Defense Strategies for DDoS Attacks - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

Defense Strategies for DDoS Attacks

Description:

Host vendors can't fix it. Firewalls can't stop it. It's a network problem; the response must come from the network. 4. Response Classes ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 9
Provided by: stevenmb
Category:

less

Transcript and Presenter's Notes

Title: Defense Strategies for DDoS Attacks


1
Defense Strategiesfor DDoS Attacks
  • Steven M. Bellovin
  • smb_at_research.att.com
  • http//www.research.att.com/smb

2
A Real Network Security Issue
  • Most network security problems are nothing of
    the sort.
  • Theyre host vulnerabilities the network is just
    an access vehicle.
  • Without the net, could a local user exploit the
    hole?
  • DDoS is the networks problem.

3
Implications
  • Host vendors cant fix it.
  • Firewalls cant stop it.
  • Its a network problem the response must come
    from the network.

4
Response Classes
  • Packet authentication
  • Find out who is sending the packets
  • Flow identification
  • If we can identify it, can we control it?
  • Can we withhold authorization?

5
Packet Identification Filtering
  • Block packets with forged source address.
  • Identifies site (and maybe LAN) that stuff is
    coming from.
  • Granularity of filter is an issue.
  • Can anyone cope with knowing 1000 attacking sites?

6
Source Identification Schemes
  • Have network elements -- routers, switches, etc.
    -- identify packets of interest.
  • Packet-marking -- set bits in packet header
  • Logging -- notify NOC
  • Tracers -- send extra packets to destination,
    identifying path

7
Prevention
  • Must rate-limit evil packets.
  • But no evil bit in the header...
  • Could try to limit all packets, but the Internet
    isnt built that way.
  • Possibility limit packets towards victim, from
    high-bandwidth predecessor.
  • Apply algorithm recursively.

8
Router Pushback
  • Use existing mechanisms to find ill-behaving
    traffic towards some destination.
  • Identify previous router hops for such traffic
    tell them to rate-limit packets to your for that
    destination.
  • If theyre dropping packets, they tell their
    upstream neighbors.
  • Note pushback eventually shows traffic source.
Write a Comment
User Comments (0)
About PowerShow.com