Presentation is loading. Please wait.

Presentation is loading. Please wait.

On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008.

Published byIrea Shelton Modified over 11 years ago

Similar presentations

Presentation on theme: "On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008."— Presentation transcript:

1 On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008

2 The DDoS Problem A target of DDoS is overwhelmed by packets What does that really mean? He gets more packets than he can handle But what is unable to handle those packets?

3 What Got Overwhelmed? The computer? The computers network interface? The LAN? The border router? An Internet router? Effective defenses must handle these attacks at or before the attacked resource

4 How Do We Handle DoS at Each Point? Any defense must be able to handle more traffic than the attack generates – Otherwise, the defense is itself overwhelmed Once one resource is overwhelmed, the impact continues downstream – You cant defend an attack that overwhelms your border router at your computer

5 The Implications 1.End point defenses cant help against attacks on upstream resources 2.End point defenses that cant handle a flood of a certain size require assistance – From better provisioned upstream defenses 3.Ultimately, some attacks cannot be handled without help in the middle of the network

6 What to Do About It? Nothing – Maybe the problem isnt that bad – Not quite nothing - manual solutions already used Improved manual solutions – Using what functionality? – Under whose control? Automated solutions – Using what functionality? – Under whose control?

Download ppt "On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008."

Similar presentations

Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.

Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.

2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.

Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Source Router Approach to DDoS Defense Jelena Mirković and Peter Reiher UCLA USENIX Work-In Progress Session Washington DC, 08/17/2001 {sunshine,

Source Router Approach to DDoS Defense Jelena Mirković and Peter Reiher UCLA USENIX Work-In Progress Session Washington DC, 08/17/2001 {sunshine,
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala.

Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.

Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Distributed Denial of Service Attacks Dennis Galinsky, Brandon Mikelaitis, Michael Stanley Brandon Williams, Ryan Williams.

Distributed Denial of Service Attacks Dennis Galinsky, Brandon Mikelaitis, Michael Stanley Brandon Williams, Ryan Williams.
Clouseau: A practical IP spoofing defense through route-based filtering Jelena Mirkovic, University of Delaware Nikola Jevtic,

Clouseau: A practical IP spoofing defense through route-based filtering Jelena Mirkovic, University of Delaware Nikola Jevtic,
Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

Similar presentations

Ads by Google