SlideShare une entreprise Scribd logo

Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com

Rishabh Dangwal
Rishabh Dangwal

A simple presentation on understanding DDOS and DDOS mitigation solutions.

Technologie
1  sur  16
Understanding DDOS Mitigation Rishabh Dangwal About me : Trivia geek, redbull addict & Independent security enthusiastic, currently employed at Tulip Telecom www.theprohack.com
DDOS Mitigation Mitigation : mit·i·ga·tion. /ˌ ɪʃən/ Spelled[mit-i- mɪtɪˌge gey-shuhn] noun. the act of lessening the force or intensity of something • Understanding DDOS • Countermeasures • Mitigation
DOS • Attack that makes a designated service unavailable to the targeted users • Exploits limitations of the system as an inherent universal vulnerability • Limitations : CPU, Memory,Bandwidth
DDOS • Distributed DOS • A coordinated effort • Botnets are in fashion • Firewalls & IPS are NOT enough • NO 100% solution present , so you can ONLY slow it down
DDOS Continued .. • Protocol Attacks – exploit protocol vulnerabilities/limitations • Bandwidth Attacks – overflow and consume resources , mostly flood attacks • Software Attacks – exploit network software architecture
Typical Countermeasures • SYN Proxy • Limiting Number of Connections • Aggressive Aging • Source Rate Limiting • Dynamic Filtering • Active Verification • Anomaly Recognition • Granular Rate limiting • Whitelisting/Blacklisting • Dark Address Prevention
How DDOS Mitigation solutions work ? • Monitor • Identify • Mitigate
Monitor • Devices are generally added to monitoring sensors/servers/software via SNMP polling/BGP peering • Traffic thresholds are set • Devices..are monitored • Incase of trouble, alerts are generated
Identify • Traffic is identified and profiled according to set parameters, configurations and algorithms • Once identified , identify type of attack • Protocol misuse – DNS / ICMP /TCP Null / TCP RST Flood, IP fragment • Bandwidth misuse
Typical Parameters • Advanced Boolean Match / AS Path Reg exp – by using Regular expressing matching in traffic or on AS Path field of BGP • CIDR – traffic identification using by network prefixes and CIDR blocks • BGP Communities – traffic identification using BGP Communities. • Physical Interfaces – traffic identification by monitoring router’s physical interface through which the traffic is passing. • Peer ASNs & Local ASN/Sub AS – traffic identification by using peer AS numbers field of BGP or by using Local or Sub AS Numbers for the network.
Mitigate • Traffic diversion • Categorize and “scrubbing” the traffic • Bringing the clean traffic to the cloud
Traffic diversion • Generate prefix IP address • BGP route injection to predefined router • Divert traffic
Categorize and scrub traffic • Custom Settings • Traffic Filtering & Malformed DNS packets filtering • DNS Authentication • HTTP request limiting / object limiting • Malformed HTTP & SIP packets filtering • TCP Connection Reset & TCP SYN Authentication • Zombie Removal • Baseline Network Policy Enforcement • Packet shaping • Filter/Allow based on payload • Signature based detection & Mitigation
Tada .. • Once done, Clean traffic is sent to rightful customers • Attack patterns are jotted down for future reference & threat categorization • More smiles, less caffeine
Questions ?
Thank You :] feedback appreciated at admin@theprohack.com

Recommandé

Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Hacking L2 Switches
Hacking L2 SwitchesHacking L2 Switches
Hacking L2 SwitchesNavaneetha Sankar
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Router and Routing Protocol Attacks
Router and Routing Protocol AttacksRouter and Routing Protocol Attacks
Router and Routing Protocol AttacksConferencias FIST
 
Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security TestingConferencias FIST
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 

Recommandé

Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Hacking L2 Switches
Hacking L2 SwitchesHacking L2 Switches
Hacking L2 SwitchesNavaneetha Sankar
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Router and Routing Protocol Attacks
Router and Routing Protocol AttacksRouter and Routing Protocol Attacks
Router and Routing Protocol AttacksConferencias FIST
 
Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security TestingConferencias FIST
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 
Lec21 22
Lec21 22Lec21 22
Lec21 22namish_maheshwari
 
CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5jemtallon
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7jemtallon
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Ciscoguestd05b31
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
pps Matters
pps Matterspps Matters
pps MattersBangladesh Network Operators Group
 
Rdma 1
Rdma 1Rdma 1
Rdma 1Anna Kim
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallVishal Kumar
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startupFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
BGP persistence
BGP persistenceBGP persistence
BGP persistenceBertrand Duvivier
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX networkAlexandre De Oliveira
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPROIDEA
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlanteknetir
 
Gateway and firewall
Gateway and firewallGateway and firewall
Gateway and firewallvinayh.vaghamshi _
 
Topic22
Topic22Topic22
Topic22Anne Starr
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21jemtallon
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)Chandan Jha
 
SS7 & SIGTRAN
SS7 & SIGTRANSS7 & SIGTRAN
SS7 & SIGTRANStephanie Galloway-Williams
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 

Contenu connexe

Tendances

CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5jemtallon
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7jemtallon
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallVishal Kumar
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPROIDEA
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlanteknetir
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21jemtallon
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)Chandan Jha
 

Tendances (20)

Lec21 22
Lec21 22Lec21 22
Lec21 22
 
CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
 
pps Matters
pps Matterspps Matters
pps Matters
 
Rdma 1
Rdma 1Rdma 1
Rdma 1
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startup
 
BGP persistence
BGP persistenceBGP persistence
BGP persistence
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX network
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlan
 
Gateway and firewall
Gateway and firewallGateway and firewall
Gateway and firewall
 
Topic22
Topic22Topic22
Topic22
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)
 
SS7 & SIGTRAN
SS7 & SIGTRANSS7 & SIGTRAN
SS7 & SIGTRAN
 

Similaire à Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com

PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
DDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkDDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkHaltdos
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewMarketingArrowECS_CZ
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPROIDEA
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptxOzkan E
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationWilson Rogerio Lopes
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
DDoS Protection - Detect & Mitigate DDoS Attacks
DDoS Protection - Detect & Mitigate DDoS AttacksDDoS Protection - Detect & Mitigate DDoS Attacks
DDoS Protection - Detect & Mitigate DDoS AttacksNikitaJain90132
 

Similaire à Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com (20)

PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
Addios!
Addios!Addios!
Addios!
 
DDoS - unstoppable menace
DDoS - unstoppable menaceDDoS - unstoppable menace
DDoS - unstoppable menace
 
DDoS - unstoppable menace
DDoS - unstoppable menaceDDoS - unstoppable menace
DDoS - unstoppable menace
 
DDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkDDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT Network
 
ids.ppt
ids.pptids.ppt
ids.ppt
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
 
DDoS attacks
DDoS attacksDDoS attacks
DDoS attacks
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptx
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
DDoS Protection - Detect & Mitigate DDoS Attacks
DDoS Protection - Detect & Mitigate DDoS AttacksDDoS Protection - Detect & Mitigate DDoS Attacks
DDoS Protection - Detect & Mitigate DDoS Attacks
 

Plus de Rishabh Dangwal

Cliffnotes on Blue Teaming
Cliffnotes on Blue TeamingCliffnotes on Blue Teaming
Cliffnotes on Blue TeamingRishabh Dangwal
 
An introduction to SwiftNET
An introduction to SwiftNETAn introduction to SwiftNET
An introduction to SwiftNETRishabh Dangwal
 
Network nags - when security fails
Network nags - when security failsNetwork nags - when security fails
Network nags - when security failsRishabh Dangwal
 
Introduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesIntroduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesRishabh Dangwal
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalRishabh Dangwal
 
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh DangwalA guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh DangwalRishabh Dangwal
 

Plus de Rishabh Dangwal (7)

Cliffnotes on Blue Teaming
Cliffnotes on Blue TeamingCliffnotes on Blue Teaming
Cliffnotes on Blue Teaming
 
An introduction to SwiftNET
An introduction to SwiftNETAn introduction to SwiftNET
An introduction to SwiftNET
 
Network nags - when security fails
Network nags - when security failsNetwork nags - when security fails
Network nags - when security fails
 
Introduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesIntroduction to Wan Acceleration Devices
Introduction to Wan Acceleration Devices
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh Dangwal
 
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh DangwalA guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
 

Dernier

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Dernier (20)

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com

  • 1. Understanding DDOS Mitigation Rishabh Dangwal About me : Trivia geek, redbull addict & Independent security enthusiastic, currently employed at Tulip Telecom www.theprohack.com
  • 2. DDOS Mitigation Mitigation : mit·i·ga·tion. /ˌ ɪʃən/ Spelled[mit-i- mɪtɪˌge gey-shuhn] noun. the act of lessening the force or intensity of something • Understanding DDOS • Countermeasures • Mitigation
  • 3. DOS • Attack that makes a designated service unavailable to the targeted users • Exploits limitations of the system as an inherent universal vulnerability • Limitations : CPU, Memory,Bandwidth
  • 4. DDOS • Distributed DOS • A coordinated effort • Botnets are in fashion • Firewalls & IPS are NOT enough • NO 100% solution present , so you can ONLY slow it down
  • 5. DDOS Continued .. • Protocol Attacks – exploit protocol vulnerabilities/limitations • Bandwidth Attacks – overflow and consume resources , mostly flood attacks • Software Attacks – exploit network software architecture
  • 6. Typical Countermeasures • SYN Proxy • Limiting Number of Connections • Aggressive Aging • Source Rate Limiting • Dynamic Filtering • Active Verification • Anomaly Recognition • Granular Rate limiting • Whitelisting/Blacklisting • Dark Address Prevention
  • 7. How DDOS Mitigation solutions work ? • Monitor • Identify • Mitigate
  • 8. Monitor • Devices are generally added to monitoring sensors/servers/software via SNMP polling/BGP peering • Traffic thresholds are set • Devices..are monitored • Incase of trouble, alerts are generated
  • 9. Identify • Traffic is identified and profiled according to set parameters, configurations and algorithms • Once identified , identify type of attack • Protocol misuse – DNS / ICMP /TCP Null / TCP RST Flood, IP fragment • Bandwidth misuse
  • 10. Typical Parameters • Advanced Boolean Match / AS Path Reg exp – by using Regular expressing matching in traffic or on AS Path field of BGP • CIDR – traffic identification using by network prefixes and CIDR blocks • BGP Communities – traffic identification using BGP Communities. • Physical Interfaces – traffic identification by monitoring router’s physical interface through which the traffic is passing. • Peer ASNs & Local ASN/Sub AS – traffic identification by using peer AS numbers field of BGP or by using Local or Sub AS Numbers for the network.
  • 11. Mitigate • Traffic diversion • Categorize and “scrubbing” the traffic • Bringing the clean traffic to the cloud
  • 12. Traffic diversion • Generate prefix IP address • BGP route injection to predefined router • Divert traffic
  • 13. Categorize and scrub traffic • Custom Settings • Traffic Filtering & Malformed DNS packets filtering • DNS Authentication • HTTP request limiting / object limiting • Malformed HTTP & SIP packets filtering • TCP Connection Reset & TCP SYN Authentication • Zombie Removal • Baseline Network Policy Enforcement • Packet shaping • Filter/Allow based on payload • Signature based detection & Mitigation
  • 14. Tada .. • Once done, Clean traffic is sent to rightful customers • Attack patterns are jotted down for future reference & threat categorization • More smiles, less caffeine
  • 16. Thank You :] feedback appreciated at admin@theprohack.com