Session 3 Response Measure

Slides:



Advertisements
Similar presentations
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Advertisements

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
ISP Security - Real World Techniques
06-Sep-2006Copyright (C) 2006 Internet Initiative Japan Inc.1 Prevent DoS using IP source address spoofing MATSUZAKI ‘maz’ Yoshinobu.
2006 Double Shot Security, Inc. All rights reserved 1 Operational Security Current Practices APNIC22 - Kaohsiung, Taiwan Merike Kaeo
MULTOPS A data-structure for bandwidth attack detection Thomer M. Gil Vrije Universiteit, Amsterdam, Netherlands MIT, Cambridge, MA, USA
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Public Cisco DoS Detecting and Mitigating DoS Attack in a Network Cisco Systems.
Security - Systems Design Considerations. Layer 2 Design L2 Control protocols q, STP and ARP 802.1q for Ethernet switches to exchange VLAN info.
1 Controlling High Bandwidth Aggregates in the Network.
IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.
On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.
2/16/051 ICMP Traceback Packet Authentication Eunjong Kim Colorado State University
Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.
Modeling/Detecting the Spread of Active Worms Lixin Gao Dept. Of Electrical & Computer Engineering Univ. of Massachusetts
Putting the Tools to Work – DDOS Attack 111. DDOS = SLA Violation! ISPCPETarget Hacker What do you tell the Boss? SP’s Operations Teams have found that.
Netflow Overview PacNOG 6 Nadi, Fiji. Agenda Netflow –What it is and how it works –Uses and Applications Vendor Configurations/ Implementation –Cisco.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.
– Chapter 4 – Secure Routing
NetfFow Overview SANOG 17 Colombo, Sri Lanka. Agenda Netflow –What it is and how it works –Uses and Applications Vendor Configurations/ Implementation.
Tracking and Tracing Cyber-Attacks
Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.
1 /160 © NOKIA 2001 MobileIPv6_Workshop2001.PPT / / Tutorial Mobile IPv6 Kan Zhigang Nokia Research Center Beijing, P.R.China
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 8 TCP/IP Suite Error and Control Messages.
Alberto Rivai Teknologi pemantauan jaringan internet untuk pendeteksian dini terhadap ancaman dan gangguan Alberto Rivai
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.
DoS/DoS Detection and Mitigation Mujahid Khan
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
Remote Trigger Black Hole 111. Remotely Triggered Black Hole Filtering We use BGP to trigger a network wide response to a range of attack flows. A simple.
Distributed Denial of Service Attacks
Engineering Workshops Purposes of Neighbor Solicitation.
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
ISACA – Charlotte Chapter June 3, 2014 Mark Krawczyk, CISA, CISSP, CCNA.
By Rod Lykins.  Brief DDoS Introduction  Packet Marking Overview  Other DDoS Defense Mechanisms.
Enhance Security of IP Network using New Architecture of Address Validation Xiaodong Duan China Mobile.
Security Management Process 1. six-stage security operations model 2 In large networks, the potential for attacks exists at multiple points. It is suggested.
IPv6 Flow. IPv6 Flow Options Netflow v9 (aka cflow/jflow) Sflow IPFix.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 8 TCP/IP Suite Error and Control Messages.
Network Management CCNA 4 Chapter 7. Monitoring the Network Connection monitoring takes place every day when users log on Ping only shows that the connection.
Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.
DoS/DDoS attack and defense
Filtering Spoofed Packets Network Ingress Filtering (BCP 38) What are spoofed or forged packets? Why are they bad? How to keep them out.
1 Virtual Dark IP for Internet Threat Detection Akihiro Shimoda & Shigeki Goto Waseda University
High Performance Research Network Dept. / Supercomputing Center 1 DDoS Detection and Response System NetWRAP : Running on KREONET Yoonjoo Kwon
Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.
DDoS Mitigation Using BGP Flowspec
Inferring Internet Denial-of-Service Activity Authors: David Moore, Geoffrey M. Voelker and Stefan Savage; University of California, San Diego Publish:
IPv6 ACLs. Type of IPv6 ACLs Comparing IPv4 and IPv6 ACLs Although IPv4 and IPv6 ACLs are very similar, there are three significant differences between.
Presentation on ip spoofing BY
Distributed Denial of Service Attacks
COMPUTER NETWORKS CS610 Lecture-33 Hammad Khalid Khan.
Defending Against DDoS
Filtering Spoofed Packets
Chapter 2: Static Routing
Stateless Source Address Mapping for ICMPv6 Packets
Who should be responsible for risks to basic Internet infrastructure?
Chapter 2: Static Routing
Defending Against DDoS
Chapter 3: Dynamic Routing
– Chapter 4 – Secure Routing
IP Traceback Problem: How do we determine where malicious packet came from ? It’s a problem because attacker can spoof source IP address If we know where.
Distributed Denial of Service Attacks
IIT Indore © Neminath Hubballi
Detect and Prevent Rogue Traffic in Mobile Ad Hoc Networks
DDoS Attack and Its Defense
Distributed Denial of Service Attacks
Outline The spoofing problem Approaches to handle spoofing
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

Session 3 Response Measure Traceback React 应对各种威胁的具体措施

Traceback Attacks to the Source

Traceback Essentials

Traceback Valid IPv4 Source Addresses

Traceback Valid IPv4 Source Addresses

Traceback Spoofed IPv4 Addresses

Traceback via Hop by Hop Technique

Traceback via Hop by Hop Technique

Traceback via the Jump to Ingress Technique

Traceback via the Jump to Ingress Technique

Traceback Spoofed IPv4 Addresses

Traceback with ACLs

Traceback with ACLs

Traceback with Netflow

Traceback with Netflow

show ip cache flow

Traceback with Netflow

Traceback with Netflow

Traceback with Netflow

Backscatter Traceback Technique

Backscatter Traceback Technique

Backscatter Traceback Technique

Backscatter Traceback Preparation

Backscatter Traceback Preparation

Backscatter Traceback Preparation

Backscatter Traceback Preparation

Backscatter Traceback Preparation

Backscatter Traceback Preparation

Backscatter Traceback Preparation

Backscatter Traceback Activation

Backscatter Traceback Activation

Backscatter Traceback Activation

Backscatter Traceback Activation

Backscatter Traceback Activation

Backscatter Traceback Activation

Traceback with Edge Probes

Traceback Summary

React to the Attack

Reaction Tools

Reacting to an Attack with CAR

Reacting to an Attack with CAR

Reacting to an Attack with CAR

Reacting to an Attack with CAR

Reacting to an Attack with CAR with Remote Trigger

Reacting to an Attack with CAR with Remote Trigger

Reacting to an Attack with CAR with Remote Trigger

Reacting to an Attack with CAR with Remote Trigger

Detect & Affirm

Sink Hole Router

Sink Hole Architecture

Example: slapper worm 2002.9

Sink Hole: Detect worm

Track DoS Attack

IRR: Network Information

IRR : AS

IP Source Tracker

IP Source Tracker

IP Source Tracker: configure

Use Netflow

Show Ip Cache Flow

Show IP cache verbose flow

Use ACL to Track

Use IXP to track

ICMP Unreachable

How to find router drop packet

ICMP back scatter

ICMP back scatter

ICMP back scatter

Track DoS summary

Anti Dos & DDos measure

Remote Triggered Black Hole

Remote Triggered Black Hole

Remote Triggered Black Hole

Remote Triggered Black Hole

Remote Triggered Black Hole

Triggered source address drop packet

Loose uRPF

Source based remote triggered black hole

Source based remote triggered black hole

Date Cleanout

Departure from the victim

Remote triggered rate limit

Summary

What can we do?

Suggestion

Other notion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.