Presentation is loading. Please wait.

Presentation is loading. Please wait.

Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li."— Presentation transcript:

1 Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li

2 Introduction In general, three categories of DDoS research: Intrusion Prevention Intrusion Detection Intrusion Response/Tolerance

3 A Typical DDoS Architecture Mastermind Intruder Client (Commander) Handler (Middleman) Agent (Attacker) www.victim.com

4 Objective Focus on Intrusion Tolerance Explore Alternative Routes Against DDoS

5 Approaches 1. Updated DNS along with IP-Over-IP between the alternative firewall and real server. Alternative routes established from clients to the real server through an alternative firewall (IP-Over-IP). Relatively easy to implement, and work reasonably well, but does not resolve the DDoS problems completely. 2. Updated DNS along with Proxy Server Alternative routes established from clients to real server through an alternative firewall (Proxy Server). Adding new fields to DNS and new features to web browsers/network applications. Attacker can hardly detect the new route – better for trusted clients.

6 Design and Implementation of Approach 1 Architecture Real Server DNS Server FireWall Alternative Firewall IP-over-IP Client

7 Software Developed SendMessage: a client program that sends out “Attacked” msg to the alternative firewall. PM (ProcessManager): a server program that listens for “Attacked” msg, and manages Updated_DNS and IP-Over_IP server programs. Updated_DNS: a UNIX shell script that updates DNS server for the alternative firewall information (IP). IP_Over_IP_Svr: a program that transfers data back and forward between clients and the real server (Only for HTTP request/data in the current version).

8 Software/Tools used Bind Version 9: only Bind 8/9 allows updating DNS record. VMWare: A freeware used to create two additional operating environments (ex. Argo.uccs.edu and Ardent.uccs.edu are created on Athena.uccs.edu machine)

9 Hardware Configuration Real Server (Argo) DNS Server (Argo) FireWall (Athena) Alternative Firewall (Ardent) IP-over-IP Client

10 Process Flow (Approach 1) Step 1: Upon detection of an attacker (ex. by Snort), MessageSend (client) running on the real server sends a “Attacked” message to the alternative firewall. Step 2: Upon receiving an “Attacked” message, Process Manager (server) running at the alternative fire wall server will do the following: Start updateDNS process to update DNS servers with the alternative firewall IP address. Start IP-Over-IP process that will relay request/data between the real server and client ….an alternative route is established.

11 Design of Approach 2 Add three new fields to the current DNS specifications: 1. Proxy Server IP address. 2. Proxy Server Port Number. 3. A field for a list of trusted client IP addresses or identifiers or digital signatures. Add client network interface, which add SOCK protocol when the DNS query returns the new type of DNS query results (more transparent solution) Modify web browsers to read the three DNS fields and configure web browsers automatically, if and only if the client info such as IP or identifier matches the client information from DNS server.

12 Conclusion 1. Updated DNS along with data transfers using IP- over-IP between real server and alternative firewall (approach 1) reasonably establish the alternative route. 2. Approach 1 dynamically provides the alternative route and thus increases intrusion tolerance. 3. Limited testing results (browsed a couple of personal web pages through the alternative route –Approach 1) show no performance issue. (More testing with simulating attacking situation is needed)

13 Conclusion (continues) 3. However, approach 1 can not eliminate completely the DDoS problems since attackers may go through the new route after detecting the alternative route (The IP_Over_IP_Svr only handle HTTP request/data in this version). 4. Approach 2 does guarantee continuous service for trusted clients since only the trusted clients are allowed to go through the alternative route when the original route is attacked.

14 Future Work Approach 1 can be expanded into a failover/failback systems or load balancer. IP_Over_IP_Svr can be expanded to handle other protocols such as FTP, SNMP. DNS server can be improved with additional rules or policies to increase internet security – this is the main lesson learnt.

15 References Design of An Autonomous Anti-DDOS Network (A2D2). Angela Cearns. Thesis. Department of Computer Science. 2002. Detection, Defense and tracking of Internet-Wide Illegal Access in a Distributed Manner. Kohel Ohta, et al. www.isoc.org/isoc/conferences/inet/00/cdproceeding s/if/if_2.htm www.isoc.org/isoc/conferences/inet/00/cdproceeding s/if/if_2.htm http://www.shakabuku.org/writing/dyndns.html http://www.freesoft.org/CIE/Topics/77.htm

Download ppt "Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li."

Similar presentations

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003

Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Using Multiple Gateways to Foil DDOS Attack by David Wilkinson.

Using Multiple Gateways to Foil DDOS Attack by David Wilkinson.
Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.

Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.
ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.

DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.
Investigations into BIND Dynamic Update with OpenSSL by David Wilkinson.

Investigations into BIND Dynamic Update with OpenSSL by David Wilkinson.

Similar presentations

Ads by Google