DDoS Defense by Offence Michael Walfish, Mithili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker MIT CSAIL, UCB and ICSI ACM SigComm 2006.

Slides:



Advertisements
Similar presentations
Accountable Internet Protocol David Andersen (CMU) Hari Balakrishnan (MIT) Nick Feamster (Georgia Tech) Scott Shenker (Berkeley)
Advertisements

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Using Capability to prevent Internet Denial-of-Service attacks  Tom Anderson  Timothy Roscoe  David Wetherall  Offense Team –Khoa To –Amit Saha.
1 Traffic Engineering (TE). 2 Network Congestion Causes of congestion –Lack of network resources –Uneven distribution of traffic caused by current dynamic.
CHORD – peer to peer lookup protocol Shankar Karthik Vaithianathan & Aravind Sivaraman University of Central Florida.
Cloud Control with Distributed Rate Limiting Raghaven et all Presented by: Brian Card CS Fall Kinicki 1.
Broadband Internet Performance: A View from the Gateway Srikanth Sundaresan, Walter de Donato, Nick Feamster, Renata Teixeira, Sam Crawford, Antonio Pescapè.
Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan Presented.
DDOS Defense by Offense OFFENSE Presented by: Anup Goyal Aojan Su.
DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker Presented by: Boris Kurktchiev and Kimberly.
5/18/2015 Samarpita Hurkute DDoS Defense By Offense 1 DDoS Defense by Offense Michael Walfish,Mythili Vutukuru,Hari Balakrishnan,David Karger,Scott Shenker.
DDoS: Defense by Offense 1 DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker, SIGCOMM ‘06 Presented.
1 DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, Scott Shenker, SIGCOMM ‘06 Presented by Lianmu Chen DDoS:
Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker Presented by Sunjun Kim, Donyoung Koo 1DDoS Defense by Offense.
Understanding the Performance Gap between Pull-based Mesh Streaming Protocols and Fundamental Limits Chen Feng, Baochun Li and Bo Li Presented by Zhiming.
Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.
Presenting: Dafna Shahaf. Infranet: Circumventing Web Censorship and Surveillance Nick Feamster, Magdalena Balazinska, Greg Harfst, Hari Balakrishnan,
Michael Walfish, Mythili Vutukuru, Hari Balakrishanan, David Karger, Scott Shankar DDos Defense by Offense.
1 Modeling and Emulation of Internet Paths Pramod Sanaga, Jonathon Duerig, Robert Ricci, Jay Lepreau University of Utah.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Network Coding for Large Scale Content Distribution Christos Gkantsidis Georgia Institute of Technology Pablo Rodriguez Microsoft Research IEEE INFOCOM.
Buffer Sizing for Congested Internet Links Chi Yin Cheung Cs 395 Advanced Networking.
DDoS Defense by Offense Presented by: Matthew C.H. Ma Damon Chan.
Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek and Hari alakrishnan.
Phalanx: Withstanding (?) Multimillion-Node (?) Botnets Paper by Colin Dixon, Thomas Anderson and Arvind Krishnamurthy NSDI ‘08 ?? by Mark Ison and Gergely.
DDoS: Defense by Offense 1 DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker, SIGCOMM ‘06 Presented.
Cabernet: Vehicular Content Delivery Using WiFi Jakob Eriksson, Hari Balakrishnan, Samuel Madden MIT CSAIL MOBICOM '08 Network Reading Group, NRL, UCLA.
3/30/2005 Auburn University Information Assurance Lab 1 Simulating Secure Overlay Services.
Characterizing Residential Broadband Networks Marcel Dischinger †, Andreas Haeberlen †‡, Krishna P. Gummadi †, Stefan Saroiu* † MPI-SWS, ‡ Rice University,
OverCite: A Cooperative Digital Research Library Jeremy Stribling, Isaac G. Councill, Jinyang Li, M. Frans Kaashoek, David Karger, Robert Morris, Scott.
1 The Good, The Bad and the Ugly: Network Performance in Malicious Environment Udi Ben-Porat ETH Zurich, Switzerland Anat Bremler-Barr IDC Herzliya, Israel.
By Olalekan Kadri & Aqila Dissanayake Prevention and Detection of DoS/DDoS.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
GeoGrid: A scalable Location Service Network Authors: J.Zhang, G.Zhang, L.Liu Georgia Institute of Technology presented by Olga Weiss Com S 587x, Fall.
1 Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks Udi Ben-Porat Tel-Aviv University, Israel Anat Bremler-Barr IDC Herzliya,
Micheal Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker Presented by Corey White.
All the components of network are connected to the central device called “hub” which may be a hub, a router or a switch. There is no direct traffic between.
U Innsbruck Informatik - 1 CADPC/PTP in a nutshell Michael Welzl
Hari Balakrishnan 24 February 2005 MIT CSAIL UC Berkeley / ICSI IRIS Project Peering Peer-to-Peer Providers Scott Shenker Michael Walfish.
Peer-to-Peer Supported Cache System for File Transfer Joonbok Lee
Codes, Peers and Mates Media processing meets future networks EU Workshop on thematic priorities in Networked Media Brussels January 19 th 2010 Ebroul.
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang DDoS Defense by Offense Michael Walfish,
OSDI 2002 Boston, MA 1 The Effectiveness of Request Redirection on CDN Robustness Limin Wang Vivek Pai and Larry Peterson Princeton University.
Adaptive Selective Verification Sanjeev Khanna, Santosh Venkatesh, UPenn Omid Fatemieh, Fariba Khan, Carl A. Gunter, UIUC IEEE INFOCOM 2008.
DDoS Attack and Defense 郭承賓 (Allen C.B. Kuo). Autonomous System Entry node.
Efficient Content Sharing Taking Account of Updating Replicas in Hybrid Peer-to-Peer Networks Tatsuru Kato, Shinji Sugawara, Yutaka Ishibashi Nagoya Institute.
1 Capacity Dimensioning Based on Traffic Measurement in the Internet Kazumine Osaka University Shingo Ata (Osaka City Univ.)
Can Internet Video-on-Demand Be Profitable? Cheng Huang, Jin Li (Microsoft Research), Keith W. Ross (Polytechnic University) ACM SIGCOMM 2007.
1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003.
On Selfish Routing In Internet-like Environments Lili Qiu (Microsoft Research) Yang Richard Yang (Yale University) Yin Zhang (AT&T Labs – Research) Scott.
The Macroscopic behavior of the TCP Congestion Avoidance Algorithm.
LOOKING UP DATA IN P2P SYSTEMS Hari Balakrishnan M. Frans Kaashoek David Karger Robert Morris Ion Stoica MIT LCS.
Heterogeneous Wireless Access in Large Mesh Networks Haiping Liu, Xin Liu, Chen-Nee Chuah, Prasant Mohapatra University of California, Davis IEEE MASS.
CS 347Notes081 CS 347: Parallel and Distributed Data Management Notes 08: P2P Systems.
P2P Search COP P2P Search Techniques Centralized P2P systems  e.g. Napster, Decentralized & unstructured P2P systems  e.g. Gnutella.
Why PHY Really Matters Hari Balakrishnan MIT CSAIL August 2007 Joint work with Kyle Jamieson and Ramki Gummadi.
DDoS Defense by Offense1 Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., (MIT) and Shenker, S. (UC Berkeley), SIGCOMM ’06 Presented by Ivanka.
1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.
Homework 1 solutions. Question 1 Solution Q1 Question 2.
Distributed Denial of Service Yi Zhang April 26, 2016.
Performance Evaluation of Redirection Schemes in Content Distribution Networks Jussi Kangasharju, Keith W. Ross Institut Eurecom Jim W. Roberts France.
Geethanjali College Of Engineering and Technology Cheeryal( V), Keesara ( M), Ranga Reddy District. I I Internal Guide Mrs.CH.V.Anupama Assistant Professor.
Magdalena Balazinska, Hari Balakrishnan, and David Karger
Improving searches through community clustering of information
Cluster Resource Management: A Scalable Approach
Building Peer-to-Peer Systems with Chord, a Distributed Lookup Service
Congestion Control in SDN-Enabled Networks
MIT LCS Proceedings of the 2001 ACM SIGCOMM Conference
Congestion Control in SDN-Enabled Networks
Presentation transcript:

DDoS Defense by Offence Michael Walfish, Mithili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker MIT CSAIL, UCB and ICSI ACM SigComm 2006

Server Capacity and Traffic  Attacker ’ s traffic : B requests/s  Good users ’ traffic : G requests/s  Server ’ s normal load : g requests/s  Server ’ s capacity: C requests/s C*G/(G+B) > g  C > g*(1+B/G)

How to Deal With Requests with Different Server Load  ‘ Time Slice ’ each request Normal: 1 slots Need database service: extra 4 slots Need parallel search: extra 2 slots … … etc  For a req that needs K time slot The user has to win the auction K times to process this req

Server Capacity Effect

Bottleneck Link Effect  Drawbacks of the protocol – 牛驥同一皁 雞棲鳳凰食 10 good nodes and 10 bad nodes ……  No bottleneck 30 nodes with bottleneck 40Mbps

Peer Heterogeneous Effect (1/2)  Peer with shorter RTT tent to have large proportion of the server

Peer Heterogeneous Effect (2/2)  Peer with larger b/w tent to have larger part of the server

Conclusion  How do I think of this paper Easy to read, nice idea Easy to combine with other schemes  Something insufficient The test scale is too small Does the assumption really holds The method may consume large b/w