SlideShare a Scribd company logo

DDoS 2017-18 review

Download as PPTX, PDF
Jisc
Jisc

A presentation from the Jisc security conference 2018 by Lee Harrigan-Green

Technology
1 of 34
DDoS 2017/18 review Lee Harrigan-Green Chief security architect
DDoS 2018/17 review 2 What to expect 1. DDoS by numbers! 2. Changing DDoS threat landscape and War stories 3. New DDoS protection services
DDoS attacks over the last year Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct 2016/17 2017/18 DDoS 2018/17 review 3
DDoS attacks over the last year Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct 2016/17 2017/18 DDoS 2018/17 review 4
DDoS attacks by traffic volume (Gbps) Under 1 Gbps 1-5 Gbps 5-10 Gbps 10-15 Gbps 15-20 Gbps 20-30 Gbps 30-40 Gbps Above 40 Gbps 2016/17 2017/18 DDoS 2018/17 review 5
DDoS attacks by packet rates (PPS) 0-125K 125K-250K 250K-500K 500K-750K 750K-1M 1M-1.5M 1.5M-2M 2M-3M 3M-4M 4M-5M > 5M 2016/17 2017/18 DDoS 2018/17 review 6
DDoS attacks by time of day12AM 1AM 2AM 3AM 4AM 5AM 6AM 7AM 8AM 9AM 10AM 11AM 12PM 1PM 2PM 3PM 4PM 5PM 6PM 7PM 8PM 9PM 10PM 11PM 2016/17 2017/18 DDoS 2018/17 review 7
DDoS attacks by sector FE HEI School or Council Science & Research Other 2016/17 2017/18 DDoS 2018/17 review 8
Sector breakdown over the last year Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks FE HEI School or Council Other Science & Research DDoS 2018/17 review 9
Sector breakdown over the last year Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks FE HEI School or Council Other Science & Research DDoS 2018/17 review 10
The changing DDoS threat landscape DDoS 2018/17 review 11
Attack vector breakdown Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP DDoS 2018/17 review 12
Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (Memcached) 13 Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP DDoS 2018/17 review
Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (DNS Amplification) DDoS 2018/17 review 14
Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (DNS Amplification) DDoS 2018/17 review 15
Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (CLDAP) DDoS 2018/17 review 16
Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (CLDAP) DDoS 2018/17 review 17
Internet Internet Direct Peering DDoS 2018/17 review 18 Janet
Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (TCP SYN) DDoS 2018/17 review 19
Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (TCP SYN) DDoS 2018/17 review 20
Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (TCP SYN/ACK Amplification) DDoS 2018/17 review 21
Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (TCP SYN) DDoS 2018/17 review 22
Cybersecurity portal and enhanced DDoS services DDoS 2018/17 review 23
Enhanced DDoS Service (Cyber security portal) • Real-time information on any alerts, attacks and mitigations. • Network-wide perspective on the frequency and impact of alerts. • Regular DDoS reporting (PDF via email) • Download a sample of attack traffic (In development) cybersecurity.jisc.ac.uk DDoS 2018/17 review 24
DDoS 2018/17 review 25
Enhanced DDoS service (Response time) DDoS 2018/17 review 26 Foundation mitigation Protecting your network connection. Mitigation is manually applied by security analysts. Mon-Fri 9am – midnight. Sat/Sun 9am – 5pm. Fast Automated mitigation. High level threat alerts trigger rerouting and mitigation within 4 minutes. Service available 24/7. Instant Permanent mitigation. All traffic is permanently routed via mitigation ensuring no mitigation delay in the event of an attack. Service available 24/7.
Response speed – Fast DDoS 2018/17 review 27 Time Mbps Total Traffic Filtered Traffic Passed Traffic Attack Launched Automatic response ~4 mins
Response speed – Instant DDoS 2018/17 review 28 Time Mbps Attack Launched Total Traffic Filtered Traffic Passed Traffic
Enhanced DDoS service (Customisation) DDoS 2018/17 review 29 Foundation mitigation Protecting your network connection. Mitigation is manually applied by security analysts. Mon-Fri 9am – midnight. Sat/Sun 9am – 5pm. Pre- configured Choose from one of a selection of pre-configured service profiles. Alert triggers and mitigation responses are designed by Jisc security analysts to be suitable for many services. Bespoke With the help of a security analyst adjust parameters of an alert or mitigation in order to create a bespoke mitigation to protect your unique services. Advanced reporting via the portal.
Enhanced DDoS service (Pre-configured profiles) DDoS 2018/17 review 30
Enhanced DDoS service (Order process) DDoS 2018/17 review 31 Assessment call Proposal and quotation Acceptance/order Implementation call Implement mitigation
Enhanced DDoS service (Assessment call) DDoS 2018/17 review 32 The mandatory assessment call is essential for us to understand your concerns, performance requirements, technical configurations and work through all the options to offer the most economic and appropriate solution. ???
If testing or “go-live” isn’t feasible during normal working hours we can arrange an out-of-hours test and switch on.* *There is a £500 charge for this service Enhanced DDoS service (Implementation call) During the implementation call we configure the system using the details you’ve gathered. We recommend testing the mitigation system during this process to ensure the configuration is performing correctly. DDoS 2018/17 review 33
Get in touch… Except where otherwise noted, this work is licensed under CC-BY Lee Harrigan-Green chief security architect Lee.Harrrigan-Green@jisc.ac.uk Enhanced DDoS enquiries securityservices@jisc.ac.uk

Recommended

(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...Amazon Web Services
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsAPNIC
 
MNSEC 2018 - Evolving DDoS Threat Landscape
MNSEC 2018 - Evolving DDoS Threat LandscapeMNSEC 2018 - Evolving DDoS Threat Landscape
MNSEC 2018 - Evolving DDoS Threat LandscapeMNCERT
 
Network solutions for data centre and cloud - IPnett, Christian Vendelbo Pete...
Network solutions for data centre and cloud - IPnett, Christian Vendelbo Pete...Network solutions for data centre and cloud - IPnett, Christian Vendelbo Pete...
Network solutions for data centre and cloud - IPnett, Christian Vendelbo Pete...Mediehuset Ingeniøren Live
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018African Cyber Security Summit
 
Virtual training optimizing the tick stack
Virtual training optimizing the tick stackVirtual training optimizing the tick stack
Virtual training optimizing the tick stackInfluxData
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a DefenderBangladesh Network Operators Group
 
20140313_tu_delft
20140313_tu_delft20140313_tu_delft
20140313_tu_delftUniversity of Twente
 

Recommended

(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...Amazon Web Services
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsAPNIC
 
MNSEC 2018 - Evolving DDoS Threat Landscape
MNSEC 2018 - Evolving DDoS Threat LandscapeMNSEC 2018 - Evolving DDoS Threat Landscape
MNSEC 2018 - Evolving DDoS Threat LandscapeMNCERT
 
Network solutions for data centre and cloud - IPnett, Christian Vendelbo Pete...
Network solutions for data centre and cloud - IPnett, Christian Vendelbo Pete...Network solutions for data centre and cloud - IPnett, Christian Vendelbo Pete...
Network solutions for data centre and cloud - IPnett, Christian Vendelbo Pete...Mediehuset Ingeniøren Live
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018African Cyber Security Summit
 
Virtual training optimizing the tick stack
Virtual training optimizing the tick stackVirtual training optimizing the tick stack
Virtual training optimizing the tick stackInfluxData
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a DefenderBangladesh Network Operators Group
 
20140313_tu_delft
20140313_tu_delft20140313_tu_delft
20140313_tu_delftUniversity of Twente
 
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019kieranjacobsen
 
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionDNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionImperva Incapsula
 
OPTIMIZING THE TICK STACK
OPTIMIZING THE TICK STACKOPTIMIZING THE TICK STACK
OPTIMIZING THE TICK STACKInfluxData
 
BDA403 How Netflix Monitors Applications in Real-time with Amazon Kinesis
BDA403 How Netflix Monitors Applications in Real-time with Amazon KinesisBDA403 How Netflix Monitors Applications in Real-time with Amazon Kinesis
BDA403 How Netflix Monitors Applications in Real-time with Amazon KinesisAmazon Web Services
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationJerod Brennen
 
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...Modern Data Stack France
 
So that was HTTP/2, what's next?
So that was HTTP/2, what's next?So that was HTTP/2, what's next?
So that was HTTP/2, what's next?Daniel Stenberg
 
"Giving the bad guys no sleep"
"Giving the bad guys no sleep""Giving the bad guys no sleep"
"Giving the bad guys no sleep"Christiaan Beek
 
Combating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and AutomationCombating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and AutomationSagi Brody
 
9534715
95347159534715
9534715Pavel Odintsov
 
Thotcon 0x5 - Retroactive Wiretapping VPN over DNS
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSThotcon 0x5 - Retroactive Wiretapping VPN over DNS
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSJohn Bambenek
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupmichaelxin2015
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksAcquia
 
Apache Hadoop - A Deep Dive (Part 1 - HDFS)
Apache Hadoop - A Deep Dive (Part 1 - HDFS) Apache Hadoop - A Deep Dive (Part 1 - HDFS)
Apache Hadoop - A Deep Dive (Part 1 - HDFS) Debarchan Sarkar
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation J Hartig
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksMyNOG
 
Bring Service Mesh To Cloud Native-apps
Bring Service Mesh To Cloud Native-appsBring Service Mesh To Cloud Native-apps
Bring Service Mesh To Cloud Native-appsThang Chung
 
DASP Top10 for OWASP Thailand Chapter by s111s
DASP Top10 for OWASP Thailand Chapter by s111s DASP Top10 for OWASP Thailand Chapter by s111s
DASP Top10 for OWASP Thailand Chapter by s111s s111s object
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 

More Related Content

Similar to DDoS 2017-18 review

The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019kieranjacobsen
 
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionDNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionImperva Incapsula
 
OPTIMIZING THE TICK STACK
OPTIMIZING THE TICK STACKOPTIMIZING THE TICK STACK
OPTIMIZING THE TICK STACKInfluxData
 
BDA403 How Netflix Monitors Applications in Real-time with Amazon Kinesis
BDA403 How Netflix Monitors Applications in Real-time with Amazon KinesisBDA403 How Netflix Monitors Applications in Real-time with Amazon Kinesis
BDA403 How Netflix Monitors Applications in Real-time with Amazon KinesisAmazon Web Services
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationJerod Brennen
 
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...Modern Data Stack France
 
So that was HTTP/2, what's next?
So that was HTTP/2, what's next?So that was HTTP/2, what's next?
So that was HTTP/2, what's next?Daniel Stenberg
 
"Giving the bad guys no sleep"
"Giving the bad guys no sleep""Giving the bad guys no sleep"
"Giving the bad guys no sleep"Christiaan Beek
 
Combating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and AutomationCombating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and AutomationSagi Brody
 
Thotcon 0x5 - Retroactive Wiretapping VPN over DNS
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSThotcon 0x5 - Retroactive Wiretapping VPN over DNS
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSJohn Bambenek
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupmichaelxin2015
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksAcquia
 
Apache Hadoop - A Deep Dive (Part 1 - HDFS)
Apache Hadoop - A Deep Dive (Part 1 - HDFS) Apache Hadoop - A Deep Dive (Part 1 - HDFS)
Apache Hadoop - A Deep Dive (Part 1 - HDFS) Debarchan Sarkar
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation J Hartig
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksMyNOG
 
Bring Service Mesh To Cloud Native-apps
Bring Service Mesh To Cloud Native-appsBring Service Mesh To Cloud Native-apps
Bring Service Mesh To Cloud Native-appsThang Chung
 
DASP Top10 for OWASP Thailand Chapter by s111s
DASP Top10 for OWASP Thailand Chapter by s111s DASP Top10 for OWASP Thailand Chapter by s111s
DASP Top10 for OWASP Thailand Chapter by s111s s111s object
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
 

Similar to DDoS 2017-18 review (20)

The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
 
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionDNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS Protection
 
OPTIMIZING THE TICK STACK
OPTIMIZING THE TICK STACKOPTIMIZING THE TICK STACK
OPTIMIZING THE TICK STACK
 
BDA403 How Netflix Monitors Applications in Real-time with Amazon Kinesis
BDA403 How Netflix Monitors Applications in Real-time with Amazon KinesisBDA403 How Netflix Monitors Applications in Real-time with Amazon Kinesis
BDA403 How Netflix Monitors Applications in Real-time with Amazon Kinesis
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
 
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
HUGFR : Une infrastructure Kafka & Storm pour lutter contre les attaques DDoS...
 
So that was HTTP/2, what's next?
So that was HTTP/2, what's next?So that was HTTP/2, what's next?
So that was HTTP/2, what's next?
 
"Giving the bad guys no sleep"
"Giving the bad guys no sleep""Giving the bad guys no sleep"
"Giving the bad guys no sleep"
 
Combating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and AutomationCombating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and Automation
 
9534715
95347159534715
9534715
 
Thotcon 0x5 - Retroactive Wiretapping VPN over DNS
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSThotcon 0x5 - Retroactive Wiretapping VPN over DNS
Thotcon 0x5 - Retroactive Wiretapping VPN over DNS
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPF
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS Attacks
 
Apache Hadoop - A Deep Dive (Part 1 - HDFS)
Apache Hadoop - A Deep Dive (Part 1 - HDFS) Apache Hadoop - A Deep Dive (Part 1 - HDFS)
Apache Hadoop - A Deep Dive (Part 1 - HDFS)
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation
 
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacksDDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacks
 
Bring Service Mesh To Cloud Native-apps
Bring Service Mesh To Cloud Native-appsBring Service Mesh To Cloud Native-apps
Bring Service Mesh To Cloud Native-apps
 
DASP Top10 for OWASP Thailand Chapter by s111s
DASP Top10 for OWASP Thailand Chapter by s111s DASP Top10 for OWASP Thailand Chapter by s111s
DASP Top10 for OWASP Thailand Chapter by s111s
 
Empowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial ServicesEmpowering Digital Transformation in Financial Services
Empowering Digital Transformation in Financial Services
 

More from Jisc

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptxJisc
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptxJisc
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxJisc
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptxJisc
 

More from Jisc (20)

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptx
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptx
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptx
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptx
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

DDoS 2017-18 review

  • 1. DDoS 2017/18 review Lee Harrigan-Green Chief security architect
  • 2. DDoS 2018/17 review 2 What to expect 1. DDoS by numbers! 2. Changing DDoS threat landscape and War stories 3. New DDoS protection services
  • 3. DDoS attacks over the last year Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct 2016/17 2017/18 DDoS 2018/17 review 3
  • 4. DDoS attacks over the last year Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct 2016/17 2017/18 DDoS 2018/17 review 4
  • 5. DDoS attacks by traffic volume (Gbps) Under 1 Gbps 1-5 Gbps 5-10 Gbps 10-15 Gbps 15-20 Gbps 20-30 Gbps 30-40 Gbps Above 40 Gbps 2016/17 2017/18 DDoS 2018/17 review 5
  • 6. DDoS attacks by packet rates (PPS) 0-125K 125K-250K 250K-500K 500K-750K 750K-1M 1M-1.5M 1.5M-2M 2M-3M 3M-4M 4M-5M > 5M 2016/17 2017/18 DDoS 2018/17 review 6
  • 7. DDoS attacks by time of day12AM 1AM 2AM 3AM 4AM 5AM 6AM 7AM 8AM 9AM 10AM 11AM 12PM 1PM 2PM 3PM 4PM 5PM 6PM 7PM 8PM 9PM 10PM 11PM 2016/17 2017/18 DDoS 2018/17 review 7
  • 8. DDoS attacks by sector FE HEI School or Council Science & Research Other 2016/17 2017/18 DDoS 2018/17 review 8
  • 9. Sector breakdown over the last year Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks FE HEI School or Council Other Science & Research DDoS 2018/17 review 9
  • 10. Sector breakdown over the last year Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks FE HEI School or Council Other Science & Research DDoS 2018/17 review 10
  • 11. The changing DDoS threat landscape DDoS 2018/17 review 11
  • 12. Attack vector breakdown Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP DDoS 2018/17 review 12
  • 13. Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (Memcached) 13 Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP DDoS 2018/17 review
  • 14. Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (DNS Amplification) DDoS 2018/17 review 14
  • 15. Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (DNS Amplification) DDoS 2018/17 review 15
  • 16. Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (CLDAP) DDoS 2018/17 review 16
  • 17. Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (CLDAP) DDoS 2018/17 review 17
  • 19. Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (TCP SYN) DDoS 2018/17 review 19
  • 20. Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (TCP SYN) DDoS 2018/17 review 20
  • 21. Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (TCP SYN/ACK Amplification) DDoS 2018/17 review 21
  • 22. Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18 Attacks TCP SYN/ACK Amplification UDP IP Fragmentation TCP SYN NTP Amplification Memcached Amplification DNS Amplification Chargen CLDAP Attack vector breakdown (TCP SYN) DDoS 2018/17 review 22
  • 23. Cybersecurity portal and enhanced DDoS services DDoS 2018/17 review 23
  • 24. Enhanced DDoS Service (Cyber security portal) • Real-time information on any alerts, attacks and mitigations. • Network-wide perspective on the frequency and impact of alerts. • Regular DDoS reporting (PDF via email) • Download a sample of attack traffic (In development) cybersecurity.jisc.ac.uk DDoS 2018/17 review 24
  • 26. Enhanced DDoS service (Response time) DDoS 2018/17 review 26 Foundation mitigation Protecting your network connection. Mitigation is manually applied by security analysts. Mon-Fri 9am – midnight. Sat/Sun 9am – 5pm. Fast Automated mitigation. High level threat alerts trigger rerouting and mitigation within 4 minutes. Service available 24/7. Instant Permanent mitigation. All traffic is permanently routed via mitigation ensuring no mitigation delay in the event of an attack. Service available 24/7.
  • 27. Response speed – Fast DDoS 2018/17 review 27 Time Mbps Total Traffic Filtered Traffic Passed Traffic Attack Launched Automatic response ~4 mins
  • 28. Response speed – Instant DDoS 2018/17 review 28 Time Mbps Attack Launched Total Traffic Filtered Traffic Passed Traffic
  • 29. Enhanced DDoS service (Customisation) DDoS 2018/17 review 29 Foundation mitigation Protecting your network connection. Mitigation is manually applied by security analysts. Mon-Fri 9am – midnight. Sat/Sun 9am – 5pm. Pre- configured Choose from one of a selection of pre-configured service profiles. Alert triggers and mitigation responses are designed by Jisc security analysts to be suitable for many services. Bespoke With the help of a security analyst adjust parameters of an alert or mitigation in order to create a bespoke mitigation to protect your unique services. Advanced reporting via the portal.
  • 30. Enhanced DDoS service (Pre-configured profiles) DDoS 2018/17 review 30
  • 31. Enhanced DDoS service (Order process) DDoS 2018/17 review 31 Assessment call Proposal and quotation Acceptance/order Implementation call Implement mitigation
  • 32. Enhanced DDoS service (Assessment call) DDoS 2018/17 review 32 The mandatory assessment call is essential for us to understand your concerns, performance requirements, technical configurations and work through all the options to offer the most economic and appropriate solution. ???
  • 33. If testing or “go-live” isn’t feasible during normal working hours we can arrange an out-of-hours test and switch on.* *There is a £500 charge for this service Enhanced DDoS service (Implementation call) During the implementation call we configure the system using the details you’ve gathered. We recommend testing the mitigation system during this process to ensure the configuration is performing correctly. DDoS 2018/17 review 33
  • 34. Get in touch… Except where otherwise noted, this work is licensed under CC-BY Lee Harrigan-Green chief security architect Lee.Harrrigan-Green@jisc.ac.uk Enhanced DDoS enquiries securityservices@jisc.ac.uk

Editor's Notes

  1. Science & Research councils are made up from this category so this explains why there are so few.
  2. Key points from this slideadsfdsaf
  3. Key points from this slideadsfdsaf
  4. Key points from this slide
  5. The importance of Memcached 15 bytes of data can generate a 750KB response—an amplification of 51000x amplification however we only generally see a 70x amplification factor in the attacks that we have received. This is the attack vector that generated the 1.3 Tbps attack against Github And also Arbor confirmed that 1.7 Tbps Attack against a US service provider.
  6. Key points from this slide
  7. 3.2 Million Open resolvers currently tracked by shadowserver
  8. Key points from this slide
  9. We are seeing a consistent trend with CLDAP attacks
  10. Key points from this slide
  11. Key points from this slide
  12. Key points from this slide
  13. At first glance it would appear that this attack vector is insignificant. However this is due to a new method of reflecting attacks via cloud services using TCP and not UDP This is similar to the description previously.
  14. Please do not t