1 / 10

Pushback: Remedy for DDoS attack

Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack. Introduction . DDoS attacks – Disturbance to the global internet. How do DDoS attacks occur? Congestion could be caused by flash crowds too. Non malicious

wei
Download Presentation

Pushback: Remedy for DDoS attack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack

  2. Introduction • DDoS attacks – Disturbance to the global internet. • How do DDoS attacks occur? • Congestion could be caused by flash crowds too. • Non malicious • www.Olympics.com during 2000 Sydney Olympics. • Victim can do nothing to protect itself. • Can anything be done inside the network to defend?

  3. What is Pushback? • Pushback - Defense against DDoS. • A mechanism that allows a router to request adjacent upstream routers to limit the rate of traffic. • Concept - Aggregate congestion control (ACC). • Aggregate - Subset of traffic with identifiable property. • Congestion Signature - Set of properties of the aggregate identified as causing problems.

  4. DDoS attack in progress R1 R2 R3 R4 R5 R6 R7 R8 Red - Bad traffic Green - Good traffic D

  5. Partial view of a router Input Queues Match congestion Signature ? Output Queues N D Y Rate Limiter P Update Congestion signature Adjust Local ACC D Pushbackd pushback

  6. Dropped Packet Report • Is sent by the rate-limiter to the Pushback daemon. Magic Number IP Destination address Input interface Output interface Timestamp Packet size Reason

  7. How does the Pushback daemon identify an attack and the victim? • Algorithm • Step1:If(wi > 1.2 * wo)then attack is in progress. • Step2: Dropped packets are grouped according to the longest matching prefix in the routing table. • Step3: The prefix with the highest number of dropped packets is the set to be used in step4. • Step4: The set in step3 is scanned to find the host to which most of the packets are destined to. • Step5:If(wi –wb > 1.2 *wo)then repeat steps 2 to 5.

  8. Pushback Request • The Pushback daemon uses a pushback request to tell the upstream links about the prefix to rate-limit. • Pushback request is as shown below. Congestion Signature Bandwidth Limit Expiration time RLS-ID Depth of Requesting Node

  9. Pushback Response • Sends responses downstream. • The response is very similar to request as shown here. Congestion Signature Bandwidth Used Time in effect RLS-ID Depth of Requesting Node

  10. Conclusion • Conclusion • Successfully implemented in the lab under FreeBSD operating system. • Deployment becomes complex as it requires lot of resources. • Any Questions?

More Related