http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html - PowerPoint PPT Presentation

slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html PowerPoint Presentation
Download Presentation
http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html

play fullscreen
1 / 13
http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html
135 Views
Download Presentation
Download Presentation

http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Fighting the DDoS Menace! http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html

  2. Recent High Profile DDoS Attacks • Protx (Online payments processing firm) : October 31st • WeaKnees.com, RapidSatellite.com (e-commerce) October 6th • WorldPay (section of Royal Bank of Scotland) : October 4th • Authorize.net (US credit card processing firm) : September 23rd

  3. Fighting the Good Fight • Aggregate-based congestion control (ACC) • identify a pattern of packets • apply a rate-limiter to the pattern(s) • Local ACC versus Global ACC • allow a router to request adjacent upstream routers to rate-limit traffic corresponding to a specific aggregate.

  4. An Illustrated Example “Controlling High Bandwidth Aggregates in the Network” (Mahajan et al, 2001)

  5. ACC Works???

  6. The Scalable Simulation Framework (http://www.ssfnet.org) • focus on scalability model scalability: # of nodes, traffic flows, bandwidth, system heterogeneity • contains a DDoS scenario • much faster learning curve than NS tools (no tcl/tk)

  7. What's the catch? • Well, it turns out the DDoS scenario models a TCP SYN flooding denial of service attack. • This DDoS attacks the TCP/IP stack of the target servers. It is not bandwidth limited! So congestion control is not the appropriate response. • Quickly, we must model a bandwidth-limited DDoS attack....

  8. Network Topology

  9. Client Topology

  10. Server Topology

  11. DDoS Topology

  12. But What Does It Do? • 164 iterations, no DDoS enabled: • mean 202.71 connections, std. dev. 13.79 • 68 iterations, DDoS enabled: • mean 194.29 connections, std. dev. 15.47 • 59 iterations, DDoS enabled & local ACC: • mean 196.98 connections, std. dev. 14.33

  13. TODO LIST • Improve the effectiveness of the DDoS attack • Use identical random number seeds across all three trial. This will show strict ordering of, DDoS < DDoS + local ACC ≤ no DDoS