DDoS attacks and defense mechanisms - PowerPoint PPT Presentation

About This Presentation
Title:

DDoS attacks and defense mechanisms

Description:

A quick take on DoS and DDoS attacks and Instart Logic’s defense mechanisms against them. – PowerPoint PPT presentation

Number of Views:77
Slides: 7
Provided by: InstartLogic
Category:

less

Transcript and Presenter's Notes

Title: DDoS attacks and defense mechanisms


1
DDOS ATTACKS AND DEFENSE MECHANISMS
2
  • In a Denial of Service (DoS) attack, an adversary
    prevents internet users from getting access to
    some service or information. DoS attacks began in
    Internet Relay Chat (IRC) channels. Back then,
    attackers used them to knock users off an IRC
    channel. DoS tools have evolved a great deal in
    the past few years, and evolved into distributed
    denial of service attacks (DDoS) by using
    multiple agents, from multiple locations. The
    attack mechanisms have pretty much stayed the
    same, which usually fall into one of the
    following two categories
  • vulnerability attacks
  • flooding attacks
  • In this blog post we will take a look at DoS and
    DDoS attacks and Instart Logics defense
    mechanisms against them.
  • Vulnerability Attacks
  • In vulnerability attacks, adversaries take
    advantage of a vulnerability in the software to
    crash it and deny service to legitimate users.
    Vulnerability attacks have been common for quite
    a while. For example, in the 90s attackers
    exploited vulnerabilities in Windows TCP/IP
    stack by crafting and sending packets that would
    make the system run out of memory. Their goal in
    launching these attacks was simply to knock IRC
    users off the channel by crashing their systems.
  • Even though software gets continually patched and
    updated, new vulnerabilities are discovered every
    day. However, the difficulty of finding
    vulnerabilities and crafting the packets to
    launch the attack have made flooding attacks a
    more popular alternative.

3
  • Flooding Attacks
  • The idea behind a flooding attack is quite simple
    attackers send many requests to a target
    service, which attempts to track each of the
    requests as a transaction. As the flood of
    packets keeps coming in, the targeted resources
    get depleted and can no longer respond to
    legitimate traffic. Flooding attacks are divided
    into two categories
  • volumetric or Layer 3/4 attacks that target the
    network infrastructure
  • application layer or Layer 7 attacks that target
    the web server
  • Flooding attacks have been the most successful
    and prevalent type of attacks in past few years.
    The distributed nature of the attacks, along with
    the sheer quantity of agent machines, make it
    impossible for any defense mechanism to discern a
    specific attacker. Employing IP Spoofing
    techniques makes flood traffic look as if it's
    coming from various different sources and makes
    it very hard to block.
  • Volumetric Attacks
  • These attacks sometimes target bandwidth, and
    other times target routers, load balancers and
    firewalls. They get measured as bits per second
    or packets per second. Some specific volumetric
    attacks are
  • DNS reflection attack  the attacker sends DNS
    requests to third-party DNS servers, while
    spoofing the source IP address and pretending
    that the requests came from the victim. The
    requests that the victim sends usually involve
    amplification meaning the requests will result
    in a much larger response. An example is a DNS
    ANY request, which ask the DNS server for all
    information that it currently knows about the
    domain where the mail servers are (MX records),
    what the IP addresses are (A records), and so on.
    This maximizes the size of the response sent to
    the victim. When the DNS servers send their
    disproportionately large response to the spoofed
    source, it results in a huge amount of traffic
    flooding the victim.

4
  • SYN flood attack  the attacker sends a flood of
    SYN packets to the victims server while spoofing
    the source IP address, pretending to be sent from
    someone else. The victims server sends back the
    SYN-ACK message to the sender and never receives
    an ACK message. The half-open connections created
    on the server eventually cause the server to run
    out of resources, making it unable to respond to
    any requests, including legitimate requests.
  • Smurf attack  the attacker uses
    specially-crafted packets with the victims IP as
    the source IP and sets the destination to the
    broadcast address of a large network. All of the
    responses from all of the hosts on that network
    get sent back to the victim, overwhelming their
    network and servers.
  • Application Layer DDoS Attacks
  • Application layer attacks happen with the goal of
    disrupting transactions or accessing a database
    by sending a lot of seemingly legitimate requests
    on Layer 7. The attack traffic looks very similar
    to legitimate traffic and it makes it extremely
    difficult to mitigate these attacks.
  • AppShield from Instart Logic
  • AppShield Security Suite offers defense
    mechanisms against all kinds of DDoS attacks.
  • Leveraging Anycast technology, our global network
    of datacenters can mitigate against large
    volumetric attacks. The global network inherently
    defuses large DDoS attacks that are commonly
    seen, especially during holiday shopping seasons.
    During the 2015 Black Friday shopping season we
    successfully mitigated a 110Gbps attack without
    any problems. We have also partnered
    with Verisign, one of the worlds largest
    scrubbing centers, which can scale on demand to
    provide customers with an extra level of
    protection.

5
  • AppShield helps customers mitigate Layer 7
    attacks both through our partnership
    with Verisign and also using a variety of defense
    mechanisms such as
  • Web Application Firewall rules enable customers
    to block attack traffic and protects against
    server-side vulnerabilities
  • Managed Security Service provides customers with
    security operations center that monitors their
    web application 24/7 and identifies and blocks
    all security threats
  • IP/User Agent/Geo location blocking and
    throttling enables customers to block or throttle
    traffic from any IP addresses, User Agents or
    geographical locations they have identified as
    malicious
  • IP Reputation Feed allows our customers to use IP
    Reputation data to block/throttle traffic from
    low-reputation sources
  • Bot or Not identifies traffic originating from
    non-legitimate clients and blocks or throttles
    it. Bot or Not is powered by our
    Nanovisor technology which gives us intelligence
    about the browser, device and application
    behavior.

6
Instart Logic is the worlds first endpoint-aware
application delivery solution that makes websites
and applications fast, secure, and easy to
operate.
Interested in learning more? Preview our image
optimization capabilities in the Playground
Contact Sales
Write a Comment
User Comments (0)
About PowerShow.com