Download Creation of anti DDOS network in Moldova

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
Document related concepts

Net bias wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Distributed firewall wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Computer network wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Network tap wikipedia , lookup

Airborne Networking wikipedia , lookup

Peer-to-peer wikipedia , lookup

Transcript 
Alexandr Golubev
(E-mail: [email protected])
RENAM Association
www.cert.md
www.renam.md
1
Creation of anti DDOS network in Moldova
Advantages and disadvantages of creating an antiDDOS
Network.
• Overlay Network is the most powerful measure for defending
against DDOS
•90% of territory of Moldova is covered by Internet
•Most servers and web services are hosted in the capital
•Moldova is a small country with a high speed national intranet
Creation of anti DDOS network in Moldova
There are a number of measures how Internet providers
are trying to defend against DDOS:
• Blackhole rerouting – redirecting bot requests to an
unexciting ip address.
•Filtering and blocking by some conditions (for example
using CAPTCHA «Completely Automated Public
Turing test to tell Computers and Humans Apart»)
• Direct measures against the source of attacks. Such as
blocking IP by country filter or using help from exiting
CERT.
Creation of anti DDOS network in Moldova
Standard measures against DDoS attacks for an
internet provider
•
Arbor Networks
•
Cisco Systems, Inc.
•
CloudShield Technologies
•
Narus, Inc
Creation of anti DDOS network in Moldova
Overlay Network – as a measure for defending against
DDoS
•
Overlay network is a global solution for solve DDOS
problem for a big network, that allows to redirect and
process an request of an legacy user in case if one of the
nodes of overlay network is busy. Main idea of using
overlay network as a measure for defending against
botnets is to use the same tactics like is using by
hackers.
Creation of anti DDOS network in Moldova
Overlay Network
Creation of anti DDOS network in Moldova
Algorithm for defining an legacy User
Creation of anti DDOS network in Moldova
Test Results
For test we used server where is hosted WebSite of medical
Emergency (903) of Chisinau
•
ASP.NET
•
SQL Microsoft Sever 2008
•
Windows 2003
•
WEB SERVER IIS 6
•
Intel Xenon 1.8 hz
•
1 Gb of RAM
Creation of anti DDOS network in Moldova
Test Results
•
Web site can serve about 1500 requests per
minute.
•
Minimal price for DDOS attack is about 50$ for
1000 bots per minute.
•
Every bot can generate 3 request per second
•
It means that server must be able to serve 181500
requests per minute
Creation of anti DDOS network in Moldova
Test Results
After these results we integrated a CAPTCHA for this
web site. And test result were following:
•
5858 request per minute for this website
•
It means that we need have about 30 nodes in our
overlay network for cover this DDOS attack.
Creation of anti DDOS network in Moldova
Test Results
Integration of black lists and filtering methods:
•
There is a request from one location(IP) more that 100
requests per minute
•
CAPTCHA is filled with error for 10 times during 1
minute
•
Entities in black list expire in 24 hours
After these modifications we recalculated number of
nodes:
~3-5 nodes for this type of attacks.
Creation of anti DDOS network in Moldova
•
Main advantages of using of such overlay network:
- Users can access every overlay node even one of
the nodes is under attack.
-Every node have possibility to identify legacy
users
- request of the user that passed the CAPTHCA are
processed as secured.
- There are possibility to increase number of nodes
in your network.
- One overlay network can offered defense against
DDOS for many nodes.
Creation of anti DDOS network in Moldova
•
This module can be used as for commercial
purposes and for governmental national level.
•
Information about black lists can be distributed for
other security networks, that will help with fighting
against botnets.
•
Overlay network can be based also on such
systems like PlanetLab and GRID.
•
Nodes of the Overlay Network can be distributed
by the region, but taking under consideration
saving usability of web resources it is logicaly that
the internet connection speed may be the same for
all nodes.
Related documents
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS)
Seven Years of Anti-Spoofing
Seven Years of Anti-Spoofing
Andrew Knotts` presentation on Distributed DOS attacks
Andrew Knotts` presentation on Distributed DOS attacks
Moldova - Southsouthworld.org
Moldova - Southsouthworld.org
On behalf of the Organizing Committee, we are pleased to invite you
On behalf of the Organizing Committee, we are pleased to invite you
Countering Dos Attacks with Stateless Multipath Overlays
Countering Dos Attacks with Stateless Multipath Overlays
Autonomic Response to Distributed Denial of Service Attacks
Autonomic Response to Distributed Denial of Service Attacks
Service Function Chaining Problem Statement draft-ietf-sfc
Service Function Chaining Problem Statement draft-ietf-sfc
DDoS Breakout Session Presentation [14 slides
DDoS Breakout Session Presentation [14 slides