1 / 20

External BGP (D)DoS Diversion

Learn about (D)DoS attacks, detection methods, diversion levels, anti-DoS mechanisms, and benefits of external BGP diversion in this informative presentation by Ruben Valke & Wouter Borremans.

nhannah
Download Presentation

External BGP (D)DoS Diversion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. External BGP (D)DoS Diversion Ruben Valke Wouter Borremans External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  2. Presentation Content • Why was this project initiated? • What is a (D)DoS Attack? • How to detect (D)DoS attacks? • (D)DoS diversion levels • Anti (D)DoS mechanisms • What is external BGP (D)DoS diversion? • Test environment • Tests performed • Future work • Conclusion External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  3. Why was this project initiated • Fill the increasing need for (D)DoS protection • Prevention of financial damage • Reduce the impact of (D)DoS attacks within the Internet core External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  4. What is a (D)DoS attack? • (Distributed) Denial of Service attack • Can use vulnerabilities in TCP/IP stack • Compromised hosts send traffic to a specific destination • Result: • Backbone is filled up with useless traffic • Host becomes unreachable External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  5. What is a (D)DoS attack? • Non distributed attack External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  6. What is a (D)DoS attack? • Distributed attack External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  7. How to detect (D)DoS attacks? • Detection by traffic patterns • Detection by sudden traffic increase • Problem: • How to trace back the origin of the (D)DoS attack? External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  8. (D)DoS diversion levels • Early diversion • Near diversion • Late diversion External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  9. (D)DoS diversion levels External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  10. Anti (D)DoS mechanisms • Rate limiting • Oversizing • Firewalling (TCP/UDP blocking) • Isolation • External BGP Diversion External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  11. What is external BGP diversion? • Announcing a more specific network (/32) • Leading traffic away from a targeted host or network • Implemented as an AS, representing the anti (D)DoS diversion External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  12. Why external BGP (D)DoS Diversion? • Effective routing decisions to prevent traffic flows end up in an ISP network • Can be implemented at all layers of the Internet core (Early, Near, Middle) • Fast convergence to other routers External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  13. Test environment External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  14. Tests performed • Diversion (Demo) • Adjusting next-hop • Drop community • Null routing External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  15. Normal Traffic flow DoS attack initiated DDoS diversion (normal) Adjusting next-hop drop community External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  16. Test environment • 3 x Foundry BigIron 4000 router • 1 x Foundry BigIron 8000 switch • 1 x Server debian linux / zebra router • 2 x laptops for ddos generation • 2 x laptops as target hosts • 1 x laptop as reference machine • 1 x pc as blackhole External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  17. Test environment External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  18. Future work • Phyiscal implementation • Traffic learning and measuring • Writing a RFC External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  19. Conclusion • Very effective way • Can be implemented fast • Unfortunately not a 100% solution • Futher research would be nice External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

  20. External BGP (D)DoS diversion - Ruben Valke & Wouter Borremans

More Related