Presentation is loading. Please wait.

Presentation is loading. Please wait.

Networks ∙ Services ∙ People www.geant.org GEANT Information & Infrastructure Security Team TNC16 – Networking Conference Introduction DDoS at GÉANT Prague.

Published byDavid Simon Modified over 8 years ago

Similar presentations

Presentation on theme: "Networks ∙ Services ∙ People www.geant.org GEANT Information & Infrastructure Security Team TNC16 – Networking Conference Introduction DDoS at GÉANT Prague."— Presentation transcript:

1 Networks ∙ Services ∙ People www.geant.org GEANT Information & Infrastructure Security Team TNC16 – Networking Conference Introduction DDoS at GÉANT Prague June 13 th 2016 Evangelos Spatharas/Temoor Khan Security Engineer

2 Networks ∙ Services ∙ People www.geant.org INDEX DDoS Statistics, Highlights and Countermeasures How GÉANT Deals with DDoS Firewall on Demand Future of DDoS 2

3 Networks ∙ Services ∙ People www.geant.org 3 Who Sees DDoS Attacks?

4 Networks ∙ Services ∙ People www.geant.org 4 DDoS Profile UDP

5 Networks ∙ Services ∙ People www.geant.org DDoS – Ramifications Network Performance degradation Services malfunction Outages Staff & Company Productivity reduction Wasted resources Reputation Profit reduction Users Dissatisfaction Change upstream? 5

6 Networks ∙ Services ∙ People www.geant.org Manual ACLs  Time Consuming  Prone to mistakes  Highly effective RTBH  Fast  Too coarse BGP FlowSpec  Fast  Highly effective DDoS Scrubbing  Highly effective  Very expensive 6 Mitigating DDoS?

7 Networks ∙ Services ∙ People www.geant.org Manual ACLs  Time Consuming  Prone to mistakes  Highly effective RTBH  Fast  Too coarse BGP FlowSpec  Fast  Highly effective DDoS Scrubbing  Highly effective  Very expensive 7 Mitigating DDoS?

8 Networks ∙ Services ∙ People www.geant.org Manual ACLs  Time Consuming  Prone to mistakes  Highly effective RTBH  Fast  Too coarse BGP FlowSpec  Fast  Highly effective DDoS Scrubbing  Highly effective  Very expensive 8 Mitigating DDoS?

9 Networks ∙ Services ∙ People www.geant.org fod.geant.net 9 From RFC to a WEB Based Tool

10 Networks ∙ Services ∙ People www.geant.org fod.geant.net 9 From RFC to a WEB Based Tool Speed

11 Networks ∙ Services ∙ People www.geant.org fod.geant.net 9 From RFC to a WEB Based Tool Speed Effectiveness

12 Networks ∙ Services ∙ People www.geant.org fod.geant.net 9 From RFC to a WEB Based Tool Speed Effectiveness Efficiency

13 Networks ∙ Services ∙ People www.geant.org 13 Under the hood – Current Status IX A GÈANT Internet IX B NREN A FoD NSHaRP

14 Networks ∙ Services ∙ People www.geant.org 14 Under the hood – Current Status IX A GÈANT Internet IX B NREN A Flowspec FoD NSHaRP

15 Networks ∙ Services ∙ People www.geant.org 15 Upgrade – Future Plans IX A GÈANT Internet IX B NREN A Flowspec FoD NSHaRP

16 Networks ∙ Services ∙ People www.geant.org 16 DDoS in Future

17 Networks ∙ Services ∙ People www.geant.org In case you have any issues or queries in relation to FoD, please contact GÉANT Infrastructure & Security team at security@geant.org security@geant.org 17 How to Contact us

18 Networks ∙ Services ∙ People www.geant.org Thank you Networks ∙ Services ∙ People www.geant.org 18 GEANT OPS Security Team security@geant.net

Download ppt "Networks ∙ Services ∙ People www.geant.org GEANT Information & Infrastructure Security Team TNC16 – Networking Conference Introduction DDoS at GÉANT Prague."

Similar presentations

Presentation. Contemporary Communication Fast – connects us quickly without delays Reliable – works always Global – connects us with the whole world Low.

Presentation. Contemporary Communication Fast – connects us quickly without delays Reliable – works always Global – connects us with the whole world Low.
Prepared By Naieem Khan & Ummiya Rahman Presentation On.

Prepared By Naieem Khan & Ummiya Rahman Presentation On.
NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,

NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,
Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY.

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY.
0-1 Team # Status Report (1 of 4) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team #: Team Name.

0-1 Team # Status Report (1 of 4) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team #: Team Name.
0-1 Team # Status Report (1 of 4) Client Contact –Status Point 1 –Status Point 2 Team Meetings –Status Point 1 –Status Point 2 Team Organization –Description.

0-1 Team # Status Report (1 of 4) Client Contact –Status Point 1 –Status Point 2 Team Meetings –Status Point 1 –Status Point 2 Team Organization –Description.
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
Arbor Multi-Layer Cloud DDoS Protection

Arbor Multi-Layer Cloud DDoS Protection
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg
0-1 Team ?? Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auraria.

0-1 Team ?? Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auraria.
1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.

1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.
Firewall on Demand A multidomain approach Leonidas Poulopoulos, Yannis Mitsos – GRNET NOC Firewall on Demand workshop TF-MSP meeting.

Firewall on Demand A multidomain approach Leonidas Poulopoulos, Yannis Mitsos – GRNET NOC Firewall on Demand workshop TF-MSP meeting.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
By Chris Versaci CLOUD SECURITY. WHAT IS CLOUD COMPUTING? Cloud computing is a concept that involves a large number of computers connected through a real-time.

By Chris Versaci CLOUD SECURITY. WHAT IS CLOUD COMPUTING? Cloud computing is a concept that involves a large number of computers connected through a real-time.
99ATS Turbocharge your Hiring Process !!. ON TARGET Solution offered by 99ATS Overview Introduction Gaps in Recruitment Process Screenshot overview of.

99ATS Turbocharge your Hiring Process !!. ON TARGET Solution offered by 99ATS Overview Introduction Gaps in Recruitment Process Screenshot overview of.
Alberto Rivai arivai@cisco.com Teknologi pemantauan jaringan internet untuk pendeteksian dini terhadap ancaman dan gangguan Alberto Rivai arivai@cisco.com.

Alberto Rivai Teknologi pemantauan jaringan internet untuk pendeteksian dini terhadap ancaman dan gangguan Alberto Rivai
SECURITY WG Paul Howell, Eric Boyd Internet2 © 2015 Internet2.

SECURITY WG Paul Howell, Eric Boyd Internet2 © 2015 Internet2.
Networks ∙ Services ∙ People www.geant.org Mandeep Saini TF-MSP, Espoo, Finland Service Delivery and Adoption 10 th Sep 2015 Task Leader, GN4-1 SA7 T3.

Networks ∙ Services ∙ People Mandeep Saini TF-MSP, Espoo, Finland Service Delivery and Adoption 10 th Sep 2015 Task Leader, GN4-1 SA7 T3.
DDOS. Methods – Syn flood – Icmp flood – udp Common amplification vectors – NTP 557 – CharGen 359 – DNS 179 – QOTD 140 – Quake 64 – SSDP 31 – Portmap28.

DDOS. Methods – Syn flood – Icmp flood – udp Common amplification vectors – NTP 557 – CharGen 359 – DNS 179 – QOTD 140 – Quake 64 – SSDP 31 – Portmap28.

Similar presentations

Ads by Google