IN THE NETHERLANDS, EUROPE, AND BEYOND(SNORT, SURICATA, BRO, IPTABLES, EBPF, BGP FLOWSPEC, …)...
Transcript of IN THE NETHERLANDS, EUROPE, AND BEYOND(SNORT, SURICATA, BRO, IPTABLES, EBPF, BGP FLOWSPEC, …)...
SOLVING DDOS ATTACKS FACILITATING BRIDGING SOLUTIONS AND STAKEHOLDERS
DDOS CLEARING HOUSEIN THE NETHERLANDS
2019-05-21
, EUROPE, AND BEYOND
SOLVING DDOS ATTACKSKoen van Hove
Researcher at the University of Twente
THE PROBLEM AND OUR IDEA
https://www.bus
iness.c
om/categ
ories/be
st-ddo
s-protec
tion-services/
https://scho
lar.g
oogle.nl/sch
olar?h
l=en
&as_sdt=0
%2C
5&q=
ddos
+atta
ck&btnG
=
?
WHY DOES DDOS STILL
EXIST?
??? ? ?? ?
SOLVING DDOS
ATTACKS
SOLVING DDOS
ATTACKS
ACADEMIADDOS
PROTECTIONPROVIDERS
DDOSPROTECTIONPROVIDERS
VICTIMSNETWORK
OPERATORS+
CERT/CSIRTACADEMIA
LAWENFORCEMENT
AGENCIES
DDOS CLEARING HOUSE
DDOS CLEARING HOUSE
NETWORK MEASUREMENT (PCAP, NET FLOW, IPFIX, SFLOW, LOGS, …)DDOS_DISSECTORINPUT: NETWORK MEASUREMENTOUTPUT: DDOS FINGERPRINT (+*NOTES)
FILTERED & ANONYMIZED NETWORK MEASUREMENTSDDOS_FINGERPRINT_CONVERTERSINPUT: DDOS FINGERPRINTOUTPUT: RULE/SIGNATURE FOR SPECIFIC HW/SW SOLUTION(S)(SNORT, SURICATA, BRO, IPTABLES, EBPF, BGP FLOWSPEC, …)DDOSDBSTORE, ENRICH, AND DISTRIBUTE DDOS ATTACK RELATED INFO
DDOSPROTECTIONPROVIDERS
VICTIMSNETWORK
OPERATORS+
CERT/CSIRTACADEMIA
LAWENFORCEMENT
AGENCIES
DDOSPROTECTIONPROVIDERS
VICTIMSNETWORK
OPERATORS+
CERT/CSIRTACADEMIA
LAWENFORCEMENT
AGENCIES
DDOSPROTECTIONPROVIDERS
VICTIMSNETWORK
OPERATORS+
CERT/CSIRTACADEMIA
LAWENFORCEMENT
AGENCIES
DDOSPROTECTIONPROVIDERS
VICTIMSNETWORK
OPERATORS+
CERT/CSIRTACADEMIA
LAWENFORCEMENT
AGENCIES
DDOSPROTECTIONPROVIDERS
VICTIMSNETWORK
OPERATORS+
CERT/CSIRTACADEMIA
LAWENFORCEMENT
AGENCIES
ONE EXTRA ELEMENT…
DDOS OPEN THREAT SIGNALING (DOTS) [IETF]
DDOS OPEN THREAT SIGNALING (DOTS) [IETF]
DEMO:USING THE DDOS DISSECTOR
DEMO:QUERYING DDOSDB
[THE CURRENT]DEPLOYMENT & GOVERNANCE
TIMELIME
2019
2018
?2017
https://github.com/ddos-clearing-house https://ddosdb.ORG https://ddosdb.NL
CHALLENGES & FUTURE DIRECTIONS
.org .nl
.org.nl.it
BACKUP SLIDES
NETWORK MEASUREMENT (PCAP, NET FLOW, IPFIX, SFLOW, LOGS, …)DDOS_DISSECTORINPUT: NETWORK MEASUREMENTOUTPUT: DDOS FINGERPRINT (+*NOTES)
FILTERED AND ANONYMIZED NETW. MEASU.DDOS_FINGERPRINT_CONVERTERSINPUT: DDOS FINGERPRINTOUTPUT: RULE/SIGNATURE FOR SPECIFIC HW/SW SOLUTION(S)(SNORT, SURICATA, BRO, IPTABLES, EBPF, BGP FLOWSPEC, …)DDOSDBSTORE, ENRICH, AND DISTRIBUTE DDOS ATTACK RELATED INFO
SOLVING DDOS ATTACKS FACILITATING BRIDGING SOLUTIONS AND STAKEHOLDERS
DDOS CLEARING HOUSEIN THE NETHERLANDS, EUROPE, AND BEYOND
3/03/2019
https://www.zdn
et.com
/article/the-av
erag
e-dd
os-atta
ck-cos
t-for-bus
inesses-ris
es-to
-ove
r
WHAT IS THE AVERAGE ECONOMIC LOSS PER DDOS ATTACK?A. $25.000 C. $2.500.000
D. $25.000.000B. $250.000