Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phalanx : Withstanding Multimillion-Node Botnets

Published byJohn Williamson Modified over 6 years ago

Similar presentations

Presentation on theme: "Phalanx : Withstanding Multimillion-Node Botnets"— Presentation transcript:

1 Phalanx : Withstanding Multimillion-Node Botnets
Presented by : Eric Chan, J. Scott Miller

2 Botnets? A large collection of compromised computers controlled by hackers Widely used to Spam s Steal identities Launch large scale DDoS attacks

3 Botnets?

4 Botnets?

5 Goals Eventual Communication Protect Established Connections
Possible connection regardless of the number of attackers Protect Established Connections Protecting connections once established Unilateral Deployment Deployment on a single ISP without global agreement Endpoint Policy Destination controls which connections to be established Resistance to Compromise Tolerate compromised nodes/routers Autoconfiguration Path changes should be transparent to protection Efficiency Maintain performance even under attack

6 Our Approach Swarm of machines forward traffic
Explicitly request each packet Attacks must down all mailboxes and thus all paths

7 Mailboxes A large number of machines offer to carry traffic for certain destinations Traffic is stored in mailboxes to be picked up. If ignored it will be dropped from buffer.

8 Iterated Hash Sequences
Each packet in a flow is sent to a cryptographically random mailbox Mailbox is secretly selected by destination; an attacker cannot “follow” a flow by attacking each mailbox just before it is used

9 Mailbox Sets Tradeoff between performance and resilience
Initially select 10 nearby mailboxes Different set for forward and reverse path Nearby according to iPlane Expand/change set based on loss conditions Changes piggybacked on packets

10 Filtering Ring Filters out unrequested traffic at Tier 1
Each edge router maintains set of requested nonces (white list) and received nonces (blacklist) Implemented with 4 Bloom filters False negatives result in single loss Request added to white list -> sent packet checked again white/black list -> added to bliack list

11 Nonces, Tokens and Puzzles
How does the first packet get through? General purpose request nonce issued by destination Rate is in control of destination Can be issued for range of IPs

12 Nonces, Tokens and Puzzles
Isn’t this an opportunity for attack? Authentication tokens required for connections Take the form of cryptographic puzzles or provider-granted cookies based on previous authentication

13 Micro-benchmarks on Planetlab
Tested Phalanx path between pairs of nodes Ten mailboxes used 25 KBps (25 packets/sec) ~1000 packets/connection Compared with vanilla UDP

14 Congestion Control TCP ill-suited to the reordering and loss we expect in our system Developed congestion control protocol based on destination-advertised sending rates Losses experienced at mailbox indicated to the destination

15 Impact on Latency Minor impact on latency

16 Impact on Loss Minor impact on loss rate

17 Effect of Attack on Rate
Half of mailboxes drop 75% of packets starting at 12 sec Average sending rate (25KBps) maintained

18 Simulation Router level topology gather by having PL hosts use iPlane to probe Akamai hosts PL hosts act as servers under attack Akamai hosts act as mailboxes

19 Effect of Limited Deployment
100k attackers, 1000 good hosts Single deployment aides substantially

20 Effects of Varying Attacker Size
For up to 1 million attackers many good hosts see no losses

21 Conparison with Single-Path
Many more acceptable connections with Phalanx

22 Conclusion Strong DDoS solution for centralized servers
Incremental deployment possible Resilient to compromise

Download ppt "Phalanx : Withstanding Multimillion-Node Botnets"

Similar presentations

Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks Multipath.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks Multipath.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.

Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.
FastPass: Availability Tokens to Defeat DoS Presented at CMU Systems Seminar by: Dan Wendlandt Work with: David Andersen & Adrian Perrig.

FastPass: Availability Tokens to Defeat DoS Presented at CMU Systems Seminar by: Dan Wendlandt Work with: David Andersen & Adrian Perrig.
(4.4) Internet Protocols Layered approach to Internet Software 1.

(4.4) Internet Protocols Layered approach to Internet Software 1.
A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.

A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.
1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168) Limited Transmit (RFC 3042)

1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168) Limited Transmit (RFC 3042)
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168)

1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168)
1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)

1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)
Phalanx: Withstanding (?) Multimillion-Node (?) Botnets Paper by Colin Dixon, Thomas Anderson and Arvind Krishnamurthy NSDI ‘08 ?? by Mark Ison and Gergely.

Phalanx: Withstanding (?) Multimillion-Node (?) Botnets Paper by Colin Dixon, Thomas Anderson and Arvind Krishnamurthy NSDI ‘08 ?? by Mark Ison and Gergely.
Optical Ring Networks Research over MAC protocols for optical ring networks with packet switching. MAC protocols divide the ring bandwidth according to.

Optical Ring Networks Research over MAC protocols for optical ring networks with packet switching. MAC protocols divide the ring bandwidth according to.
Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Transport Protocols Slide 1 Transport Protocols.

Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Transport Protocols Slide 1 Transport Protocols.
1 Computer Networks Switching Technologies. 2 Switched Network Long distance transmission typically done over a network of switched nodes End devices.

1 Computer Networks Switching Technologies. 2 Switched Network Long distance transmission typically done over a network of switched nodes End devices.
A DoS Limiting Network Architecture An Overview by - Amit Mondal.

A DoS Limiting Network Architecture An Overview by - Amit Mondal.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Similar presentations

Ads by Google