Upload
tanya-denisyuk
View
51
Download
0
Embed Size (px)
Citation preview
qrator.net 2016
Akamai: CDN vs DDoSMaut-num: AS20940as-name: AKAMAI-ASN1org: ORG-AT1-RIPEmnt-by: AKAM1-RIPE-MNTmnt-routes: AKAM1-RIPE-MNT
qrator.net 2016
Akamai: CDN vs DDoSMaut-num: AS20940as-name: AKAMAI-ASN1org: ORG-AT1-RIPEmnt-by: AKAM1-RIPE-MNTmnt-routes: AKAM1-RIPE-MNT
ASNumber: 32787ASName: PROLEXIC-
TECHNOLOGIES-DDOS-MITIGATION-NETWORK
Ref: https://whois.arin.net/rest/asn/AS32787
qrator.net 2016
Akamai: CDN vs DDoSMaut-num: AS20940as-name: AKAMAI-ASN1org: ORG-AT1-RIPEmnt-by: AKAM1-RIPE-MNTmnt-routes: AKAM1-RIPE-MNT
ASNumber: 32787ASName: PROLEXIC-
TECHNOLOGIES-DDOS-MITIGATION-NETWORK
Ref: https://whois.arin.net/rest/asn/AS32787
https://www.peeringdb.com/asn/20940
qrator.net 2016
Akamai: CDN vs DDoSMaut-num: AS20940as-name: AKAMAI-ASN1org: ORG-AT1-RIPEmnt-by: AKAM1-RIPE-MNTmnt-routes: AKAM1-RIPE-MNT
ASNumber: 32787ASName: PROLEXIC-
TECHNOLOGIES-DDOS-MITIGATION-NETWORK
Ref: https://whois.arin.net/rest/asn/AS32787
https://www.peeringdb.com/asn/20940
qrator.net 2016
Akamai: CDN vs DDoSM
https://www.peeringdb.com/asn/20940
https://www.peeringdb.com/asn/32787
qrator.net 2016
Akamai: CDN vs DDoSM
https://www.peeringdb.com/asn/20940
https://www.peeringdb.com/asn/32787
qrator.net 2016
Akamai: CDN vs DDoSM
https://www.peeringdb.com/asn/20940
https://www.peeringdb.com/asn/32787
qrator.net 2016
Akamai: CDN vs DDoSMhttps://radar.qrator.net/as20940/
https://radar.qrator.net/as32787/
qrator.net 2016
Akamai: CDN vs DDoSMhttps://radar.qrator.net/as20940/
https://radar.qrator.net/as32787/
qrator.net 2016
• NTP• DNS• SNMP• SSDP• ICMP
24
• NetBIOS• RIPv1• PORTMAP• CHARGEN• QOTD
Vulnerable protocols
qrator.net 2016
• NTP• DNS• SNMP• SSDP• ICMP
25
• NetBIOS• RIPv1• PORTMAP• CHARGEN• QOTD
Amplification can be identified by source port
Vulnerable protocols
qrator.net 2016
Wordpress PingbackGET /whateverUser-Agent: WordPress/3.9.2;http://example.com/;verifying pingbackfrom 192.0.2.150
• 150 000 – 170 000vulnerable serversat once• SSL/TLS-enabled
qrator.net 2016
Wordpress PingbackGET /whateverUser-Agent: WordPress/3.9.2;http://example.com/;verifying pingbackfrom 192.0.2.150
• 150 000 – 170 000vulnerable serversat once• SSL/TLS-enabled
Amplification can be identified by source port?
qrator.net 2016
Wordpress PingbackGET /whateverUser-Agent: WordPress/3.9.2;http://example.com/;verifying pingbackfrom 192.0.2.150
• 150 000 – 170 000vulnerable serversat once• SSL/TLS-enabled
Amplification can be identified by source port?
qrator.net 2016
Wordpress Pingback• Millions of vulnerable servers
Joomla?
Drupal?Sharepoint?
Mediawiki?
qrator.net 2016
Wordpress Pingback• Millions of vulnerable servers
Joomla?
TinyCMS?
Drupal?ModX? Sharepoint?
Mediawiki?
qrator.net 2016
Wordpress Pingback• Millions of vulnerable servers
Joomla?
TinyCMS?
Drupal?ModX? Sharepoint?
Mediawiki?
qrator.net 2016
Internet of Things
• Webcams, routers, smartphones, coffee makers• Cheap hardware and software
qrator.net 2016
Internet of Things
• Webcams, routers, smartphones, coffee makers• Cheap hardware and software• (Little to) NO software updates
qrator.net 2016
Internet of Things
• Webcams, routers, smartphones, coffee makers• Cheap hardware and software• (Little to) NO software updates, including security fixes
qrator.net 2016
Internet of Things
• Webcams, routers, smartphones, coffee makers• Cheap hardware and software• (Little to) NO software updates,
•Default logins/passwordsincluding security fixes
qrator.net 2016
Internet of Things
• Webcams, routers, smartphones, coffee makers• Cheap hardware and software• (Little to) NO software updates,
•Default logins/passwords•Full Internet access
including security fixes
qrator.net 2016
Internet of Things
• Webcams, routers, smartphones, coffee makers• Cheap hardware and software• (Little to) NO software updates,
•Default logins/passwords•Full Internet access
including security fixes
qrator.net 2016
Internet of Things
• Network scanners are now powerful enoughto discover vulnerable IoT (good job, Flow Spec)
qrator.net 2016
Internet of Things
• Network scanners are now powerful enoughto discover vulnerable IoT (good job, Flow Spec)
=>
qrator.net 2016
Internet of Things
• Network scanners are now powerful enoughto discover vulnerable IoT (good job, Flow Spec)
=>
qrator.net 2016
Internet of Things
• Network scanners are now powerful enoughto discover vulnerable IoT (good job, Flow Spec)
=>
qrator.net 2016
Internet of Things
• Network scanners are now powerful enoughto discover vulnerable IoT (good job, Flow Spec)
=>
qrator.net 2016
The Void
• To survive TCP- and HTTPS-based attacks,one needs a session-capable and TLS-capable DPI• To survive large botnets,
one needs a behavioral analysis andcorrelation analysis built into that DPI
qrator.net 2016
The Void
• To survive TCP- and HTTPS-based attacks,one needs a session-capable and TLS-capable DPI• To survive large botnets,
one needs a behavioral analysis andcorrelation analysis built into that DPI
• On the 1 Tbps bandwidth