ddos defense by offense offense presented by: anup goyal aojan su
TRANSCRIPT
DDOS Defense by Offense
OFFENSE
Presented by:Anup Goyal
Aojan Su
Objections
Several objections identified By Authors itself Bandwidth Envy Flash Crowds Variable bandwidth cost
Is It Practical in real Internet ??
Clients’ upload capacity
Clients with limited upload capacity (dialup users) can not “speak-up”
They can’t increase their chance to obtain service. In worse case, they can suffer when everyone else speaks up.
Can’t detect malicious client
Even good clients need to flood the server to get service.
It could be much more difficult to detect attackers.
Access Link Congestion
If the access link of thinner is congested, legitimate clients would back off due to congestion control.
Attackers could ignore congestion control and send at higher capacity.
Edge Network Flooding
Good client’s flooding traffic effect edge networks by increased traffic volumes. potentially harming other flows.
Problem for good guys No good way to accommodate
clientèle (good and bad) coming from the same location.
Good Client always loose while sharing a Bottleneck link.
Impact on Other Traffic
THIS IS BAD !!!!
Problems Unaddressed/overlooked
Effect of low-rate attack not addressed Bad client also has spare bandwidth.
Assumptions hold because of nature of current network characteristics How to detect when these assumptions break? Switch off speak-up (automatically?) under these con
ditions. Effect of various traffic patterns? (i.e. heavy-tail distri
bution)
My Question
Are speak-up’s assumptions reasonable? “The thinner is never congested”?
Impact on network good traffic amplifier? How much bandwidth will be wasted for du
mmy bytes?
Primary Focus on HTTP Focus primarily on Web traffic
and its properties (e.g. HTTP).
Does not mention its usefulness for any other situation or protocol.
Market Survey Missing The researchers have not done a
market survey, thus all their findings are theoretical.
Economic issue consideration is missing.
Extra hardware There is extra hardware (the Thinner) that has to sit in front of any server we want to protect by Speak-Up.
Expensive
Single Point of Failure