ddos - fod€¦ · ddos by type of network nrens interconnects gÉant 81 183 641 509 143 1,877...
TRANSCRIPT
![Page 1: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/1.jpg)
Networks·Services·Peoplewww.geant.org
GEANTInforma.on&InfrastructureSecurityTeam
CEEPeeringDays
DDoSMi:ga:onToolDDoS-FoD
Budapest,March30th2016
EvangelosSpatharas
![Page 2: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/2.jpg)
Networks·Services·Peoplewww.geant.org 2
WhoisGÉANT?
![Page 3: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/3.jpg)
Networks·Services·Peoplewww.geant.org
NetworkAAacks
GÉANT
DNS,NTP,SMTPandotheramplifica:onaKacks..
4
55%40%
5%
DDoSbyTypeofNetwork
NRENs
Interconnects
GÉANT
81 183 641 509 143
1,877
4,862 4,723
0
1000
2000
3000
4000
5000
6000
Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19 Oct-19 Nov-19
NoofAAacksperM
onth
April2015-October2015
DDoSAAacksDetected
![Page 4: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/4.jpg)
Networks·Services·Peoplewww.geant.org
GÉANT’sSecurityApproach
Interconnect
Transit
??
7
![Page 5: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/5.jpg)
Networks·Services·Peoplewww.geant.org 5
DefendingGÉANT
![Page 6: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/6.jpg)
Networks·Services·Peoplewww.geant.org 6
DefendingGÉANT
![Page 7: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/7.jpg)
Networks·Services·Peoplewww.geant.org 7
Preventa.veControls-Zones
![Page 8: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/8.jpg)
Networks·Services·Peoplewww.geant.org 8
NumberofVulnerableSystembyOS
• Assetmanagement• AreasofaKen:on• Monthlyscans
Preventa.veControls–Others
Others
• uRPF• Bogons• Spoofing• Etc
![Page 9: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/9.jpg)
Networks·Services·Peoplewww.geant.org 9
Detec.on
![Page 10: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/10.jpg)
Networks·Services·Peoplewww.geant.org 10
NetFlowMonitoring+ADS
FlowMon
• NetFlowv9• 33JuniperMXs• >900Mflowsperday• 1:100samplingrate• Entrypoints• Fan-outforothertools• Notjustanomalydetec:ontool• Alerts• Redundacy?• Manymethods..
![Page 11: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/11.jpg)
Networks·Services·Peoplewww.geant.org 11
NetFlowAlerts+AutomatedTickets=NSHaRP
! Basedoncri:cality! Perclientbasis! Automa:cclosure! MainlyanNRENservice! Dailyreports
![Page 12: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/12.jpg)
Networks·Services·Peoplewww.geant.org 12
Mi.ga.on
![Page 13: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/13.jpg)
Networks·Services·Peoplewww.geant.org 13
Chainarchitecture
• Head"Middle"Tail• Audi:ng• Troubleshoo:ng• Deployment
ACLs–ChainArchitecture
![Page 14: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/14.jpg)
Networks·Services·Peoplewww.geant.org 14
Sta.s.cs
• 6RTBH-eddes:na:ons• ~3billionsofpacketsblocked
Countersreseteveryweek!!
RTBH
Other
• UTRSservice–TeamCYMRU• CogentRTBHservice• Etc.
![Page 15: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/15.jpg)
Networks·Services·Peoplewww.geant.org
fod.geant.netBGPFlowspec-FoD
![Page 16: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/16.jpg)
Networks·Services·Peoplewww.geant.org 16
FoDWEBGUI
![Page 17: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/17.jpg)
Networks·Services·Peoplewww.geant.org 17
FoDDemoTime
DemoTime!
![Page 18: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/18.jpg)
Networks·Services·Peoplewww.geant.org 18
Underthehood–CurrentStatus
IXA
GÈANTInternet
IXB
NRENA
Flowspec
FoD
NSHaRP/other
![Page 19: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/19.jpg)
Networks·Services·Peoplewww.geant.org 19
Upgrade–FuturePlans
IXA
GÈANTInternet
IXB
NRENA
Flowspec
FoD
NSHaRP&RepShield
![Page 20: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/20.jpg)
Networks·Services·Peoplewww.geant.org 20
LessonsLearned
![Page 21: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/21.jpg)
Networks·Services·Peoplewww.geant.org 21
WhatdoYOUthink?
WhatdoYOUthink?
![Page 22: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/22.jpg)
Networks·Services·Peoplewww.geant.org 22
Q&A
![Page 23: DDoS - FoD€¦ · DDoS by Type of Network NRENs Interconnects GÉANT 81 183 641 509 143 1,877 4,862 4,723 0 1000 2000 3000 4000 5000 6000 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19](https://reader033.vdocuments.net/reader033/viewer/2022042204/5ea631983446c575ae6dc8e3/html5/thumbnails/23.jpg)
Networks·Services·Peoplewww.geant.org
Thankyou
Networks·Services·Peoplewww.geant.org
23
GEANTInforma:on&InfrastructureSecurityTeam