DDOS Defense by Offense OFFENSE Presented by: Anup Goyal Aojan Su.

Slides:



Advertisements
Similar presentations
Performance Testing - Kanwalpreet Singh.
Advertisements

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.
DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker Presented by: Boris Kurktchiev and Kimberly.
5/18/2015 Samarpita Hurkute DDoS Defense By Offense 1 DDoS Defense by Offense Michael Walfish,Mythili Vutukuru,Hari Balakrishnan,David Karger,Scott Shenker.
DDoS: Defense by Offense 1 DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker, SIGCOMM ‘06 Presented.
1 DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, Scott Shenker, SIGCOMM ‘06 Presented by Lianmu Chen DDoS:
Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker Presented by Sunjun Kim, Donyoung Koo 1DDoS Defense by Offense.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Introduction to Security Computer Networks Computer Networks Term B10.
Michael Walfish, Mythili Vutukuru, Hari Balakrishanan, David Karger, Scott Shankar DDos Defense by Offense.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
DDoS Defense by Offense Presented by: Matthew C.H. Ma Damon Chan.
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Feedback Based Routing Offense by: Ted Merchant and Kevin Tan.
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
Network Traffic Measurement and Modeling CSCI 780, Fall 2005.
1 Action Breakout Session Anil, AP, Nina Bhatti, Charles Berdnall, Joe Hellerstein, Wei Hu, Anthony Joseph, Randy Katz, Li, Machi Mukund Kimmo Raatikanen,
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
DDoS: Defense by Offense 1 DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker, SIGCOMM ‘06 Presented.
1 Client-Server versus P2P  Client-server Computing  Purpose, definition, characteristics  Relationship to the GRID  Research issues  P2P Computing.
Tradeoffs in CDN Designs for Throughput Oriented Traffic Minlan Yu University of Southern California 1 Joint work with Wenjie Jiang, Haoyuan Li, and Ion.
Lecture 15 Denial of Service Attacks
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
The Structure of Networks with emphasis on information and social networks T-214-SINE Summer 2011 Chapter 8 Ýmir Vigfússon.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Internet Service Provisioning Phase - I August 29, 2003 TSPT Web:
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.
Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.
Micheal Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker Presented by Corey White.
Web Application Firewall (WAF) RSA ® Conference 2013.
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
--Harish Reddy Vemula Distributed Denial of Service.
CS 3830 Day 5 Introduction 1-1. Announcements  Program 1 due today at 3pm  Program 2 posted by tonight (due next Friday at 3pm)  Quiz 1 at the end.
Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.
Bandwidth Distributed Denial of Service: Attacks and Defenses.
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Tiered Incentives for Integrity Based Queuing Fariba Khan, Carl A. Gunter University of Illinois at Urbana-Champaign.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
 Cachet Technologies 1998 Cachet Technologies Technology Overview February 1998.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
DoS/DDoS attack and defense
Queuing Delay 1. Access Delay Some protocols require a sender to “gain access” to the channel –The channel is shared and some time is used trying to determine.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
Introduction1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit switching,
Performance Limitations of ADSL Users: A Case Study Matti Siekkinen, University of Oslo Denis Collange, France Télécom R&D Guillaume Urvoy-Keller, Ernst.
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
DDoS Defense by Offense1 Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., (MIT) and Shenker, S. (UC Berkeley), SIGCOMM ’06 Presented by Ivanka.
Overview on Web Caching COSC 513 Class Presentation Instructor: Prof. M. Anvari Student name: Wei Wei ID:
1 Internet Traffic Measurement and Modeling Carey Williamson Department of Computer Science University of Calgary.
1 Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Architecture Technology Corporation Odyssey Research Associates DARPA OASIS PI.
Distributed Denial of Service Yi Zhang April 26, 2016.
Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.
Denial-of-Service Attacks
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Computer Data Communications
Red Team Exercise Part 3 Week 4
Presentation transcript:

DDOS Defense by Offense OFFENSE Presented by: Anup Goyal Aojan Su

Objections  Several objections identified By Authors itself Bandwidth Envy Flash Crowds Variable bandwidth cost  Is It Practical in real Internet ??

Clients ’ upload capacity  Clients with limited upload capacity (dialup users) can not “ speak-up ”  They can ’ t increase their chance to obtain service. In worse case, they can suffer when everyone else speaks up.

Can ’ t detect malicious client  Even good clients need to flood the server to get service.  It could be much more difficult to detect attackers.

Access Link Congestion  If the access link of thinner is congested, legitimate clients would back off due to congestion control.  Attackers could ignore congestion control and send at higher capacity.

Edge Network Flooding  Good client ’ s flooding traffic effect edge networks by increased traffic volumes. potentially harming other flows.

Problem for good guys  No good way to accommodate client è le (good and bad) coming from the same location.  Good Client always loose while sharing a Bottleneck link.

Impact on Other Traffic THIS IS BAD !!!!

Problems Unaddressed/overlooked  Effect of low-rate attack not addressed Bad client also has spare bandwidth.  Assumptions hold because of nature of current network characteristics How to detect when these assumptions break? Switch off speak-up (automatically?) under these conditions. Effect of various traffic patterns? (i.e. heavy-tail distribution)

My Question  Are speak-up ’ s assumptions reasonable? “ The thinner is never congested ” ?  Impact on network good traffic amplifier? How much bandwidth will be wasted for dummy bytes?

Primary Focus on HTTP  Focus primarily on Web traffic and its properties (e.g. HTTP).  Does not mention its usefulness for any other situation or protocol.

Market Survey Missing  The researchers have not done a market survey, thus all their findings are theoretical.  Economic issue consideration is missing.

Extra hardware  There is extra hardware (the Thinner) that has to sit in front of any server we want to protect by Speak-Up.  Expensive  Single Point of Failure

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.