6

Click here to load reader

DDoS attacks and defense mechanisms

Embed Size (px)

Citation preview

Page 1: DDoS attacks and defense mechanisms

DDOS ATTACKS AND DEFENSE MECHANISMS

Page 2: DDoS attacks and defense mechanisms

In a Denial of Service (DoS) attack, an adversary prevents internet users from getting access to some service or information. DoS attacks

began in Internet Relay Chat (IRC) channels. Back then, attackers used them to knock users off an IRC channel. DoS tools have evolved a

great deal in the past few years, and evolved into distributed denial of service attacks (DDoS) by using multiple agents, from multiple locations.

The attack mechanisms have pretty much stayed the same, which usually fall into one of the following two categories:

1. vulnerability attacks

2. flooding attacks

In this blog post we will take a look at DoS and DDoS attacks and Instart Logic’s defense mechanisms against them.

VULNERABILITY ATTACKS

In vulnerability attacks, adversaries take advantage of a vulnerability in the software to crash it and deny service to legitimate users.

Vulnerability attacks have been common for quite a while. For example, in the 90s attackers exploited vulnerabilities in Windows’ TCP/IP stack

by crafting and sending packets that would make the system run out of memory. Their goal in launching these attacks was simply to knock IRC

users off the channel by crashing their systems.

Even though software gets continually patched and updated, new vulnerabilities are discovered every day. However, the difficulty of finding

vulnerabilities and crafting the packets to launch the attack have made flooding attacks a more popular alternative.

Page 3: DDoS attacks and defense mechanisms

FLOODING ATTACKS

The idea behind a flooding attack is quite simple : attackers send many requests to a target service, which attempts to track each of the

requests as a transaction. As the flood of packets keeps coming in, the targeted resources get depleted and can no longer respond to legitimate

traffic. Flooding attacks are divided into two categories:

• volumetric or Layer 3/4 attacks that target the network infrastructure

• application layer or Layer 7 attacks that target the web server

Flooding attacks have been the most successful and prevalent type of attacks in past few years. The distributed nature of the attacks, along

with the sheer quantity of agent machines, make it impossible for any defense mechanism to discern a specific attacker. Employing IP Spoofing

techniques makes flood traffic look as if it's coming from various different sources and makes it very hard to block.

VOLUMETRIC ATTACKS

These attacks sometimes target bandwidth, and other times target routers, load balancers and firewalls. They get measured as bits per second

or packets per second. Some specific volumetric attacks are:

• DNS reflection attack – the attacker sends DNS requests to third-party DNS servers, while spoofing the source IP address and pretending

that the requests came from the victim. The requests that the victim sends usually involve amplification – meaning the requests will result in

a much larger response. An example is a DNS ANY request, which ask the DNS server for all information that it currently knows about the

domain – where the mail servers are (MX records), what the IP addresses are (A records), and so on. This maximizes the size of the

response sent to the victim. When the DNS servers send their disproportionately large response to the spoofed source, it results in a huge

amount of traffic flooding the victim.

Page 4: DDoS attacks and defense mechanisms

• SYN flood attack – the attacker sends a flood of SYN packets to the victim’s server while spoofing the source IP address, pretending to be

sent from someone else. The victim’s server sends back the SYN-ACK message to the sender and never receives an ACK message. The

half-open connections created on the server eventually cause the server to run out of resources, making it unable to respond to any

requests, including legitimate requests.

• Smurf attack – the attacker uses specially-crafted packets with the victim’s IP as the source IP and sets the destination to the broadcast

address of a large network. All of the responses from all of the hosts on that network get sent back to the victim, overwhelming their network

and servers.

APPLICATION LAYER DDOS ATTACKS

Application layer attacks happen with the goal of disrupting transactions or accessing a database by sending a lot of seemingly legitimate

requests on Layer 7. The attack traffic looks very similar to legitimate traffic and it makes it extremely difficult to mitigate these attacks.

APPSHIELD FROM INSTART LOGIC

AppShield Security Suite offers defense mechanisms against all kinds of DDoS attacks.

Leveraging Anycast technology, our global network of datacenters can mitigate against large volumetric attacks. The global network inherently

defuses large DDoS attacks that are commonly seen, especially during holiday shopping seasons. During the 2015 Black Friday shopping

season we successfully mitigated a 110Gbps attack without any problems. We have also partnered with Verisign, one of the world’s largest

scrubbing centers, which can scale on demand to provide customers with an extra level of protection.

https://www.verisign.com/en_US/security-services/ddos-protection/cloud-based-security/index.xhtml
Page 5: DDoS attacks and defense mechanisms

AppShield helps customers mitigate Layer 7 attacks both through our partnership with Verisign and also using a variety of defense mechanisms

such as:

• Web Application Firewall rules enable customers to block attack traffic and protects against server-side vulnerabilities

• Managed Security Service provides customers with security operations center that monitors their web application 24/7 and identifies and

blocks all security threats

• IP/User Agent/Geo location blocking and throttling enables customers to block or throttle traffic from any IP addresses, User Agents or

geographical locations they have identified as malicious

• IP Reputation Feed allows our customers to use IP Reputation data to block/throttle traffic from low-reputation sources

• Bot or Not identifies traffic originating from non-legitimate clients and blocks or throttles it. Bot or Not is powered by our

Nanovisor technology which gives us intelligence about the browser, device and application behavior.

Page 6: DDoS attacks and defense mechanisms

Interested in learning more?

Preview our image optimization capabilities in the Playground

Contact Sales

Instart Logic is the world’s first endpoint-aware application

delivery solution that makes websites and applications fast,

secure, and easy to operate.

https://www.instartlogic.com/playground/smartvision?&utm_source=content&utm_medium=blog&utm_campaign=jan_2016
http://go.instartlogic.com/Schedule-a-Demo-Online.html?&utm_source=content&utm_medium=blog&utm_campaign=jan_2016
http://go.instartlogic.com/contact-sales.html?&utm_source=content&utm_medium=blog&utm_campaign=jan_2016

IoT DDoS Attacks Show The Stakes Have Changedindex-of.es/.../IOT-DDos-attacks-show-the-stakes-have-changed.pdf · IoT DDoS ATTAckS Show The STAkeS hAve chAngeD Internet-of-Thing (IoT)

IoT DDoS Attacks Show The Stakes Have Changedindex-of.es/.../IOT-DDos-attacks-show-the-stakes-have-changed.pdf · IoT DDoS ATTAckS Show The STAkeS hAve chAngeD Internet-of-Thing (IoT)

Documents
Defending Against DDoS Attacks

Defending Against DDoS Attacks

Documents
DDoS Attacks : Preparation Detection Mitigation

DDoS Attacks : Preparation Detection Mitigation

Internet
Lecture 7 DDOS Attacks

Lecture 7 DDOS Attacks

Documents
The Anatomy of DDoS Attacks

The Anatomy of DDoS Attacks

Technology
Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks

Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks

Documents
DDoS Attacks

DDoS Attacks

Technology
Measuring Resilience to DDoS attacks

Measuring Resilience to DDoS attacks

Documents
NEAR REAL TIME DNS REPORTING MITIGATES DDOS ATTACKS...N ˜TI DNS PTING ITIGATS DDS TTACKS 2 DDOS ATTACKS ARE GROWING Distributed Denial-of-Service (DDoS) attacks are powerful forces

NEAR REAL TIME DNS REPORTING MITIGATES DDOS ATTACKS...N ˜TI DNS PTING ITIGATS DDS TTACKS 2 DDOS ATTACKS ARE GROWING Distributed Denial-of-Service (DDoS) attacks are powerful forces

Documents
Ddos Attacks

Ddos Attacks

Documents
DDoS Attacks 101 - Vistnet DDoS Protection & Mitigation ...€¦ · DDoS Protection Company V DDoS Attacks 101 eserved. 7 In the meantime the quality of DDoS attack software is improving;

DDoS Attacks 101 - Vistnet DDoS Protection & Mitigation ...€¦ · DDoS Protection Company V DDoS Attacks 101 eserved. 7 In the meantime the quality of DDoS attack software is improving;

Documents
DDoS - cStorTHE ULTIMATE GUIDE TO EVERYTHING YOU NEED TOKNOW ABOUT DDoS ATTACKS SHARE THE DDoS HANDBOOK ... distributed denial of service (DDoS) and other DoS attacks have ... By the

DDoS - cStorTHE ULTIMATE GUIDE TO EVERYTHING YOU NEED TOKNOW ABOUT DDoS ATTACKS SHARE THE DDoS HANDBOOK ... distributed denial of service (DDoS) and other DoS attacks have ... By the

Documents
DDoS attacks and defense mechanisms: classification and state-of

DDoS attacks and defense mechanisms: classification and state-of

Documents
Are you safe from DDoS attacks?closing down your business applications. DDoS diversion attacks - can be Volumetric, Exhaustion or Application DDoS attacks which are used to divert

Are you safe from DDoS attacks?closing down your business applications. DDoS diversion attacks - can be Volumetric, Exhaustion or Application DDoS attacks which are used to divert

Documents
DDoS Protection Place For DDoS Attacks

DDoS Protection Place For DDoS Attacks

Internet
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks · PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center . Overview: What is a “DDoS” DDoS

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks · PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center . Overview: What is a “DDoS” DDoS

Documents
An Overview and Classification of DDoS Attacks A Taxonomy of DDoS Attack and DDoS Defense Mechanisms Authors- Jelena Mirkovic, University of Delaware Peter

An Overview and Classification of DDoS Attacks A Taxonomy of DDoS Attack and DDoS Defense Mechanisms Authors- Jelena Mirkovic, University of Delaware Peter

Documents
LARGEST DDOS CYBER ATTACK EVER RECORDED...DDoS attacks and describes how, in 2013, 30% of DDoS attacks cost their victims at least USD100,000 per hour. Three weeks of mass DDoS attacks

LARGEST DDOS CYBER ATTACK EVER RECORDED...DDoS attacks and describes how, in 2013, 30% of DDoS attacks cost their victims at least USD100,000 per hour. Three weeks of mass DDoS attacks

Documents
DDoS Attacks & Mitigation

DDoS Attacks & Mitigation

Documents
Imperva Incapsula WAF and DDoS Protection Campaign€¦ · DDoS Protection For SecureSphere Distributed Denial of Service (DDoS) attacks are more devastating than ever; DDoS attacks

Imperva Incapsula WAF and DDoS Protection Campaign€¦ · DDoS Protection For SecureSphere Distributed Denial of Service (DDoS) attacks are more devastating than ever; DDoS attacks

Documents
DDoS attacks: Understanding the Threat

DDoS attacks: Understanding the Threat

Technology
Packet Flooding DDoS Attacks

Packet Flooding DDoS Attacks

Documents
SENSS Against Volumetric DDoS Attacks

SENSS Against Volumetric DDoS Attacks

Documents
DDoS Protection Protecting Against The DDoS Attacks Since 2007

DDoS Protection Protecting Against The DDoS Attacks Since 2007

Internet
Defending Against Spoofed DDoS Attacks

Defending Against Spoofed DDoS Attacks

Documents
Attack Spotlight: Multi-vector DDoS Attacks

Attack Spotlight: Multi-vector DDoS Attacks

Technology
A Taxonomy of DDoS Attack and DDoS Defense Mechanisms

A Taxonomy of DDoS Attack and DDoS Defense Mechanisms

Documents
IoT Botnets and DDoS Attacks

IoT Botnets and DDoS Attacks

Technology
DDoS Attacks and Countermeasures

DDoS Attacks and Countermeasures

Technology
DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Documents