ebook img

Yuri Gushin & Alex Behar PDF

46 Pages·2011·7.03 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Yuri Gushin & Alex Behar

Yuri  Gushin  &  Alex  Behar Ø Introduction   Ø DoS  Attacks  –  overview  &  evolution     Ø DoS  Protection  Technology   Ø Operational  mode   Ø Detection   Ø Mitigation   Ø Performance   Ø Wikileaks  (LOIC)  attack  tool  analysis     Ø Roboo  release  &  live  demonstration   Ø Summary l ab s Newton’s  Third  Law  (of  Denial  of  Service)   For  every  action,  there  is  an  equal  and  opposite  reaction.       ¡  Research  and  mitigate  DoS  attacks       ¡  Core  founders  of  the  Radware  ERT   ¡  In  charge  of  Radware’s  strategic  security  customers  around   EMEA  and  the  Americas ¡  Goal  –  exhaust  target  resources  to  a  point  where   service  is  interrupted       ¡  Common  motives   §  Hacktivism   §  Extortion   §  Rivalry       ¡  Most  big  attacks  succeed! Scoping  the  threat  –  main  targets  at  risk ¡    Ø On-­‐line  businesses,  converting  uptime  to  revenue     Ø Cloud  subscribers,  paying  per-­‐use  for  bandwidth  utilization ¡  Layer  3  -­‐  muscle-­‐based  attacks   §  Flood  of  TCP/UDP/ICMP/IGMP  packets,  overloading  infrastructure  due   to  high  rate  processing/discarding  of  packets  and  filling  up  the  packet   queues,  or  saturating  pipes   §  Introduce  a  packet  workload  most  gear  isn't  designed  for   §  Example  -­‐  UDP  flood  to  non-­‐listening  port   I’m  hit!   I’m  hit!   I’m  hit!   CPU   CPU   CPU   overloaded   overloaded   overloaded   UDP  to  port  80   Internet Access Firewall IPS Switch DMZ Router ¡  Layer  4  –  slightly  more  sophisticated   §  DoS  attacks  consuming  extra  memory,  CPU  cycles,  and  triggering   responses   Ø  TCP  SYN  flood     Ø  TCP  new  connections  flood   Ø  TCP  concurrent  connections  exhaustion   Ø  TCP/UDP  garbage  data  flood  to  listening  services  (ala  LOIC)   I’m  hit!   SYN  queue  is  full,   §  Example  –  SYN  flood   dropping  new   connections   SYN   Internet Access Firewall IPS Switch DMZ Router SYN+ACK ¡  Layer  7  –  the  culmination  of  evil!   §  DoS  attacks  abusing  application-­‐server  memory  and  performance   limitations  –  masquerading  as  legitimate  transactions   Ø  HTTP  page  flood   Ø  HTTP  bandwidth  consumption   Ø  DNS  query  flood   Ø  SIP  INVITE  flood   Ø  Low  rate,  high  impact  attacks  -­‐  e.g.  Slowloris,  HTTP  POST  DoS   I’m  hit!   HTTP  requests/second  at   the  maximum   HTTP:  GET  /   Internet Access Firewall IPS Switch DMZ Router HTTP:  503  ServiHceT  UTPn:a  2v0a0ila  ObKle

Description:
Abnormal rate of SYN packets. Rate dimension. Y-axis. X-axis. Z-axis. A tta ck D egree a xis . Integrates with Nginx web server and reverse proxy.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.