1 / 38

Solving DDoS Attacks in the Netherlands and Beyond

This project aims to address DDoS attacks by bridging solutions and stakeholders in the Netherlands, Europe, and beyond, aiming to provide a clearing house for DDoS-related information. The initiative involves academia, network operators, CERT/CSIRT, law enforcement agencies, and victims to collaborate on combating DDoS attacks effectively. Through tools like DDoS Dissector and DDoSDB, the project enhances network measurement, fingerprint conversion, and attack-related data distribution. It also explores the implementation of DDoS Open Threat Signaling (DOTS) and offers demos showcasing the tools' functionality and effectiveness. Collaboration is key to combating DDoS attacks effectively and mitigating the economic losses associated with such threats.

rkerley
Download Presentation

Solving DDoS Attacks in the Netherlands and Beyond

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Solving DDoS Attacks facilitating bridging solutions and stakeholders in the Netherlands , europe , andbeyond Ddos clearing house 2019-05-21

  2. Solving DDoS Attacks • Koen van Hove • Researcher at the University of Twente

  3. The problem and our idea

  4. https://www.business.com/categories/best-ddos-protection-services/https://www.business.com/categories/best-ddos-protection-services/

  5. https://scholar.google.nl/scholar?hl=en&as_sdt=0%2C5&q=ddos+attack&btnG=https://scholar.google.nl/scholar?hl=en&as_sdt=0%2C5&q=ddos+attack&btnG=

  6. ? ? ? ? ? ? ? ? Why does DDoS stillexist?

  7. Solving DDoS Attacks

  8. Solving DDoS Attacks DDoS protection providers Academia

  9. Network operators + CERT/CSIRT DDoS protection providers Law enforcement agencies Victims Academia

  10. Ddos clearing house

  11. Ddos clearing house

  12. Network Measurement (pcap, net flow, ipfix, sflow, logs, …) • DDoS_Dissector • input: network measurement • Output: DDoS fingerprint (+*NOTES) • filtered & anonymized networkmeasUrements DDoS_Fingerprint_converters input: ddos fingerprint Output: rule/signature for specific hw/sw solution(s) (SNORT, SURICATA, BRO, IPtables, ebpf, bgpflowspec, …) DDoSDB STORE, enrich, and distribute DDoS attack related info

  13. Network operators + CERT/CSIRT DDoS protection providers Law enforcement agencies Victims Academia

  14. Network operators + CERT/CSIRT DDoS protection providers Law enforcement agencies Victims Academia

  15. Network operators + CERT/CSIRT DDoS protection providers Law enforcement agencies Victims Academia

  16. Network operators + CERT/CSIRT DDoS protection providers Law enforcement agencies Victims Academia

  17. Network operators + CERT/CSIRT DDoS protection providers Law enforcement agencies Victims Academia

  18. One extra element…

  19. DDoS Open Threat Signaling (dots) [ietf]

  20. DDoS Open Threat Signaling (dots) [ietf]

  21. Demo: Using the ddos dissector

  22. Demo: Querying ddosdb

  23. [the current] deployment & governance

  24. ? Timelime 2019 2018 2017

  25. https://github.com/ddos-clearing-house https://ddosdb.ORG https://ddosdb.NL

  26. challenges & future directions

  27. .nl .org

  28. .org .nl .it

  29. Solving DDoS Attacks • Koen van Hove • Researcher at the University of Twente Questions? • koen@ddosdb.org

  30. BACKUP SLIDES

  31. Network Measurement (pcap, net flow, ipfix, sflow, logs, …) • DDoS_Dissector • input: network measurement • Output: DDoS fingerprint (+*NOTES) • filtered and anonymized netw. measU. DDoS_Fingerprint_converters input: ddos fingerprint Output: rule/signature for specific hw/sw solution(s) (SNORT, SURICATA, BRO, IPtables, ebpf, bgp flowspec, …) DDoSDB STORE, enrich, and distribute DDoS attack related info

  32. Solving DDoS Attacks facilitating bridging solutions and stakeholders in the Netherlands, Europe, and Beyond Ddos clearing house 3/03/2019

  33. WHAT IS THE AVERAGE ECONOMIC LOSS PER DDOS ATTACK? A. $25.000 C. $2.500.000 https://www.zdnet.com/article/the-average-ddos-attack-cost-for-businesses-rises-to-over-2-5m/ B. $250.000 D. $25.000.000

More Related