Presentation is loading. Please wait.

Presentation is loading. Please wait.

Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds Srikanth Kandula, Dina Katabi, Matthias Jacob, and Arthur Berger Awarded Best Student.

Published byChastity Moody Modified over 9 years ago

Similar presentations

Presentation on theme: "Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds Srikanth Kandula, Dina Katabi, Matthias Jacob, and Arthur Berger Awarded Best Student."— Presentation transcript:

1 Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds Srikanth Kandula, Dina Katabi, Matthias Jacob, and Arthur Berger Awarded Best Student Paper! (NSDI-2005) Defense by Manan Sanghi

2 Flash Crowd

3 DDOS

4 Botz-4-Sale request

5 Botz-4-Sale Reverse Turing test

6 Botz-4-Sale Solution

7 Botz-4-Sale Welcome! HTTP cookie Allows at most 8 simultaneous connections Valid for 30 minutes

8 Botz-4-Sale request

9 Botz-4-Sale Reverse Turing test

10 Botz-4-Sale request

11 Botz-4-Sale System is Busy, either solve puzzle or try later

12 Botz-4-Sale request

13 Botz-4-Sale Reverse Turing test

14 Botz-4-Sale request

15 Botz-4-Sale System is Busy, either solve puzzle or try later

16 Botz-4-Sale Request …

17 Botz-4-Sale

18 Kill-Bots Overview Graphical Puzzles served during Stage 1

19 Example Normal Load 40% K 1 =70% K 2 =50% Time out (5 minutes) unauthenticated users

20 Two stages in Suspected Attack Mode Stage 1: CAPTCHA based Authentication  No state maintenance before authentication  HTTP cookie  Cryptographic support Stage 2: Authenticating users who do not answer CAPTCHA  No more reverse Turing tests  Bloom filters to filter out over-zealous zombies

21

22 Resource Allocation and Admission Control Tradeoff  Authenticate new clients  Serve already authenticated clients

23 Adaptive Admission Control Cute Queuing Theory type analysis

24

25 Security Analysis Socially-engineered Attacks Copy Attacks  Including IP address in one-way hash does not deal well with proxies and mobile users Replay Attacks  Time information in the cookie hash DoS attacks on the authentication mechanism  No connection state for unauthenticated clients In-kernel HTTP header processing  HTTP headers not parsed  Pattern match arguments to GET and Cookie fields  Cost : less than 8  s

26 System Architecture

27

28 Evaluation – Experimental Setup

29 Evaluation

30 Evaluation - Microbenchmarks

31 Evaluation- CyberSlam attacks

32

33 Evaluation – Flash Crowds

34

35 On Admission Control Authentication is not sufficient Good performance requires admission control

36 Threat Model Bandwidth floods, DNS entries, routing entries not considered Attacker cannot sniff legitimate users’ packets Attacker cannot access server’s local network Zombies are not as smart as humans Attacker does not have a large number of humans aiding his evil plans

Download ppt "Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds Srikanth Kandula, Dina Katabi, Matthias Jacob, and Arthur Berger Awarded Best Student."

Similar presentations

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June 28 2007.

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June
Security Issues In Mobile IP

Security Issues In Mobile IP
Quiz 1 Posted on DEN 8 multiple-choice questions

Quiz 1 Posted on DEN 8 multiple-choice questions
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service.

Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service.
CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.

CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Secure Lync mobile Authentication

Secure Lync mobile Authentication
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.

SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
1 Controlling High Bandwidth Aggregates in the Network.

1 Controlling High Bandwidth Aggregates in the Network.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )

Similar presentations

Ads by Google