5/18/2015 Samarpita Hurkute DDoS Defense By Offense 1 DDoS Defense by Offense Michael Walfish,Mythili Vutukuru,Hari Balakrishnan,David Karger,Scott Shenker

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 2 What is this paper about “Speak-up” a defense mechanism against application level DDoS. “Speak-up” a defense mechanism against application level DDoS. It’s a defense mechanism against legitimate looking requests that consume computational resources. It’s a defense mechanism against legitimate looking requests that consume computational resources. The server encourages clients to send higher volumes of traffic wherein the inflated traffic volume from good clients crowd out the bad ones. The server encourages clients to send higher volumes of traffic wherein the inflated traffic volume from good clients crowd out the bad ones.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 3 Introduction Application level DDoS – It is a noxious attack where in an “open clientele” environment the attacker forces the victim server to spend much of its resources on spurious requests. Application level DDoS – It is a noxious attack where in an “open clientele” environment the attacker forces the victim server to spend much of its resources on spurious requests. Carried over an ICMP link its effect is two-fold – First the servers resources are often depleted by “proper-looking”requests.Second the traffic is in-band so is harder to identify. Carried over an ICMP link its effect is two-fold – First the servers resources are often depleted by “proper-looking”requests.Second the traffic is in-band so is harder to identify.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 4 Introduction Examples of such attack – Using bots to attack web sites by : requesting large files,making queries of search engines and issuing computationally expensive requests. Examples of such attack – Using bots to attack web sites by : requesting large files,making queries of search engines and issuing computationally expensive requests. Approach to counter this attack is encourage all clients to speak … Approach to counter this attack is encourage all clients to speak …

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 5 Defenses used Detect and Block : Distinguish between good clients and bad clients.eg. Profiling IP address,rate limiting alone,CAPATCHA based defenses. Detect and Block : Distinguish between good clients and bad clients.eg. Profiling IP address,rate limiting alone,CAPATCHA based defenses. Charge clients some currency – An attacked server gives a client a services only after it pays some currency in form of CPU cycles and money. Charge clients some currency – An attacked server gives a client a services only after it pays some currency in form of CPU cycles and money.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 6 Mechanism Used In a speakup the “thinner” protects the server from overload and performs encouragements. In a speakup the “thinner” protects the server from overload and performs encouragements. When the server is overloaded the thinner causes each new client to automatically send a congestion controlled stream of dummy bytes on a separate payment channel. When the server is overloaded the thinner causes each new client to automatically send a congestion controlled stream of dummy bytes on a separate payment channel. When the server is ready to process requests the thinner selects a client that has sent the most bytes. When the server is ready to process requests the thinner selects a client that has sent the most bytes.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 7 Attacked Server with “speakup” and without “speakup”

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 8 Applicability of Speakup How much aggregate bandwidth does the legitimate client need for speakup to be effective ? How much aggregate bandwidth does the legitimate client need for speakup to be effective ? Could small Web sites eben when defended by speakup be harmed ? Could small Web sites eben when defended by speakup be harmed ? As bandwidth is a communal resource doesn't the encouragement to send more traffic damage the network ? As bandwidth is a communal resource doesn't the encouragement to send more traffic damage the network ?

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 9 Threat Model The attacker can send difficult requests intentionally. The attacker can send difficult requests intentionally. An attacker can repeatedly request service from a site while having different IP addresses. An attacker can repeatedly request service from a site while having different IP addresses.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 10 Conditions necessary for “Speakup” to be successful Adequate link bandwidth : enough bandwidth to handle incoming stream of requests.ISP’s which have significant bandwidth offering speakup as a service. Adequate link bandwidth : enough bandwidth to handle incoming stream of requests.ISP’s which have significant bandwidth offering speakup as a service. Adequate client bandwidth – the good clients must have totally the same number of magnitude bandwidth as the bad clients. Adequate client bandwidth – the good clients must have totally the same number of magnitude bandwidth as the bad clients. No pre defined clientele to avoid filtering to permit traffic from only known clients. No pre defined clientele to avoid filtering to permit traffic from only known clients. Non – human clientele – If clientele is exclusively human one may be able to use proof of humanity tests. Non – human clientele – If clientele is exclusively human one may be able to use proof of humanity tests. Unequal requests – Currency based approach can charge clients for harder requests Unequal requests – Currency based approach can charge clients for harder requests

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 11 Design of Speak Up Design Goal : If the good clients make g requests per second and have an aggregate bandwidth of G requests per second to the server and if the bad clients have aggregate bandwidth of B requests per second then the server should process good requests at a rate of min(g,(G/G+B)c) requests per second where c is the servers capacity to process requests. Design Goal : If the good clients make g requests per second and have an aggregate bandwidth of G requests per second to the server and if the bad clients have aggregate bandwidth of B requests per second then the server should process good requests at a rate of min(g,(G/G+B)c) requests per second where c is the servers capacity to process requests.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 12 Required mechanism Limit the requests to a server to c per second. Limit the requests to a server to c per second. Perform encouragement : cause a client to send more traffic Perform encouragement : cause a client to send more traffic Speak up needs a proportional allocation mechanism to admit client at rates proportional to their delivered bandwidth. Speak up needs a proportional allocation mechanism to admit client at rates proportional to their delivered bandwidth.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 13 Random drops and Aggressive tries The thinner implements proportional allocation by dropping requests at random to reduce the rate to c. The thinner implements proportional allocation by dropping requests at random to reduce the rate to c. For each request it drops it immediately asks the client to retry.This causes the good clients to retry at higher rates. For each request it drops it immediately asks the client to retry.This causes the good clients to retry at higher rates.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 14 Explicit payment channel The thinner asks clients to pad their requests with dummy bytes. The thinner asks clients to pad their requests with dummy bytes. The thinner asks the requesting client to send their requests over a separate payment channel. The thinner asks the requesting client to send their requests over a separate payment channel. When the server notifies the thinner it is ready to fire a new request it admits the client which has sent the most no. of padded dummy bytes. When the server notifies the thinner it is ready to fire a new request it admits the client which has sent the most no. of padded dummy bytes. However the drawback is good clients might have to pay a higher price for their requests. However the drawback is good clients might have to pay a higher price for their requests.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 15 Implementation A prototype thinner is implemented in C++. A prototype thinner is implemented in C++. It runs on Linux 2.6 exporting a well know URL. It runs on Linux 2.6 exporting a well know URL. When a web client requests this URL then thinner decides, if and when to send this request to the server. When a web client requests this URL then thinner decides, if and when to send this request to the server. When the server responds to that request the thinner returns HTML to the client with that response. When the server responds to that request the thinner returns HTML to the client with that response.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 16 Implementation If the server is busy the thinner returns the javaScript to the client.the client issues 2 responses : 1 is the actual request to the server and 2 is HHTP POST which holds the dummy bytes. If the server is busy the thinner returns the javaScript to the client.the client issues 2 responses : 1 is the actual request to the server and 2 is HHTP POST which holds the dummy bytes. The thinners delays responding the first HTTP because the server is busy and the second HTTP is the payment channel. The thinners delays responding the first HTTP because the server is busy and the second HTTP is the payment channel.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 17 Implementation If by sending dummy bytes the client wins, the thinner terminates the 2 nd request and passes on the clients 1 st request to the server. If by sending dummy bytes the client wins, the thinner terminates the 2 nd request and passes on the clients 1 st request to the server. If on the other had if the client has not yet received any service the thinner returns the Javascript which causes the browser to send another large POST and the process goes on. If on the other had if the client has not yet received any service the thinner returns the Javascript which causes the browser to send another large POST and the process goes on.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 18

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 19

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 20

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 21

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 22

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 23

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 24

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 25

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 26 Objections to Speak Up Bandwidth envy : Since speakup allocates servers resources in proportion to the clients bandwidth, “high bandwidth good clients” are better off. Bandwidth envy : Since speakup allocates servers resources in proportion to the clients bandwidth, “high bandwidth good clients” are better off. Variable bandwidth costs : For clients with access to “speakup” defended servers would cost more than usual. Variable bandwidth costs : For clients with access to “speakup” defended servers would cost more than usual. Incentives for ISP’s : Does “speakup” give ISP’s an incentive to encourage botnets as a way to increase the bandwidth demanded by good clients. Incentives for ISP’s : Does “speakup” give ISP’s an incentive to encourage botnets as a way to increase the bandwidth demanded by good clients. Solving the wrong problem – If the problem is bots shouldn’t it be addresses than encouraging more traffic Solving the wrong problem – If the problem is bots shouldn’t it be addresses than encouraging more traffic Flash crowds – Speakup treats an overload of good clients alone just like an application level DDoS attack. Flash crowds – Speakup treats an overload of good clients alone just like an application level DDoS attack.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 27 Conclusions This study has sought an answer to two high level questions : This study has sought an answer to two high level questions : 1. Which conditions call for speakup’s peculiar brand of protection ? 2. Does speakup admit a practical design ? The missed question is “Who needs speakup?