Upload File

very large-scale edge ddos protection · • traditional scrubbing/rtbh protection is inadequate...

  • Home
  • Documents
  • Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core
16
1 © Corero 2019 www.corero.com 1 © Corero 2019 www.corero.com Very Large-Scale Edge DDoS Protection Sean Newman Director Product Management

Upload: others

Post on 25-May-2020

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

1 ©Corero2019www.corero.com 1 ©Corero2019www.corero.com

VeryLarge-ScaleEdgeDDoSProtection

SeanNewmanDirectorProductManagement

Page 2: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

2 ©Corero2019www.corero.com

Memcached GitHub

1.35-1.7Tbps

500 Gbps Hong Kong attack France swarmed after terror attack PlayStation & Xbox hit at Christmas

Mirai Botnet OVH / Krebs / DYN 600 Gbps -> 1Tbps

Rio Olympics 540 Gbps

Spamhaus attack: Reported to reach

310 Gbps

2013 2005 2007 2009 2011 2015 2016

First Hacktivists: Zapatista National

Liberation Army

DoS for Notoriety

Spammers discover botnets

Estonia: Parliament, banks,

media, Estonia Reform Party

1993

Anon hits Church of Scientology

Coordinated US bank attacks:

Grew to 200 Gbps, and continue today

ProtonMail attack

2017

IsDDoSStillontheincrease?

… 2018

Reaper Botnet 2M Devices

2019??

Page 3: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

3 ©Corero2019www.corero.com

•  HighBandwidth–  memcachedexceeds1Tbps,routinely>100Gbps

•  Botnets–  Mirai(anditsmanyknownvariants)–  IoT(100sofMillionsofeasytorecruitdevices)

•  Multivector–  10+vectors,Additive+Variation+Spray/Subnet

•  Booter/StresserServices–  the“10minute”attackandpulsedattacks

DDoSEvolutionin2018

Page 4: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

4 ©Corero2019www.corero.com

FrequentDDoSTrendContinues…

CoreroH12018TrendReport:https://www.corero.com/resources/reports/h1-ddos-trends-report/

77% 94%740%

Page 5: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

5 ©Corero2019www.corero.com

SP SPSP

DDoSattacksarrivingfromtransit/peering

DDoSvictims

ingressfromtransit/peering

egresstosubscribers

ServiceProvider

DDoSvictims

Goodtrafficdestinedforsubscribers

NetflowDetect

(out-of-band)

SP/TelcoDDoSScrubbingProtection

Page 6: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

6 ©Corero2019www.corero.com

SP SPSP

DDoSattacksarrivingfromtransit/peering

Goodtraffictunneledtoedgeorcust

ingressfromtransit/peering

egresstosubscribers

ServiceProvider

Goodtraffictunneledtoedgeorcust

BGPredirect

ScrubbingCapacity

(<10%edgecapacity)

NetflowDetect

(out-of-band)

note:SomeProviderswillhavemultiplescrubbingcentersforGeos,redundancy,backhaulreasons.

SP/TelcoDDoSScrubbingRedirect

Goodtrafficdestinedforsubscribers

Page 7: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

7 ©Corero2019www.corero.com

SP SPSP

LargeDDoSattackfrom

transit/peering

CustomerofflineforattackDuration

ingressfromtransit/peering

egresstosubscribers

ServiceProvider

CustomerofflineforattackDuration

BGPRTBH

ScrubbingCapacity

(<10%edgecapacity)

NetflowDetect

(out-of-band)

note:SomeProviderswillhavemultiplescrubbingcentersforGeos,redundancy,backhaulreasons.

SP/TelcoLargeDDoSAttackBlackhole

Goodtrafficblockedbyblackhole

Page 8: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

8 ©Corero2019www.corero.com

ScrubbingApproachIncreasinglyChallenged

SizeofAttack

Attacks

ScrubbingZone

NumberofAttacks

BlackholeZone

PartialProtection(needstobe>10%)

ProviderRTBHMitigationManualinstantiationofblackholeswith

targetofflinefordurationofattack

ProviderEdgeCapacity100sofGbpstomultipleTerabits/sec

ProviderScrubbingCapacityMoreattacksmitigatedwithBlackholeScrubbingcapacityneedstoincrease

Page 9: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

9 ©Corero2019www.corero.com

FlowMonitoring–  Aggregationdelay–  Attackoverload–  Headeronly

BGP/RTBH/FlowSpec–  BGPpropagation–  Headeronly–  Limitedvisibility

SampledMirror§  Immediateforwarding§  Scaleswithattack§  Headerandpayload

ACLFilters§  Rapidconfiguration§  Headerandpayload§  Streamingtelemetry

ScrubbingRedirectChallenges

Page 10: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

10 ©Corero2019www.corero.com

–  Monitor

–  Inspect–  Detect–  Report/Signal

–  Mitigate

NOC/SOC

SampledMirror(tuple+payload)

FilterGeneration(tuple+payload)

NetworkEdge

IngressTraffic EgressTraffic

SampledMirror(1:N)

DynamicFilter(tuple+payload)

StreamingTelemetry

Seconds

Detection Mitigation

NewOpportunityforEdgeMitigation

Page 11: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

11 ©Corero2019www.corero.com

FullEdgeCapacityMitigation

SizeofAttack

ProviderEdgeMitigationLeveragereal-timedataandanalytics

todeliverintelligentautomation

ProviderEdgeCapacity100sofGbpstomultipleTerabits/sec<1%ofattacksneedtobeblackholed

ProviderScrubbingCapacity>90%attacksmitigatedatProviderEdge

<10%redirectedtoscrubbing ScrubbingZone

NumberofAttacks

ProviderEdgeMitigation

Zone

BlackholeZone

ScalestoTensofTerabitsofDDoSProtection

100%EdgeProtection

Attacks

Page 12: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

12 ©Corero2019www.corero.com

SP SPSP

DDoSAttacksarrivingfromtransit/peering

Goodtraffictoedgeorcustomer

ingressfromtransit/peering

egresstosubscribers

ServiceProvider

Goodtraffictoedgeorcustomer

Internet

ProviderEdgeDDoSProtection

NETCONF

Page 13: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

13 ©Corero2019www.corero.com

•  MatchingFirewall-typeruleswithdefinedactions:

•  Filtersenteredmanually,orprogrammaticallyvianetconfAPI

•  UniqueIDforeachfilterprovidesstatisticsviaremotetelemetry

ExampleEdgeFilteringwithJuniperMX

Page 14: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

14 ©Corero2019www.corero.com

•  DDoSasawholestillontheIncrease–  AttackMethods/VectorsmoreSophisticated–  Emergingtrendforincreaseinproportionoflargerattacks

•  TraditionalScrubbing/RTBHProtectionisinadequate–  Typicallytooslowtoreacttoavoiddamage,orcompletesattack–  WastescorenetworkbandwidthbackhaulingjunkDDoStraffic

•  NewOpportunityforProtectiononNetworkEdgeDevices–  Leveragebuilt-inpoweroflatestinfrastructuredevices–  Noneedtoinsertnewdevicesateveryingresspoint–  Deliveralways-onprotectionatedgecapacityuptounprecedentedscale–  Canoperateasanoverlaytoexistingscrubbingcenters–  DeployfiltersautomaticallyfromDDoSprotectionsolution

Summary

Page 15: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

15 ©Corero2019www.corero.com 15 ©Corero2019www.corero.com

Questions?

Page 16: Very Large-Scale Edge DDoS Protection · • Traditional Scrubbing/RTBH Protection is inadequate – Typically too slow to react to avoid damage, or completes attack – Wastes core

16 ©Corero2019www.corero.com 16 ©Corero2019www.corero.com

ThankYou!


Guide to Air Scrubbing

YOUR FIRST ONLINE ORDER* - Galgorm Group · 2015. 4. 9. · New Starts or Refurbishments ... Blue Cleaner Wet medium duty scrubbing Green Scrubbing Wet heavy duty scrubbing Brown

Wet Air Scrubbing Wet Air Scrubbing

Gowning, gloving and scrubbing

Gas Scrubbing Lecture

Scrubbing and gowning

Protect the Internet Pipe with Radware’s Cloud Scrubbing Service … ·  · 2015-11-18Protect the Internet Pipe with Radware’s Cloud Scrubbing Service Radware’s cloud scrubbing

gas scrubbing and absorption

SEPTA IS STILL SCRUBBING DOWN

Welcome - Irish Prison Service · Floor Scrubbing - Part B. Using the Scrubbing Machine 36 Water Extraction 38 Floor Scrubbing - Using A Walk Behind Scrubber Dryer 39 Floor Stripping

SUPER STITCH SCRUBBING WET MOP

P103e Gas Scrubbing Plants

Amine Scrubbing for CO2 Capture

COMBINATION FILTRATION FOR REMOVING DIVALENT SALTS … · •Amine Filtration for SO 2 Scrubbing •Amine Filtration for CO 2 Scrubbing •Water Scrubbing-Downstream of Clarifiers

Scrubbing , Gowning, Gloving and Draping

Cansolv_Technologies SO2 Scrubbing System

Scrubbing pdf

Nitrosamine Formation in Amine Scrubbing

DMT Making Pressurized Water Scrubbing

water scrubbing based biogas enrichment technology by iit ...web.iitd.ac.in/~vkvijay/water scrubbing based biogas enrichment... · WATER SCRUBBING BASED BIOGAS ENRICHMENT TECHNOLOGY

LHC Scrubbing Runs

serie RTBH serie ITBH serie QTBH - motoreselectricos.eu · Equipos Aire-Agua con Ventilador Centrífugo y Grupo Hidráulico Noticia Técnica Nº 6300 E 2004 / 07 serie RTBH Equipos

Scrubbing Gowning

PROFESSIONAL SCRUBBING MACHINES

Scrubbing Mechanism for Heterogeneous Applications in ...€¦ · Scrubbing has been proposed as a mechanism to repair faults in configuration memory. However, the current scrubbing

#Biogas Scrubbing

Electron cloud and scrubbing

Gas Scrubbing

Pamphlet 89 Chlorine Scrubbing Systems

Cooperative Cache Scrubbing

DefenseFlow: The SDN Application that Programs Networks for … › sdn-apps › Whitepaper_DefenseFl… · Legacy DDoS protection solutions that make use of scrubbing centers are

Chlorine Safety Scrubbing Systems

Exotic Bunch spacing for scrubbing

DUST COLLECTORS GAS NEUTRALIZATION AIR …DUST COLLECTORS: all wet scrubbing system GAS NEUTRALIZATION SYSTEMS: all dry scrubbing system SCR COOLING AND HEAT EXCHANGERS: semi-dry scrubbing

Scrubbing Your AJAX