110 likes | 298 Views
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack. Introduction . DDoS attacks – Disturbance to the global internet. How do DDoS attacks occur? Congestion could be caused by flash crowds too. Non malicious
E N D
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack
Introduction • DDoS attacks – Disturbance to the global internet. • How do DDoS attacks occur? • Congestion could be caused by flash crowds too. • Non malicious • www.Olympics.com during 2000 Sydney Olympics. • Victim can do nothing to protect itself. • Can anything be done inside the network to defend?
What is Pushback? • Pushback - Defense against DDoS. • A mechanism that allows a router to request adjacent upstream routers to limit the rate of traffic. • Concept - Aggregate congestion control (ACC). • Aggregate - Subset of traffic with identifiable property. • Congestion Signature - Set of properties of the aggregate identified as causing problems.
DDoS attack in progress R1 R2 R3 R4 R5 R6 R7 R8 Red - Bad traffic Green - Good traffic D
Partial view of a router Input Queues Match congestion Signature ? Output Queues N D Y Rate Limiter P Update Congestion signature Adjust Local ACC D Pushbackd pushback
Dropped Packet Report • Is sent by the rate-limiter to the Pushback daemon. Magic Number IP Destination address Input interface Output interface Timestamp Packet size Reason
How does the Pushback daemon identify an attack and the victim? • Algorithm • Step1:If(wi > 1.2 * wo)then attack is in progress. • Step2: Dropped packets are grouped according to the longest matching prefix in the routing table. • Step3: The prefix with the highest number of dropped packets is the set to be used in step4. • Step4: The set in step3 is scanned to find the host to which most of the packets are destined to. • Step5:If(wi –wb > 1.2 *wo)then repeat steps 2 to 5.
Pushback Request • The Pushback daemon uses a pushback request to tell the upstream links about the prefix to rate-limit. • Pushback request is as shown below. Congestion Signature Bandwidth Limit Expiration time RLS-ID Depth of Requesting Node
Pushback Response • Sends responses downstream. • The response is very similar to request as shown here. Congestion Signature Bandwidth Used Time in effect RLS-ID Depth of Requesting Node
Conclusion • Conclusion • Successfully implemented in the lab under FreeBSD operating system. • Deployment becomes complex as it requires lot of resources. • Any Questions?