSpec Remotely Triggered Black Holing
  • 20. So, what’s this got to do with IPv6? • So, is this IPv6’s fault? • Looking at the vendors in the room. • Why is any product released without FULL IPv6 support today.
  • 21. So, what’s this got to do with IPv6? • A lot of IPv6 deployments feel like “best effort” • Best effort doesn’t cut it under big attacks and with security • We all still have a long way to come.
  • 22. IPv6 Attacks in the Wild
  • 23. IPv6 Attacks in the Wild • For the most part, in our experience, they’re the same as IPv4 based attacks. • Typically, attack scope is smaller, due to much smaller number of IPv6 hosts on the internet • Not true for all attacks
  • 24. IPv6 Attacks in the Wild • DNS cache-busted query attacks. • Not only a IPv6 attack, but interesting because of how it came in over IPv6. • Botnet bots, query through their normal configured recursors, using random strings which aren’t cachable
  • 25. IPv6 Attacks in the Wild Queries look like this: ebepexklyfaxmloh.www.popvote.hk ktylstudkr.www.popvote.hk ohunarajmbkrej.www.popvote.hk wwtdheilzcv.www.popvote.hk zktvvotoyrewaku.www.popvote.hk ……. khyhavsnijslyb.www.popvote.hk gchjpexychflvfv.api-token.popvote.hk ruqnpvp.api-token.popvote.hk fapzefvgowzonss.api-token.popvote.hk mcvhothfketpgre.api-token.popvote.hk
  • 26. IPv6 Attacks in the Wild • We see about equal break down between normal DNS traffic and Attack DNS traffic with IPv4 and IPv6 • Often in ISP networks, first thing IPv6 enabled on is their own infrastructure, eg: DNS Servers • When infrastructure is dual stacked, the abuse will follow! IPv6 IPv4 $ host tom.ns.cloudflare.com tom.ns.cloudflare.com has address 173.245.59.147 tom.ns.cloudflare.com has IPv6 address 2400:cb00:2049:1::adf5:3b93
  • 27. IPv6 Attacks in the Wild • These attacks are very effective • Attacks growing past 100M PPS (packets per second) • With the prior ratio of IPv6 traffic • That’s ~20M PPS of IPv6 traffic
  • 28. IPv6 Attacks in the Wild • About the same amount of IPv6 PPS going across AMS-IX Internet exchange!
  • 29. IPv6 Attacks in the Wild • IPv6 SYN Floods (and other flooding based attacks) • Botnet send commands/attacks to direct traffic towards a hostname, eg: example.com $ host example.com example.com has address 93.184.216.119 example.com has IPv6 address 2606:2800:220:6d:26bf: 1447:1097:aa7
  • 30. IPv6 Attacks in the Wild • Botnet master may not be intentional to send traffic towards IPv6 hosts • But bots inside the botnet see the AAAA and send traffic that way • IPv6 preferred selection.
  • 31. IPv6 Attacks in the Wild Aged tools without IPv6 support: NetFlow (v5): Interface (SNMP) Graph: ?
  • 32. IPv6 Attacks in the Wild Is all of this interesting?
  • 33. IPv6 Attacks in the Wild • Show’s IPv6 adoption is growing, not just in users networks, but other parts of the internet. • Expands scope of where IPv6 attacks can come in • Helps change the IPv4 only mindset
  • 36. Moving Forward • We’re making sure IPv6 is enabled for everyone • Previously, we had IPv6 as an option, now its default on and enabled for all our customers
  • 38. Moving Forward • This is just the tip of the iceberg • Nothing over IPv6 has been that unique yet • Most attacks are still directed at an IP (IPv4) Address • Most sophisticated are still IPv4 only • Who knows what is coming next?
  • 39. Moving Forward • Unless we can see what’s happening now • We can’t know what to expect going forward • Except that if you’re not prepared with the same principles in IPv4 security, IPv6 will byte you. • Once you’ve reached equality in IPv4 and IPv6, the issues of IPv4 v. IPv6 in attacks is moot.