270 likes | 278 Views
This paper discusses the concept of "Speak-Up" as a defense mechanism against application-level DDoS attacks. By encouraging all clients to send higher volumes of traffic, the server can differentiate between good and bad clients, effectively defending against malicious requests that deplete computational resources. Various defense strategies such as client profiling, rate limiting, and charging clients for services are explored in detail. The paper also delves into the design and implementation of the "Speak-Up" mechanism, highlighting the need for adequate bandwidth and proportional allocation mechanisms to ensure its success.
E N D
DDoS Defense by Offense Michael Walfish,Mythili Vutukuru,Hari Balakrishnan,David Karger,Scott Shenker Samarpita Hurkute DDoS Defense By Offense
What is this paper about • “Speak-up” a defense mechanism against application level DDoS. • It’s a defense mechanism against legitimate looking requests that consume computational resources. • The server encourages clients to send higher volumes of traffic wherein the inflated traffic volume from good clients crowd out the bad ones. Samarpita Hurkute DDoS Defense By Offense
Introduction • Application level DDoS – It is a noxious attack where in an “open clientele” environment the attacker forces the victim server to spend much of its resources on spurious requests. • Carried over an ICMP link its effect is two-fold – First the servers resources are often depleted by “proper-looking”requests.Second the traffic is in-band so is harder to identify. Samarpita Hurkute DDoS Defense By Offense
Introduction • Examples of such attack – Using bots to attack web sites by : requesting large files,making queries of search engines and issuing computationally expensive requests. • Approach to counter this attack is encourage all clients to speak … Samarpita Hurkute DDoS Defense By Offense
Defenses used • Detect and Block : Distinguish between good clients and bad clients.eg. Profiling IP address ,rate limiting alone,CAPATCHA based defenses. • Charge clients some currency – An attacked server gives a client a services only after it pays some currency in form of CPU cycles and money. Samarpita Hurkute DDoS Defense By Offense
Mechanism Used • In a speakup the “thinner” protects the server from overload and performs encouragements. • When the server is overloaded the thinner causes each new client to automatically send a congestion controlled stream of dummy bytes on a separate payment channel. • When the server is ready to process requests the thinner selects a client that has sent the most bytes. Samarpita Hurkute DDoS Defense By Offense
Attacked Server with “speakup” and without “speakup” Samarpita Hurkute DDoS Defense By Offense
Applicability of Speakup • How much aggregate bandwidth does the legitimate client need for speakup to be effective ? • Could small Web sites eben when defended by speakup be harmed ? • As bandwidth is a communal resource doesn't the encouragement to send more traffic damage the network ? Samarpita Hurkute DDoS Defense By Offense
Threat Model • The attacker can send difficult requests intentionally. • An attacker can repeatedly request service from a site while having different IP addresses. Samarpita Hurkute DDoS Defense By Offense
Conditions necessary for “Speakup” to be successful • Adequate link bandwidth : enough bandwidth to handle incoming stream of requests.ISP’s which have significant bandwidth offering speakup as a service. • Adequate client bandwidth – the good clients must have totally the same number of magnitude bandwidth as the bad clients. • No pre defined clientele to avoid filtering to permit traffic from only known clients. • Non – human clientele – If clientele is exclusively human one may be able to use proof of humanity tests. • Unequal requests – Currency based approach can charge clients for harder requests Samarpita Hurkute DDoS Defense By Offense
Design of Speak Up • Design Goal : If the good clients make g requests per second and have an aggregate bandwidth of G requests per second to the server and if the bad clients have aggregate bandwidth of B requests per second then the server should process good requests at a rate of min(g,(G/G+B)c) requests per second where c is the servers capacity to process requests. Samarpita Hurkute DDoS Defense By Offense
Required mechanism • Limit the requests to a server to c per second. • Perform encouragement : cause a client to send more traffic • Speak up needs a proportional allocation mechanism to admit client at rates proportional to their delivered bandwidth. Samarpita Hurkute DDoS Defense By Offense
Random drops and Aggressive tries • The thinner implements proportional allocation by dropping requests at random to reduce the rate to c. • For each request it drops it immediately asks the client to retry.This causes the good clients to retry at higher rates. Samarpita Hurkute DDoS Defense By Offense
Explicit payment channel • The thinner asks clients to pad their requests with dummy bytes. • The thinner asks the requesting client to send their requests over a separate payment channel. • When the server notifies the thinner it is ready to fire a new request it admits the client which has sent the most no. of padded dummy bytes. • However the drawback is good clients might have to pay a higher price for their requests. Samarpita Hurkute DDoS Defense By Offense
Implementation • A prototype thinner is implemented in C++. • It runs on Linux 2.6 exporting a well know URL. • When a web client requests this URL then thinner decides , if and when to send this request to the server. • When the server responds to that request the thinner returns HTML to the client with that response. Samarpita Hurkute DDoS Defense By Offense
Implementation • If the server is busy the thinner returns the javaScript to the client.the client issues 2 responses : 1 is the actual request to the server and 2 is HHTP POST which holds the dummy bytes. • The thinners delays responding the first HTTP because the server is busy and the second HTTP is the payment channel. Samarpita Hurkute DDoS Defense By Offense
Implementation • If by sending dummy bytes the client wins, the thinner terminates the 2nd request and passes on the clients 1st request to the server. • If on the other had if the client has not yet received any service the thinner returns the Javascript which causes the browser to send another large POST and the process goes on. Samarpita Hurkute DDoS Defense By Offense
Objections to Speak Up • Bandwidth envy : Since speakup allocates servers resources in proportion to the clients bandwidth , “high bandwidth good clients” are better off . • Variable bandwidth costs : For clients with access to “speakup” defended servers would cost more than usual. • Incentives for ISP’s : Does “speakup” give ISP’s an incentive to encourage botnets as a way to increase the bandwidth demanded by good clients. • Solving the wrong problem – If the problem is bots shouldn’t it be addresses than encouraging more traffic • Flash crowds – Speakup treats an overload of good clients alone just like an application level DDoS attack. Samarpita Hurkute DDoS Defense By Offense
Conclusions • This study has sought an answer to two high level questions : • Which conditions call for speakup’s peculiar brand of protection ? • Does speakup admit a practical design ? The missed question is “Who needs speakup? Samarpita Hurkute DDoS Defense By Offense