Presentation is loading. Please wait.

Presentation is loading. Please wait.

DDoS Mitigation for ISP subscribers Rajaram Pejaver November 23, 2010 De-DDoS.

Published byAmos Webster Modified over 9 years ago

Similar presentations

Presentation on theme: "DDoS Mitigation for ISP subscribers Rajaram Pejaver November 23, 2010 De-DDoS."— Presentation transcript:

1 DDoS Mitigation for ISP subscribers Rajaram Pejaver November 23, 2010 De-DDoS

2 November 23, 2010© Rajaram Pejaver2 Agenda An introduction to DDoS Solution Architecture Operation –Configuration and Provisioning –Mitigation Operation –Tear down Simple Questions ™ Product positioning Conclusions

3 November 23, 2010© Rajaram Pejaver3 Introduction to DDoS  History & Motivation  DDoS attack structure 

4 November 23, 2010© Rajaram Pejaver4 Architecture - 1

5 November 23, 2010© Rajaram Pejaver5 Architecture - 2

6 November 23, 2010© Rajaram Pejaver6 Configuration & Provisioning

7 November 23, 2010© Rajaram Pejaver7 Mitigation Operation - 1 What happens at the Mitigation Service? Mega service accepts ALL incoming connections.  Consists of a cluster of powerful servers, load balanced. Responds to every HTTP request with a query.  Humans can easily recognize and answer the query.  Computer programs can’t. IP addresses of correct responders are White Listed.  White Listed traffic is forwarded to subscriber via tunnel. Statistical sharing of Mitigation Service. Only a few subscribers will be under attack at any one time.  Service needs to handle only a few simultaneous attacks.  Capital costs are spread over entire subscriber base.

8 November 23, 2010© Rajaram Pejaver8 Mitigation Operation - 2

9 November 23, 2010© Rajaram Pejaver9 Tear Down Ending Mitigation Service is easy. Just restore normal routing to the subscriber’s IP address. GRE tunnel can be left up for a bit (useful if attack resumes.) Final billing and usage statistics can include: Mitigation duration, start & end times. Connections permitted through & blocked. Total packets (& bytes) permitted through & blocked. Traffic rates to subscriber, before and during mitigation. Final White List (useful if attack resumes.) Geographic distribution of blocked IP addresses.

10 November 23, 2010© Rajaram Pejaver10 Simple Questions Represents an improvement over CAPTCHA.  “Which letter follows D in the alphabet?”  E  “How much is five plus two?”  7 CAPTCHA needs: Character recognition. Simple Questions needs: Character recognition. Sentence parsing. Semantic understanding. Common sense for response. Video nuCAPTCHA increases Bot work load.

11 November 23, 2010© Rajaram Pejaver11 Product Placement Current products for DDoS infected subscribers: Constant Guard: List based infection notification. AUPM: Acceptable use traffic monitoring. Both limit damage done by infected subscribers. Proposal protects uninfected subscribers from attacks from everywhere around the world. Premium service – for a fee. Subscription or on-demand models. Product differentiator from other ISPs. Can be advertized as a “must have” for businesses.

12 November 23, 2010© Rajaram Pejaver12 Conclusions A new & unique method of DDoS Mitigation. Distinguishes between Attack & Valid traffic.  Acceptable to human users.  Very reliable; very low false positive rates. Revenue Generator. Product Differentiator. A “must have” for today. Possible patentable idea. Questions?

Download ppt "DDoS Mitigation for ISP subscribers Rajaram Pejaver November 23, 2010 De-DDoS."

Similar presentations

OpenFlow-Based Server Load Balancing GoneWild

OpenFlow-Based Server Load Balancing GoneWild
1 Routing and Scheduling in Web Server Clusters. 2 Reference The State of the Art in Locally Distributed Web-server Systems Valeria Cardellini, Emiliano.

1 Routing and Scheduling in Web Server Clusters. 2 Reference The State of the Art in Locally Distributed Web-server Systems Valeria Cardellini, Emiliano.
An Engineering Approach to Computer Networking

An Engineering Approach to Computer Networking
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Content Switch. Introduction of content web switch.. Some content switch products in the market.. Design of a content switch.

Content Switch. Introduction of content web switch.. Some content switch products in the market.. Design of a content switch.
PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University

A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University
Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.

Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.
Overlay Architecture and API Fang Yu Noah Treuhaft Takashi Suzuki Matthew Caesar.

Overlay Architecture and API Fang Yu Noah Treuhaft Takashi Suzuki Matthew Caesar.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.

Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
Connecting LANs, Backbone Networks, and Virtual LANs

Connecting LANs, Backbone Networks, and Virtual LANs
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
PPP (Point to Point Protocol)

PPP (Point to Point Protocol)
15-1 More Chapter 15 Goals Compare and contrast various technologies for home Internet connections Explain packet switching Describe the basic roles of.

15-1 More Chapter 15 Goals Compare and contrast various technologies for home Internet connections Explain packet switching Describe the basic roles of.
IP Addressing INTW 1325. 2 What is an IP address? An unique identifier for a computer or device (host) on a TCP/IP network A 32-bit binary number usually.

IP Addressing INTW What is an IP address? An unique identifier for a computer or device (host) on a TCP/IP network A 32-bit binary number usually.

Similar presentations

Ads by Google