DDoS 101: Attack Types and Mitigation
Download as PPTX, PDF2 likes2,930 views
Cloudflare, launched in 2010 with around 500 employees and a global footprint of 120 data centers, handles 10% of internet traffic and processes approximately 1.2 million DNS queries per second. DDoS attacks targeting their customers are evolving and can be mitigated through various strategies, including DNS flood protections and rate limiting. The document also highlights the company's performance, security features, and contact information for their regional sales and account management teams in Australia/New Zealand.
DDoS 101: Attack Types and Mitigation
- 1. DDoS 101: Attack types and mitigations
- 2. • Launched: 2010 • Offices: 8 (San Francisco, Austin, London, Champaign, IL, Boston, Singapore, Washington, D.C., New York) • Employees: Approximately 500 • Data centres: 120 in 58 countries • Domains: 7 million+; 15,000+ new domains sign up for Cloudflare daily • Percent of Internet (HTTP/S) requests flowing through our network each month: 10 percent • DNS queries: We consistently do around 1.2 million DNS queries per second. That's around 103.68 billion queries per day, and 3.11 trillion queries a month. About us
- 3. Contacts David Fenton Regional Sales Manager Australia / New Zealand Mobile: +61 (0) 413 438 412 Email: dfenton@cloudflare.com Manu Sharma Account Manager Australia / New Zealand Mobile: + 61 (0) 422 953 979 Email: manu@cloudflare.com Naveen Singh Solutions Engineer Australia / New Zealand Mobile: +61 (0) 416 428 925 Email: naveen@cloudflare.com
- 4. Live Data Center In Progress/Planned 95% of internet users will live in a country with a Cloudflare data center 15 Tbps Capacity and 120 Data Centre Global Footprint ANZ Local PoPs: • Sydney • Brisbane • Melbourne • Perth • Auckland
- 5. DDoS Attacks are evolving in size and complexity
- 6. OSI model
- 7. DDoS attacks per day against Cloudflare customers Graph courtesy of John Graham-Cumming
- 9. Volumetric DNS Flood Bots DNS Server DNS Server Server Amplification (Layer 3 & 4) HTTP Flood (Layer 7) 1 2 Bots 3 Bots Degrades availability and performance of applications, websites, and APIs HTTP Application Application/Login Types of DDoS Attack Traffic
- 10. How to perform a DDoS attack Get a cool costume
- 11. How to stop a DDoS attack Get an even cooler costume
- 12. Mitigations • Volumetric DNS Flood DNS Flood – bad DNS requests are dropped by our large and highly distributed DNS. Cloudflare's anycast DNS will absorb any DNS DDoS attack and keep your DNS up and running all time. • Amplification (Layer 3 & 4) Layer 3,4 and 7 are mitigated through the PoPs Layer 3 is mitigated by IP Reputation database and IP Firewall, for Layer 4 traffic is dropped automatically at the edge node. • HTTP Flood (Layer 7) Layer 7 additional mitigation is provided by the WAF and Rate Limiting. Cloudflare Caching of static assets help offload attack traffic off your origin as well.
- 13. Network Architectures (HTTP Traffic) Unicast • Geo-routing done using DNS • Allows for traffic control but can be bypassed • Handover/failover needs DNS cache to expire From seconds to hours Anycast • Geo-routing done using shortest path to a same IP (generally to the geographically closest PoP / the network operators decide) • Immediate failover • Automatic DDOS attack repartition over all our network
- 14. Attack Mitigation • Data processing services analyse attack patterns • Finding correlations intelligently • Bad bot detection • HTTP headers/IP Data • Services create rules • Rules deployed to the Cloudflare Edge network • Changes measured
- 15. Gatebot!
- 16. ● It’s cheaper than ever to run a DDoS Attack ○ Using Botnets with fast household internet ○ Using breached IoT devices (i.e. security cameras) ● Application (Layer 7) attacks are efficient ○ It costs more resources for a web app to load a page than to make a request ● Presentation (Layer 6) attacks can complement ○ Using slow crypto operations to increase damage The Long Tail of DDoS Attacks
- 17. David Fenton Regional Sales Manager Australia / New Zealand Mobile: +61 (0) 413 438 412 Email: dfenton@cloudflare.com Manu Sharma Account Manager Australia / New Zealand Mobile: + 61 (0) 422 953 979 Email: manu@cloudflare.com Naveen Singh Solutions Engineer Australia / New Zealand Mobile: +61 (0) 416 428 925 Email: naveen@cloudflare.com
Editor's Notes
- #5: Data request from Karl: “60% of visitors on the Cloudflare Network are 10-20ms away from our datacenter”
- #6: DDoS attacks are evolving in size and complexity. 2016 saw 3 attacks over 1 Tbps, one of these was launched at Cloudflare and we successfully protected our clients. 10 days later a similarly sized attack, launched through the mirai botnet brought down a good part of the internet in North America
- #9: We focus on 4 main areas: reliability, performance, security and actionable insights: Built on our global Anycast network, We are the largest and fastest provider of DNS in the world End to End fastest provider of security and performance - from highly performant DNS to SSL to WAF. We give insights into the traffic to your sites and applications, and with that data help you fine tune performance and security To back it up we provide a 100% uptime SLA
- #10: Talk Track: This slide gives examples of the types of DDoS attack. We could dive deeper with the rest of your team and our security team, as well. The important take-away is that these attacks are layered. In other words, a DDoS can attack different parts of your infrastructure. Volumetric DNS Flood: volumetric DNS queries against your DNS servers to make the DNS server unavailable Amplification: using a DNS to amplify requests and overload yours server over UDP HTTP Flood: volumetric HTTP attack to bring down the application All of those attacks impacts availability and performance of of websites, applications and API’s. Questions: This is often a good, in-depth slide to share with broader audience, for example if you have a security or infrastructure team. Would you be interested in that? Which have you experienced in the past, if any? How did you respond to them if you did?