Scribd
Upload
163 views37 pages

Cloudfale Ddos

This document discusses distributed denial of service (DDoS) attacks. It begins by defining a DDoS attack as one coming from many locations that overwhelms resources and prevents serving legitimate customers. It then discusses different types of attacks including volumetric, protocol, and application attacks. The document provides a real-world example of a DDoS attack in March 2019 that peaked at over 300Gbps. It explains how amplification attacks work by exploiting open DNS and NTP servers to multiply the size of the attacks. The key ingredients for DDoS attacks are networks that allow source IP spoofing and servers that respond to non-customers. It notes that anycast routing can help mitigate large DDoS attacks by distributing the traffic load

Uploaded by

Boolaaone
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
163 views37 pages

Cloudfale Ddos

This document discusses distributed denial of service (DDoS) attacks. It begins by defining a DDoS attack as one coming from many locations that overwhelms resources and prevents serving legitimate customers. It then discusses different types of attacks including volumetric, protocol, and application attacks. The document provides a real-world example of a DDoS attack in March 2019 that peaked at over 300Gbps. It explains how amplification attacks work by exploiting open DNS and NTP servers to multiply the size of the attacks. The key ingredients for DDoS attacks are networks that allow source IP spoofing and servers that respond to non-customers. It notes that anycast routing can help mitigate large DDoS attacks by distributing the traffic load

Uploaded by

Boolaaone
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 37

Trey Guinn

Solution Engineer, CloudFlare


www.cloudare.com
DDoS 101
Distributed Denial of Service

An attack coming from all many locations
which overwhelms your resources and
prevents you from serving legitimate
customers.
Fake Pizza Orders
Variety of Attacks
Volumetric
Protocol Attacks
Application Attacks
Real Life Example
Wednesday, March 20
~75Gbps attack
100Gbps
Magic ceiling in DDoS attacks
March 24 March 25
Peaks of the attack reached at least 309Gbps
dig ANY isc.org @63.217.84.76
+edns=0 +notcp +bufsize=4096
64-byte query
$ dig ANY isc.org @63.217.84.76 +edns=0 +notcp +bufsize=4096

3,363-byte
response
Amplication
50x
Amplication factor
Attack Amplication

DNS - 50 x
NTP - 200x
Coming: SNMP - 650x
UDP = no handshake
Problem Ingredients:
Networks that allows
source IP spoong
+
Servers that reply to
non-customers
Good networks dont let
packets originate from IPs
they dont own (BCP38)
Not all networks are good
How common are
these ingredients?
28 million open resolvers
24.6% networks allow spoong
10s of Millions
Open NTP DNS servers
1 attackers laptop controlling
57 compromised servers on
3 networks that allowed spoong of
9Gbps DNS requests to
0.1% of open resolvers resulted in
300Gbps+ of DDoS attack trafc.

+
+
+
+
How did we stop it?
Anycast
Inherently dilutes
the attack
300Gbps
25 Anycasted PoPs
12 Gbps/PoP

Make sure youre not part


of the problem
Are you running open DNS resolvers?
Are you running open NTP servers?
Implement BCP38 (uRPF)
Trey Guinn
Solution Engineer
www.cloudare.com

You might also like