Presentation is loading. Please wait.

Presentation is loading. Please wait.

Source Router Approach to DDoS Defense Jelena Mirković and Peter Reiher UCLA USENIX Work-In Progress Session Washington DC, 08/17/2001 {sunshine,

Published byEunice Hudson Modified over 9 years ago

Similar presentations

Presentation on theme: "Source Router Approach to DDoS Defense Jelena Mirković and Peter Reiher UCLA USENIX Work-In Progress Session Washington DC, 08/17/2001 {sunshine,"— Presentation transcript:

1 Source Router Approach to DDoS Defense Jelena Mirković and Peter Reiher UCLA USENIX Work-In Progress Session Washington DC, 08/17/2001 {sunshine, reiher}@cs.ucla.edu

2 Approach Overview  Goal: Prevent our site from participating in DDoS attack  Monitor incoming and outgoing traffic looking for signs that some destination is in trouble  Reduce traffic to that destination  Separate attacking from normal flows  Shut down attacking machines

3 Approach Overview A B C D E F G I J H

4 A B C D E F G I J H

5 A B C D E F G I J H

6 A B C D E F G I J H

7 A B C D E F G I J H

8  For every destination address router keeps lightweight statistics (number of packets/bytes, timing).  The statistics are used along with built-in models to characterize “normal” traffic.

9 Approach Overview  Router periodically matches the model with current packet statistics: Discrepancy > threshold  router throttles all traffic to that destination and extends monitoring to separate good from bed flows.

10 Approach Overview  Attacking flows should stand out from legitimate flows by the number and frequency of packets in them.  Once attacking flows are identified measures can be taken to track and shut down the attacking machines.

11 Related Work - MULTOPS  Yes, it is similar to MULTOPS, but:  It is located on source side only  Traffic models do not rely only on packet ratio  Discovery of attacking machines  Can be pushed further in the network

12 time Stable Packet Ratio in Mixed Traffic packet ratio

13 time packet ratio Stable Packet Ratio in TCP Traffic

14 time packet ratio Stable Packet Ratio in UDP Traffic

15 time packet ratio Stable Packet Ratio in UDP Traffic

16 time packet ratio Variable Packet Ratio in Mixed Traffic

17 DDoS + FTP FTP DDoS time packet ratio Variable Packet Ratio in Attack Traffic

18 Challenges  Router performance.  Why would ISP implement this?  False positives.  Multicast traffic is usually unidirectional.  Asymmetric routes.  Throttling and TCP congestion control mechanism.  Traffic patterns in the Internet change drastically over time.

19 For More Info... http://fmg-www.cs.ucla.edu/ddos

Download ppt "Source Router Approach to DDoS Defense Jelena Mirković and Peter Reiher UCLA USENIX Work-In Progress Session Washington DC, 08/17/2001 {sunshine,"

Similar presentations

On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008.

On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.24-1 MPLS VPN Technology Introducing the MPLS VPN Routing Model.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
TCP/IP MODEL Maninder Kaur www.eazynotes.com.

TCP/IP MODEL Maninder Kaur
CS 457 – Lecture 16 Global Internet - BGP Spring 2012.

CS 457 – Lecture 16 Global Internet - BGP Spring 2012.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
MULTOPS A data-structure for bandwidth attack detection Thomer M. Gil Vrije Universiteit, Amsterdam, Netherlands MIT, Cambridge, MA, USA

MULTOPS A data-structure for bandwidth attack detection Thomer M. Gil Vrije Universiteit, Amsterdam, Netherlands MIT, Cambridge, MA, USA
1 What's happening in Networking Research Today? Prasad Calyam, OARnet OARTech Presentation, Dec 8 th, 2004.

1 What's happening in Networking Research Today? Prasad Calyam, OARnet OARTech Presentation, Dec 8 th, 2004.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
High speed links, distributed services, can’t modify routers  Lack of visibility But, need for more visibility and control  Increased number and complexity.

High speed links, distributed services, can’t modify routers  Lack of visibility But, need for more visibility and control  Increased number and complexity.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
1 Controlling High Bandwidth Aggregates in the Network.

1 Controlling High Bandwidth Aggregates in the Network.
SAVE: Source Address Validity Enforcement Protocol Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA Computer Science Dept 10/04/2001.

SAVE: Source Address Validity Enforcement Protocol Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA Computer Science Dept 10/04/2001.
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.

Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
DDoS Attack Prevention by Rate Limiting and Filtering d’Artagnan de Anda CS239 Network Security 26 Apr 04.

DDoS Attack Prevention by Rate Limiting and Filtering d’Artagnan de Anda CS239 Network Security 26 Apr 04.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
SAVE: Source Address Validity Enforcement Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA USENIX Work-In Progress Session Washington.

SAVE: Source Address Validity Enforcement Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA USENIX Work-In Progress Session Washington.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Similar presentations

Ads by Google