1 / 36

Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds

Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds. Srikanth Kandula, Dina Katabi, Matthias Jacob, and Arthur Berger Awarded Best Student Paper! (NSDI-2005) Defense by Manan Sanghi. Flash Crowd. DDOS. Botz-4-Sale. request. Botz-4-Sale. Reverse Turing test. Botz-4-Sale.

nodin
Download Presentation

Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds Srikanth Kandula, Dina Katabi, Matthias Jacob, and Arthur Berger Awarded Best Student Paper! (NSDI-2005) Defense by Manan Sanghi

  2. Flash Crowd

  3. DDOS

  4. Botz-4-Sale request

  5. Botz-4-Sale Reverse Turing test

  6. Botz-4-Sale Solution

  7. Botz-4-Sale Welcome! • HTTP cookie • Allows at most 8 simultaneous connections • Valid for 30 minutes

  8. Botz-4-Sale request

  9. Botz-4-Sale Reverse Turing test

  10. Botz-4-Sale request

  11. Botz-4-Sale System is Busy, either solve puzzle or try later

  12. Botz-4-Sale request

  13. Botz-4-Sale Reverse Turing test

  14. Botz-4-Sale request

  15. Botz-4-Sale System is Busy, either solve puzzle or try later

  16. Botz-4-Sale Request Request Request …

  17. Botz-4-Sale

  18. Kill-Bots Overview Graphical Puzzles served during Stage 1

  19. Time out (5 minutes) unauthenticated users Example Normal Load 40% K1=70% K2=50%

  20. Two stages in Suspected Attack Mode • Stage 1: CAPTCHA based Authentication • No state maintenance before authentication • HTTP cookie • Cryptographic support • Stage 2: Authenticating users who do not answer CAPTCHA • No more reverse Turing tests • Bloom filters to filter out over-zealous zombies

  21. Resource Allocation and Admission Control • Tradeoff • Authenticate new clients • Serve already authenticated clients

  22. Adaptive Admission Control • Cute Queuing Theory type analysis

  23. Security Analysis • Socially-engineered Attacks • Copy Attacks • Including IP address in one-way hash does not deal well with proxies and mobile users • Replay Attacks • Time information in the cookie hash • DoS attacks on the authentication mechanism • No connection state for unauthenticated clients • In-kernel HTTP header processing • HTTP headers not parsed • Pattern match arguments to GET and Cookie fields • Cost : less than 8 s

  24. System Architecture

  25. System Architecture

  26. Evaluation – Experimental Setup

  27. Evaluation

  28. Evaluation - Microbenchmarks

  29. Evaluation- CyberSlam attacks

  30. Evaluation- CyberSlam attacks

  31. Evaluation – Flash Crowds

  32. Evaluation – Flash Crowds

  33. On Admission Control • Authentication is not sufficient • Good performance requires admission control

  34. Threat Model • Bandwidth floods, DNS entries, routing entries not considered • Attacker cannot sniff legitimate users’ packets • Attacker cannot access server’s local network • Zombies are not as smart as humans • Attacker does not have a large number of humans aiding his evil plans

More Related