http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html fighting the ddos menace!
TRANSCRIPT
![Page 1: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/1.jpg)
http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html
Fighting the DDoS Menace!
![Page 2: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/2.jpg)
● Protx (Online payments processing firm) :October 31st
● WeaKnees.com, RapidSatellite.com (e-commerce)October 6th
● WorldPay (section of Royal Bank of Scotland) :October 4th
● Authorize.net (US credit card processing firm) :September 23rd
Recent High Profile DDoS Attacks
![Page 3: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/3.jpg)
Fighting the Good Fight
● Aggregate-based congestion control (ACC)– identify a pattern of packets
– apply a rate-limiter to the pattern(s)
● Local ACC versus Global ACC– allow a router to request adjacent upstream routers to
rate-limit traffic corresponding to a specific aggregate.
![Page 4: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/4.jpg)
An Illustrated Example
“Controlling High Bandwidth Aggregates in the Network” (Mahajan et al, 2001)
![Page 5: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/5.jpg)
ACC Works???
![Page 6: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/6.jpg)
The Scalable SimulationFramework(http://www.ssfnet.org)
● focus on scalabilitymodel scalability: # of nodes, traffic flows,bandwidth, system heterogeneity
● contains a DDoS scenario● much faster learning curve than NS tools (no tcl/tk)
![Page 7: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/7.jpg)
What's the catch?
● Well, it turns out the DDoS scenario models a TCP SYN flooding denial of service attack.
● This DDoS attacks the TCP/IP stack of the target servers. It is not bandwidth limited! So congestion control is not the appropriate response.
● Quickly, we must model a bandwidth-limited DDoS attack....
![Page 8: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/8.jpg)
NetworkTopology
![Page 9: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/9.jpg)
Client Topology
![Page 10: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/10.jpg)
Server Topology
![Page 11: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/11.jpg)
DDoSTopology
![Page 12: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/12.jpg)
But What Does It Do?
● 164 iterations, no DDoS enabled:– mean 202.71 connections, std. dev. 13.79
● 68 iterations, DDoS enabled:– mean 194.29 connections, std. dev. 15.47
● 59 iterations, DDoS enabled & local ACC:– mean 196.98 connections, std. dev. 14.33
![Page 13: Http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html Fighting the DDoS Menace!](https://reader036.vdocuments.mx/reader036/viewer/2022082518/56649f2c5503460f94c4758e/html5/thumbnails/13.jpg)
TODO LIST
● Improve the effectiveness of the DDoS attack
● Use identical random number seeds across all three trial. This will show strict ordering of,
DDoS < DDoS + local ACC ≤ no DDoS