Boaz Elgar Product Manager November, 2002

Slides:



Advertisements
Similar presentations
NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Advertisements

DMZ (De-Militarized Zone)
06-Sep-2006Copyright (C) 2006 Internet Initiative Japan Inc.1 Prevent DoS using IP source address spoofing MATSUZAKI ‘maz’ Yoshinobu.
1 Yehuda Afek, Tel-Aviv University / WANWall Ltd. Anat Bremler-Barr, Alon Golan, Hank Nussbacher, Dan Touitou WANWall Ltd. Diversion & Sieving Techniques.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Distributed Reflection Denial of Service Networking Talks for the Insufficiently Paranoid Based on:
The Latest In Denial Of Service Attacks: “Smurfing” Description and Information to Minimize Effects Craig A. Huegen Cisco Systems, Inc. NANOG 11 Interprovider.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Public Cisco DoS Detecting and Mitigating DoS Attack in a Network Cisco Systems.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Security - Systems Design Considerations. Layer 2 Design L2 Control protocols q, STP and ARP 802.1q for Ethernet switches to exchange VLAN info.
Firewalls and Intrusion Detection Systems
Computer Security and Penetration Testing
111 © 2004 Cisco Systems, Inc. All rights reserved. Infrastructure Security, 3/04 Protection On-Demand: Ensuring Resource Availability Dan Touitou
111 © 2004 Cisco Systems, Inc. All rights reserved. Infrastructure Security, 3/04 Protection On-Demand: Ensuring Resource Availability Dan Touitou
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
Lecture 15 Denial of Service Attacks
Chapter 9 Phase 3: Denial-of-Service Attacks. Fig 9.1 Denial-of-Service attack categories.
Denial of Service attacks. Types of DoS attacks Bandwidth consumption attackers have more bandwidth than victim, e.g T3 (45Mpbs) attacks T1 (1.544 Mbps).
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of.
– Chapter 4 – Secure Routing
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.
Access Control List ACL. Access Control List ACL.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Distributed Denial of Service Attacks
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Firewalls & Network Monitoring Advanced Registry Operations Curriculum.
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Network Security1 Secure Routing Source: Ch. 4 of Malik. Network Security Principles and Practices (CCIE Professional Development). Pearson Education.
Denial of Service Attacks
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
DoS/DDoS attack and defense
Filtering Spoofed Packets Network Ingress Filtering (BCP 38) What are spoofed or forged packets? Why are they bad? How to keep them out.
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. SANS ‘98 Conference -
Matt Jennings.  What is DDoS?  Recent DDoS attacks  History of DDoS  Prevention Techniques.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Exploiting Layer 2 By Balwant Rathore.
DDoS Attacks on Financial Institutions Presentation
Chapter 4: Access Control Lists (ACLs)
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

Boaz Elgar Product Manager November, 2002

Agenda Some known DDoS attacks Types of DDoS attacks Current measures for blocking DDoS Riverhead Solution overview Confidential, © Riverhead Networks, Inc., 2002

Riverhead Profile Solution: Secure internet availability against crippling DDoS cyber-attacks Customers: Large enterprises, new media companies, service providers and government organizations Investors: HQ: Cupertino, California Products: Riverhead Guard and Detector - infrastructure security devices                                                                                                                                                                                Confidential, © Riverhead Networks, Inc., 2002

Overview of DDoS attacks Confidential, © Riverhead Networks, Inc., 2002

DDoS Incidents Around The Globe Global World Economic Forum's, CERT Europe Deutsche Bank, Lufthansa, Firenet, Tiscali, edNET, TheDogmaGroup, DonHost, British telecom, Cloud9 US Amazon, Yahoo, CNN, e-Bay, e-Trade, Microsoft, White House NY Times, NASA, OZ.Net ROW 200 small corporations, 30 educational organizations and 20 government systems (Korea), St George Bank (Australia) Confidential, © Riverhead Networks, Inc., 2002

Distributed Denial of Service An Upstream Issue Zombies on innocent computers Infrastructure-level DDoS attacks Server-level DDoS attacks Bandwidth-level DDoS attacks Confidential, © Riverhead Networks, Inc., 2002

Server-level DDoS attacks DST SRC prtcl CRC Port SYN FIN SSL GET URL CGI www.victim.com…. Application layer attacks 404 File Not Found Flood SSL CGI DNS Bogus requests attack Layer 4 attacks SYN receive Establish FIN_WAIT_1 Confidential, © Riverhead Networks, Inc., 2002

TCP Level DDoS attacks Confidential, © Riverhead Networks, Inc., 2002

Waiting buffer overflows TCP SYN flood SYN RQST server SYN ACK client Spoofed SYN RQST zombie victim Waiting buffer overflows Zombies SYN ACK One of the first CERT DDoS advisories issued – 9/1996 http://www.cert.org/advisories/CA-1996-21.html Confidential, © Riverhead Networks, Inc., 2002

TCP SYN Flood News - February 3,2002 Firenet ISP Suffers DoS Attack Firenet MD Mr Castle also stated: "The list of attacks were Syn Flood attacks, Ip Spoofing the Lan interfaces, and Total Denial of service attacks. We had taken down the servers for 4 nights in a row, from 11oclock till 6.00 am daily and worked all through the night with BT fighting this hacker or hackers, and had stopped the problems on Wednesday night Thursday morning". Confidential, © Riverhead Networks, Inc., 2002

NAPHTA: TCP connections SYN RQST server SYN ACK ACK clients HTTP request FIN Repeatedly establishing a connection and then abandoning it, an attacker can tie up resources. Fill up the TCP connections buffer. Multiple FIN_WAIT_1 state in the servers http://people.internet2.edu/~shalunov/netkill Confidential, © Riverhead Networks, Inc., 2002

Half open Connections Repeatedly establishing a connection syn rqst server synack clients Repeatedly establishing a connection Requesting a unfinished request GE. (GET) Server waits for the end of request Application layer saturation Confidential, © Riverhead Networks, Inc., 2002

HTTP attack tool First came out in January 1999! Click to get latest victim Where to attack www.victim.com www.proxyserver.com Control how fast to attack First came out in January 1999! Confidential, © Riverhead Networks, Inc., 2002

Client attack URL attacks Repeated request Repeated REFRESH Random URL Avoids proxy Works hard Large log file cgi, long forms, heavy search requests http://all.net/journal/netsec/9512.html victim Confidential, © Riverhead Networks, Inc., 2002

Client attack on Lufthansa Computerworld 6/21/01 “Wednesday morning, in a planned attack, demonstrators began accessing Lufthansa's Web site. Although demonstrators claim they knocked the site off-line for about 10 minutes, Lufthansa said the claim was untrue.” “Lufthansa's servers got 67,004 hits per second at one point in the two-hour Web attack” “The attack was planned to protest Lufthansa's contract with the German government to fly people who are denied asylum in Germany out of the country.” Confidential, © Riverhead Networks, Inc., 2002

Client attack on WTO Confidential, © Riverhead Networks, Inc., 2002

DNS attack DNS request DNS recursive requests Spoofing Random requests Reflectors DNS recursive requests Amplifications www.bogus.com www.bla-bla.com www.!@$$.com DNS Server www.*&^.com UDP spoofed traffic Reply to recursive Confidential, © Riverhead Networks, Inc., 2002

Bandwidth-level DDoS attacks ICMP echo, unreachable UDP Flood Reflectors Smurf Flood Bandwidth-level DDoS attacks Confidential, © Riverhead Networks, Inc., 2002

Reflector-1 Reflector-2 Reflector-3 Reflector-4 …. Reflectors Sock proxy zombie Proxy List: Reflector-1 Reflector-2 Reflector-3 Reflector-4 …. … Web server Router DNS server victim Confidential, © Riverhead Networks, Inc., 2002

Reflectors Sock proxy zombie Proxy zombie zombie Web server zombie Router DNS server victim Confidential, © Riverhead Networks, Inc., 2002

Reflectors -> Bandwidth attack Reflectors= returns a packet if one is sent Web servers, DNS servers and routers Returns SYNACK or RST in response to a SYN or other TCP packets with ACK ICMP Time Exceeded or Host Unreachable in response to particular IP packets Amplification if knowing the sequence number (FTP, streaming…) DNS replies http://grc.com/dos/drdos.htm http://www.aciri.org/vern/papers/reflectors.CCR.01.pdf The second form of DNS reflection concerns DNS servers that in turn recursively query other servers to resolve a request. If the victim is a name server for a particular zone, then the attacker can issue a stream of queries to large number of name servers that will in turn cause those name servers to bombard the victim server with recursive queries. The queries needn’t even be spoofed, which would enable the attacker to launch them in the presence of anti-spoof filtering, though this would reveal the slaves’ locations to any monitoring or logging done at the reflectors. But if the queries are spoofed, then the attacker could even use the victim’s address as the purported source, such that when the reflector DNS server supplies a reply of some form, that too goes to the victim, a form of amplification though one that can be filtered out). Confidential, © Riverhead Networks, Inc., 2002

Direct broadcast address Smurf Amplification victim amp.255 ping.rqst src dst 1 Direct broadcast address zombie 500 500 500 500 500 Jan 1998 http://www.cert.org/advisories/CA-1998-01.html amp/255.255.255.0 victim Confidential, © Riverhead Networks, Inc., 2002

Set packet size from 10 to 1300 octets Smurf Tool Set packet size from 10 to 1300 octets Came out in March 1999! Confidential, © Riverhead Networks, Inc., 2002

Smurf attack Internet attack slows Web to a crawl Assault on Oz.net affects entire area Tuesday, January 18, 2000 an ISP serving 7,000 subscribers, is known to have been targeted in the so-called smurf attack in Seattle, the assault affected many, perhaps even most, of the Internet users in the Seattle area, said experts. “… all the corporate or academic networks the smurf attacker used in the assault -- as many as 2,000 nationwide” “The Seattle attack was most likely launched by a single person…” Confidential, © Riverhead Networks, Inc., 2002

Cisco – stopping Smurf no ip directed-broadcast Translation of directed broadcast to physical MAC broadcasts is disabled As of 12.0 this is the default In order to prevent your site from being used as the intermediary network in these attacks, it is only necessary to block the broadcast echo requests before they are converted to hardware level broadcasts. The interface command “no ip directed-broadcast” prevents a router from performing this conversion. It is especially important that this configuration command be implemented on routers that provide routing to large broadcast networks. In addition, if a router is positioned in such that it may forward broadcast requests to other routers on the protected network, the router should be configured to prevent this forwarding from occurring. This is accomplished by specifically blocking ICMP echo request traffic destined for broadcast addresses. For more information concerning how to block these attacks using packet filtering devices, see the document Minimizing the Effects of “Smurfing” Denial of Service Attacks published by Cisco. This document (and several others regarding DoS attacks) may be found at http://www.cisco.com/warp/public/707/advisory.html Confidential, © Riverhead Networks, Inc., 2002

Infrastructure-level DDoS attacks BGP / OSPF / … attacks SYN flood TCP 179, SSH ICMP attack DNS attacks Infrastructure-level DDoS attacks Confidential, © Riverhead Networks, Inc., 2002

Attacks directly on routers Attacks directed at routers can have broader impact than attacks directed at hosts Packets directed at a router may be more CPU (slow path) consuming then packets transiting a router Confidential, © Riverhead Networks, Inc., 2002

October 2002 Massive attack on 13 DNS root servers ICMP floods 150K PPS (primitive attack) Took down 7 root servers (two hours) AS y AS x AS 56 DNS root servers Confidential, © Riverhead Networks, Inc., 2002

October 2002 Massive attack on 13 DNS root servers ICMP floods 150K PPS (primitive attack) Took down 7 root servers (two hours) AS y AS 56 AS x DNS root servers Confidential, © Riverhead Networks, Inc., 2002

Attacks & Attack Tools examples TFN Spoofed SYN Flood non-Spoofed SYN Flood UDP Flood FIN, SYNACK Flood (Spoofed and non-spoofed) Ping Flood Smurf Flood Combined UDP/TCP/ICMP Targa3 Attack Fragmentation Attack IP/UDP (jolt2) IP/ICMP (trash, and fawx) IP/TCP HTTP Connection Flood (Client attack) http errors 404 etc. http half connections DNS attacks BGP attacks on routers Partial list of covered tools: JOLT, WINNUKE, TRINOO, TFN, Targa3, Naphta, Trash… Confidential, © Riverhead Networks, Inc., 2002

How are DDoS handled? Confidential, © Riverhead Networks, Inc., 2002

. . Router Filtering ACLs, CARs 1 R4 R5 peering R2 R3 R1 R R R Server1 Built-in and distributed but… Blocks good with bad Ineffective against random spoofing and application level attacks Potential performance degradation Manually intensive process Router Filtering ACLs, CARs 1 R4 R5 peering R2 R3 1000 1000 R1 100 . R R R FE . Server1 Victim Server2 Confidential, © Riverhead Networks, Inc., 2002

Cisco ACLs - 1 Use ACL to determine which interface is being attacked and characteristics of attack Initial ACL to determine what type of attack access-list 101 permit icmp any any echo access-list 101 permit icmp any any echo-reply log-input access-list 101 permit udp any any access-list 101 permit tcp any any access-list 101 permit ip any any interface serial 1/1 ip access-group 101 out ! Wait 10 seconds no ip access-group 101 out Confidential, © Riverhead Networks, Inc., 2002

Cisco ACLs - 2 sh access-l 101 Extended IP access list 101 permit icmp any any echo (2 matches) permit icmp any any echo-reply (21374 matches) permit udp any any (18 matches) permit tcp any any (123 matches) permit ip any any (5 matches) Indications are that there is some sort of ICMP attack Need to place ACL on each successive router in upstream path Confidential, © Riverhead Networks, Inc., 2002

Cisco ACLs - 3 Next use ‘log-input’ to determine from where – via ‘sho logging’: %SEC-6-IPACCESSLOGDP: list 101 permit icmp 192.168.1.1 (Serial1/1) -> 128.139.19.5 (0/0), 1 packet %SEC-6-IPACCESSLOGDP: list 101 permit icmp 172.17.3.34 (Serial1/1) -> 128.139.11.2 (0/0), 1 packet %SEC-6-IPACCESSLOGDP: list 101 permit icmp 192.168.2.15 (FastEthernet1/0/0) -> 128.139.6.1 (0/0), 1 packet %SEC-6-IPACCESSLOGDP: list 101 permit icmp 192.168.3.4 (Serial1/1) -> 128.139.6.1 (0/0), 1 packet Serial 1/1 is our prime suspect! Link: http://www.cisco.com/warp/public/707/22.html Confidential, © Riverhead Networks, Inc., 2002

Cisco CAR CAR – Committed Access Rate Normal Burst in bytes Max Burst in bytes CAR – Committed Access Rate interface ATM1/1/0.21 point-to-point rate-limit input access-group 180 96000 24000 32000 conform-action continue exceed-action drop rate-limit input access-group 190 128000 30000 30000 conform-action transmit exceed-action drop ! access-list 180 deny icmp 128.139.252.0 0.0.0.255 any access-list 180 permit icmp any any access-list 190 deny tcp any any established access-list 190 permit tcp any any b/w No one really understands “burst” – best to read: http://www.nanog.org/mtg-9811/ppt/witt/index.htm Confidential, © Riverhead Networks, Inc., 2002

Does routing back to the source go through same interface ? Cisco uRPF Router A Router B Pkt w/ source comes in Path back on this line? Check source in routing table Path via different interface? Accept pkt Reject pkt Does routing back to the source go through same interface ? Confidential, © Riverhead Networks, Inc., 2002

Cisco uRPF - 1 Unicast Reverse Path Forwarding Requires CEF Available starting in 11.1(17)CC, and 12.0 Not available in 11.2 or 11.3 images Cisco interface command: ip verify unicast rpf URPF would not help to stop Code Red attacks Confidential, © Riverhead Networks, Inc., 2002

. . Blackholing = Disconnecting the customer R4 R5 peering R2 R3 R1 R 1000 1000 R1 100 . R R R FE . Server1 Victim Server2 Confidential, © Riverhead Networks, Inc., 2002

Works only on destination addresses Simple blackhole: Null0 routing Works only on destination addresses Simple blackhole: ip route 191.1.1.1 255.255.255.255 null0 Caveat: routers can forward faster than they can drop packets Blackholes good packets with bad packets Confidential, © Riverhead Networks, Inc., 2002

Router Capabilities ACLs CAR uRPF Manual process Performance impact on some routers CAR Also limits good traffic uRPF Not enforced, limited attacks protection Blocks good along with the bad Issue: Too coarse – affects good as well as bad traffic Router CPU/ASIC limitations – impacts performance Ineffective on several different attacks Confidential, © Riverhead Networks, Inc., 2002

In-line Mitigation: Edge Device Low cost and simple deployment, but… Upstream ingress still choked Device itself becomes point of failure Doesn’t scale –requires many Easy to overwhelm a FW R4 R5 peering R2 R3 1000 1000 R1 100 . R R R FE . Server1 Victim Server2 Confidential, © Riverhead Networks, Inc., 2002

. . Diversion and Precise Filtering R4 R5 R2 R3 R1 R R R Server1 Guard Guard R2 R3 Protects all resources No point of failure or latency on critical path No router impact Scales via sharing Dynamic and precise filtering 1000 1000 R1 100 . R R R . Server1 Victim Server2 Confidential, © Riverhead Networks, Inc., 2002

Solution Overview Upstream = Not on the Critical Path DDoS Protection=Riverhead Guard DDoS Detection= Riverhead Detector Victim Non-victimized servers Confidential, © Riverhead Networks, Inc., 2002

Non-victimized servers Solution Overview Riverhead Guard BGP announcement 3. Divert only victim’s traffic Activate 2. Activate: Auto/Manual 1. Detect OR IDS system Firewall Health checks Riverhead Detector Victim Non-victimized servers Confidential, © Riverhead Networks, Inc., 2002

Solution Overview Hijack traffic = BGP Riverhead Guard Traffic destined to the victim Legitimate traffic to victim Inject= GRE, VRF, VLAN, FBF, PBR… Victim “No Dynamic configuration” Non-victimized servers Confidential, © Riverhead Networks, Inc., 2002

Adaptive and Dynamic Filtering Per flow queues and aggregate rates 1 to 100s of dynamic filters by flow, protocol, … Rate-limiting & DDoS Traffic Shaping Static & Dynamic Filters Anti spoofing Statistical analysis Layer 7 http smtp Confidential, © Riverhead Networks, Inc., 2002

ISP Perimeter Protection Confidential, © Riverhead Networks, Inc., 2002

ISP Perimeter Protection Confidential, © Riverhead Networks, Inc., 2002

ISP Edge Protection Confidential, © Riverhead Networks, Inc., 2002

IDC Enterprise Protection Confidential, © Riverhead Networks, Inc., 2002

Stop Attacks on Provider Infrastucture Routers, Root DNS, Cache Proxies AS y AS 56 AS x DNS root servers Riverhead Guard Confidential, © Riverhead Networks, Inc., 2002

Actual Production Network ISP 1 ISP 2 Juniper Foundry, etc Cisco,Foundry Riverhead, Other detectors S D C a t l y s 8 5 P o w e r u p I O Y T E M 1 i c h R D a l t 8 o w e S u p C I O Y T E M r y 1 i c h P s GSR 12000 C a t s S y S P r p y P w p S I 5 R I r t c s r Riverhead Guard Catalyst I C O S Y E M I C O S Y T E M GEthernet C S T S C S S Firewall Alert Catalyst IDS I C O S Y E M I C O S Y T E M IDS Internal network Customers’ Servers Confidential, © Riverhead Networks, Inc., 2002

Live Data Center Test Victim & Guard: Actual Hosting Center Attackers: ` Attackers: Mercury Interactive A A C C A User experience Netax, Philadelphia Confidential, © Riverhead Networks, Inc., 2002

Real World Results Confidential, © Riverhead Networks, Inc., 2002

Detailed Effect Victim vs Non-victim normal Attack Attack + diversion usec Confidential, © Riverhead Networks, Inc., 2002

Thank you! Comments: boaz@riverhead.com Confidential, © Riverhead Networks, Inc., 2002

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.