DoS Threat Landscape Sean Newman Director Product Management Q3 2016 © 2016 Corero www.corero.com.

Slides:



Advertisements
Similar presentations
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Advertisements

Ethical Hacking: New Web 2.0 Attacks and Defenses HI-TEC 2011.
Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.
© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.
Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
(Geneva, Switzerland, September 2014)
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
Defense Against DDoS Presented by Zhanxiang for [Crab] Apr. 15, 2004.
Lecture 15 Denial of Service Attacks
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
ISSA Nashville Chapter, May 17 th 2013 Alexander Karstens Senior Systems Engineer IXIA Communications Preparing your organization for DDoS.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
2012 Infrastructure Security Report Darren Anstee, Arbor Solutions Architect 8 th Annual Edition.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Welcome Today Our Topics are: DNS (The Potential Problem for Complete Anonymity) Transparent DNS Proxy (The Problem & The Solution) How To.
© 2010 Akamai Headlines You May Have Seen. © 2010 Akamai Headlines You DID NOT See POWERING A BETTER INTERNET President Delays Trip Due to Cyber Attacks.
Corero Network Security First Line of Defense Introduction © 2014 Corero
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security.
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.
SECURITY WG Paul Howell, Eric Boyd Internet2 © 2015 Internet2.
Cyber Warfare Case Study: Estonia
--Harish Reddy Vemula Distributed Denial of Service.
Cyber Attacks Response of the Criminal Law Margus Kurm State Prosecutor Office of the Prosecutor General of Estonia.
DDoS
DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.
Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Bandwidth Distributed Denial of Service: Attacks and Defenses.
Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy, Tom Anderson Affiliates Day, 2007.
Drew Reinders | GSEC Principal Solutions Engineer Defending Your Castle.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
Internet Security Trends LACNOG 2011 Julio Arruda LATAM Engineering Manager.
Hurdles in implementation of cyber security in India.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.
Text DDoS By: Billy J Stroud. Definition A DDoS is when an attacker sends multiple requests to the servers providing a specific service. It is aimed at.
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
TLP:Green FIRST/TF-CSIRT Technical Colloquium January 25 th – 27 th, 2016 Prague, CZ TLP:Green.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Inferring Internet Denial-of-Service Activity Authors: David Moore, Geoffrey M. Voelker and Stefan Savage; University of California, San Diego Publish:
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Matt Jennings.  What is DDoS?  Recent DDoS attacks  History of DDoS  Prevention Techniques.
Page 2 Biggest DDoS attack in history slows Internet, breaks record at 300 Gbps 'Biggest cyber-attack in history' slows down internet worldwide after.
DDoS Attacks on Financial Institutions Presentation
IoT as an Attack Vector The DDoS Game Changer!
A Real and Rising Concern
Sub-Saturating DDoS Attacks The Silent Bandwidth Thief
The Multi-Terabit DDoS Era - Memcached
IoT Pulse Wave DDoS Attacks
ARP Spoofing.
Terabit Scale Edge DDoS Protection
Large-Scale Edge DDoS Protection
Presentation transcript:

DoS Threat Landscape Sean Newman Director Product Management Q © 2016 Corero

20 Years of DoS Attacks First Hacktivist event: Zapatista National Liberation Army DoS for bragging rights MafiaBoy DDoS: Yahoo!, Amazon, Dell, CNN, Ebay, Etrade Spammers discover botnets Organized crime: Extortion Estonia : Parliament, banks, media, Estonia Reform Party Anon hits Church of Scientology Panix.net hit with first major DDoS 2015 Coordinated US bank attacks: Grew to 200 Gbps, and continues today ProtonMail attack Spamhaus attack: Reported to reach 310 Gbps 500 Gbps attack in Hong Kong France swarmed after terror attack PlayStation & Xbox hit at Christmas

DoS is part of the new-normal © 2014 Corero 3 Thousands of attacks every day: Many Motives Political / Beliefs Ransom / Extortion Targeted Attack Smokescreens Anyone can launch an attack: Free tools and how to videos DDoS for hire sites Increasingly Sophisticated Harder to Detect and Mitigate

Attacks are Non-Saturating and Short Duration 4 © 2016 Corero

Sophisticated Multi-Vector Attacks 5 © 2016 Corero  Advanced DoS attacks crafted to avoid detection  Enough volume to cripple target destination  Short duration to avoid legacy DDoS scrubbing-center mitigation Ongoing Multi-vector, sub-saturating attacks Volume ramped to 68Gb when initial attack fails

Latest Reflection Attack Vector 6 © 2016 Corero  New DDoS Reflection vector leveraging TFTP Small request packet, with spoofed source IP, requesting file TFTP Server sends larger response to spoofed target Amplification factor of around 60x, similar to DNS  Many TFTP Servers accessible from the public Internet TFTP is Unauthenticated  Attacks already seen in the wild…

Key Take-Aways  DDoS Attacks are Growing  Attack Sophistication is Increasing  Long duration - High Volume attacks are the minority  Traditional DDoS Scrubbing Centres are being Circumvented Organisations believe DDoS protection is not their problem; expectation is that the service provider is already dealing with it! 7

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.