Submit Search
Upload
Spoofing and Denial of Service: A risk to the decentralized Internet
•
0 likes
•
253 views
APNIC
Follow
Presentation by Tom Paseka at APRICOT 2017 on Wednesday, 1 March 2017.
Read less
Read more
Internet
Report
Share
Report
Share
1 of 71
Recommended
The Anatomy of DDoS Attacks
The Anatomy of DDoS Attacks
Acquia
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacks
MyNOG
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
APNIC
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
ShortestPathFirst
Zombie DNS
Zombie DNS
APNIC
OARC 26: Who's asking
OARC 26: Who's asking
APNIC
Evolving HTTP and making things QUIC
Evolving HTTP and making things QUIC
Natasha Rooney
Actual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long Period
APNIC
Recommended
The Anatomy of DDoS Attacks
The Anatomy of DDoS Attacks
Acquia
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacks
MyNOG
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
APNIC
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
ShortestPathFirst
Zombie DNS
Zombie DNS
APNIC
OARC 26: Who's asking
OARC 26: Who's asking
APNIC
Evolving HTTP and making things QUIC
Evolving HTTP and making things QUIC
Natasha Rooney
Actual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long Period
APNIC
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017
Suzanne Aldrich
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
nullowaspmumbai
Testing Rolling Roots
Testing Rolling Roots
APNIC
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 World
Tom Paseka
DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3
Moshe Zioni
(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private Cloud
Amazon Web Services
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73
APNIC
How to launch and defend against a DDoS
How to launch and defend against a DDoS
jgrahamc
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
Suzanne Aldrich
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
Tom Paseka
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5
Bangladesh Network Operators Group
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
APNIC
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet Routing
APNIC
DNS DDoS Attack and Risk
DNS DDoS Attack and Risk
Sukbum Hong
IPv6 deployment at APNIC
IPv6 deployment at APNIC
APNIC
VNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment Update
APNIC
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
Security Session
More specific announcments in BGP
More specific announcments in BGP
APNIC
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security Analysis
Bangladesh Network Operators Group
Almdudler Case Study - Cindy Tran
Almdudler Case Study - Cindy Tran
Cindy Tran
De gevolgen van traumatisch hersenletsel, een onderschat probleem in de huisa...
De gevolgen van traumatisch hersenletsel, een onderschat probleem in de huisa...
Mike de Groot
Traumatismo Craneoencefálico
Traumatismo Craneoencefálico
Yaneth03
More Related Content
What's hot
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017
Suzanne Aldrich
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
nullowaspmumbai
Testing Rolling Roots
Testing Rolling Roots
APNIC
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 World
Tom Paseka
DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3
Moshe Zioni
(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private Cloud
Amazon Web Services
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73
APNIC
How to launch and defend against a DDoS
How to launch and defend against a DDoS
jgrahamc
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
Suzanne Aldrich
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
Tom Paseka
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5
Bangladesh Network Operators Group
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
APNIC
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet Routing
APNIC
DNS DDoS Attack and Risk
DNS DDoS Attack and Risk
Sukbum Hong
IPv6 deployment at APNIC
IPv6 deployment at APNIC
APNIC
VNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment Update
APNIC
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
Security Session
More specific announcments in BGP
More specific announcments in BGP
APNIC
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security Analysis
Bangladesh Network Operators Group
What's hot
(19)
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Testing Rolling Roots
Testing Rolling Roots
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 World
DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3
(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private Cloud
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73
How to launch and defend against a DDoS
How to launch and defend against a DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
CloudFlare / ISOC - Are You Ready for IPv6 - Bridging the IPv6 gap
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet Routing
DNS DDoS Attack and Risk
DNS DDoS Attack and Risk
IPv6 deployment at APNIC
IPv6 deployment at APNIC
VNIX-NOG 2021: IPv6 Deployment Update
VNIX-NOG 2021: IPv6 Deployment Update
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
More specific announcments in BGP
More specific announcments in BGP
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security Analysis
Viewers also liked
Almdudler Case Study - Cindy Tran
Almdudler Case Study - Cindy Tran
Cindy Tran
De gevolgen van traumatisch hersenletsel, een onderschat probleem in de huisa...
De gevolgen van traumatisch hersenletsel, een onderschat probleem in de huisa...
Mike de Groot
Traumatismo Craneoencefálico
Traumatismo Craneoencefálico
Yaneth03
Características que Requiere el Egresado del 2020
Características que Requiere el Egresado del 2020
Dr. Orville M. Disdier
Hipolipemiantes en prevención cardiovascular
Hipolipemiantes en prevención cardiovascular
Cadime Easp
Swap-space Management
Swap-space Management
Agnas Jasmine
apnic handling-network-abuse
apnic handling-network-abuse
APNIC
Supporting internet growth and evolution
Supporting internet growth and evolution
APNIC
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60
RIPE Meetings
DNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6Lab
APNIC
Community Networks: An Alternative Paradigm for Developing Network Infrastruc...
Community Networks: An Alternative Paradigm for Developing Network Infrastruc...
APNIC
IPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise Networks
Ivan Pepelnjak
Korea IPv6 Measurement
Korea IPv6 Measurement
APNIC
Case Studies: TakNet
Case Studies: TakNet
APNIC
Technical and Business Considerations for DNSSEC Deployment
Technical and Business Considerations for DNSSEC Deployment
APNIC
Japan IPv6 Measurement
Japan IPv6 Measurement
APNIC
APNIC Update - MMNOG 2017
APNIC Update - MMNOG 2017
APNIC
APIX Update
APIX Update
APNIC
Supporting Global Discussion: IANA Stewardship Transition
Supporting Global Discussion: IANA Stewardship Transition
ICANN
Evolving the network for 5G
Evolving the network for 5G
APNIC
Viewers also liked
(20)
Almdudler Case Study - Cindy Tran
Almdudler Case Study - Cindy Tran
De gevolgen van traumatisch hersenletsel, een onderschat probleem in de huisa...
De gevolgen van traumatisch hersenletsel, een onderschat probleem in de huisa...
Traumatismo Craneoencefálico
Traumatismo Craneoencefálico
Características que Requiere el Egresado del 2020
Características que Requiere el Egresado del 2020
Hipolipemiantes en prevención cardiovascular
Hipolipemiantes en prevención cardiovascular
Swap-space Management
Swap-space Management
apnic handling-network-abuse
apnic handling-network-abuse
Supporting internet growth and evolution
Supporting internet growth and evolution
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60
DNSSEC/DANE/TLS Testing in Go6Lab
DNSSEC/DANE/TLS Testing in Go6Lab
Community Networks: An Alternative Paradigm for Developing Network Infrastruc...
Community Networks: An Alternative Paradigm for Developing Network Infrastruc...
IPv6 Deployment In Enterprise Networks
IPv6 Deployment In Enterprise Networks
Korea IPv6 Measurement
Korea IPv6 Measurement
Case Studies: TakNet
Case Studies: TakNet
Technical and Business Considerations for DNSSEC Deployment
Technical and Business Considerations for DNSSEC Deployment
Japan IPv6 Measurement
Japan IPv6 Measurement
APNIC Update - MMNOG 2017
APNIC Update - MMNOG 2017
APIX Update
APIX Update
Supporting Global Discussion: IANA Stewardship Transition
Supporting Global Discussion: IANA Stewardship Transition
Evolving the network for 5G
Evolving the network for 5G
Similar to Spoofing and Denial of Service: A risk to the decentralized Internet
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
APNIC
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
Jisc
DC/OS 1.8 Container Networking
DC/OS 1.8 Container Networking
Sargun Dhillon
DDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet Filtering
Qrator Labs
Erlang containers
Erlang containers
Sargun Dhillon
DDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring Project
APNIC
DNS Security Threats and Solutions
DNS Security Threats and Solutions
InnoTech
Hacking HTTP/2: New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2: New attacks on the Internet’s Next Generation Foundation
Imperva
nanog
nanog
Tom Paseka
Building the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing Microservices
Sargun Dhillon
Discover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MX
ThousandEyes
Advance Malware CnC by Avkash k and dhawal shah
Advance Malware CnC by Avkash k and dhawal shah
Avkash Kathiriya
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
APNIC
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS Protection
Imperva Incapsula
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
APNIC
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Tanya Denisyuk
Dns security threats and solutions
Dns security threats and solutions
Frank Victory
Network Emulation in SOASTA 57 Spring Release
Network Emulation in SOASTA 57 Spring Release
Jennifer Finney
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
IKT-Norge
Similar to Spoofing and Denial of Service: A risk to the decentralized Internet
(20)
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
DC/OS 1.8 Container Networking
DC/OS 1.8 Container Networking
DDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet Filtering
Erlang containers
Erlang containers
DDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring Project
DNS Security Threats and Solutions
DNS Security Threats and Solutions
Hacking HTTP/2: New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2: New attacks on the Internet’s Next Generation Foundation
nanog
nanog
Building the Glue for Service Discovery & Load Balancing Microservices
Building the Glue for Service Discovery & Load Balancing Microservices
Discover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MX
Advance Malware CnC by Avkash k and dhawal shah
Advance Malware CnC by Avkash k and dhawal shah
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS Protection
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Dns security threats and solutions
Dns security threats and solutions
Network Emulation in SOASTA 57 Spring Release
Network Emulation in SOASTA 57 Spring Release
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
More from APNIC
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
APNIC
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
APNIC
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
APNIC
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
APNIC
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
APNIC
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
APNIC
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
APNIC
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
APNIC
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
APNIC
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
APNIC
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
APNIC
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
APNIC
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APNIC
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
APNIC
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
APNIC
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
APNIC
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
APNIC
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
APNIC
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
APNIC
More from APNIC
(20)
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
Recently uploaded
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
anilsa9823
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
aditipandeya
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Damian Radcliffe
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
SofiyaSharma5
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
soniya singh
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
singhpriety023
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
soniya singh
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
soniya singh
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
sexy call girls service in goa
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
soniya singh
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
ellan12
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Delhi Call girls
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
soniya singh
Recently uploaded
(20)
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Spoofing and Denial of Service: A risk to the decentralized Internet
1.
Spoofing and Denial
of Service: A risk to the decentralized Internet DDoS: The real story with BCP38 Tom Paseka APRICOT 2017
2.
Global Network © 2017
Cloudflare Inc. All rights reserved. 2
3.
Content Neutral © 2016
Cloudflare Inc. All rights reserved. 3
4.
Daily Attacks © 2016
Cloudflare Inc. All rights reserved. 4
5.
Daily Attacks • Because
we have such a broad view of the internet, we see a lot of attacks • This graph is showing count of different attacks • Sometimes, seeing more than 1,400 unique attacks daily © 2016 Cloudflare Inc. All rights reserved. 5
6.
We have to
solve attacks © 2016 Cloudflare Inc. All rights reserved. 6
7.
Record Breaking Attacks Nickname
Type Volume SNMP Amp SNMP Amplification/Reflection 80Gbps Spamhaus DNS Amplification/Reflection 300Gbps "Winter of Attacks" Direct 400Gbps IoT Direct 500Gbps+ © 2016 Cloudflare Inc. All rights reserved. 7
8.
Record Breaking Attacks •
Around 5 years ago we saw some SNMP reflection attacks • Cable modems from a very large Cable ISP in North America were reflecting SNMP walks towards us • We then saw the infamous “Spamhaus” attacks. Attacks which were directed at us and internet infrastructure, resulting in impact to hundreds of thousands of internet users • From September 2016, the “IoT” attacks, most famously the Mirai (未来) botnet with attacks breaking 500Gbps © 2016 Cloudflare Inc. All rights reserved. 8
9.
Most big attacks
have a few things in common © 2016 Cloudflare Inc. All rights reserved. 9
10.
Flood of IP
Packets © 2016 Cloudflare Inc. All rights reserved. 10
11.
© 2016 Cloudflare
Inc. All rights reserved. 11
12.
Spoofing Enables Impersonation ©
2016 Cloudflare Inc. All rights reserved. 12
13.
Spoofing? • Why is
spoofing an issue? • This is my good friend Walt Wollny • Let’s say, he was assaulted, but it was by masked assailant • Without removing the mask, there can’t be legal retribution © 2016 Cloudflare Inc. All rights reserved. 13
14.
May 2000: BCP38 ©
2016 Cloudflare Inc. All rights reserved. 14
15.
BCP38 • BCP, Best
Common Practice #38 was published in May 2000 • It gave guidance on how to configure your network to prefer spoofing • This document is nearly 17 years old, why it isn’t engrained yet? • Vendors Faults? Operators Fault? • Regardless, IT’S. JUST. NOT. THERE. © 2016 Cloudflare Inc. All rights reserved. 15
16.
Caida Spoofer Stats ©
2016 Cloudflare Inc. All rights reserved. 16 Updated: Feb 2017. Source: https://spoofer.caida.org
17.
Filter close to
the source © 2016 Cloudflare Inc. All rights reserved. 17
18.
Filter close to
the source • Filtering at the ingress from your customer is really how to stop filtering • You should also be filtering at the egress if your network for multiple layers, incase of some misconfiguration • Unicast Reverse Path Forwarding doesn’t scale well • What about simple ACLs? • Yet this still isn’t there! © 2016 Cloudflare Inc. All rights reserved. 18
19.
IP Spoofing: • Enables
Impersonation • Isn’t solved © 2016 Cloudflare Inc. All rights reserved. 19
20.
IP Spoofing 1. Tracing
back is impossible 2. Allows sophisticated attacks © 2016 Cloudflare Inc. All rights reserved. 20
21.
IP Spoofing 1. Tracing
back is impossible 2. Allows sophisticated attacks © 2016 Cloudflare Inc. All rights reserved. 21
22.
Where did the
attack come from? © 2016 Cloudflare Inc. All rights reserved. 22
23.
Where did the
attack come from? • The “Server” in this slide, gets attack traffic • It has one link out, to its router, so we know it came from the ‘router’ • But from there, where did it come from? • There are multiple input interfaces, which one could be sending the traffic? Which network? • We can trace this down a bad way, by looking at graphs © 2016 Cloudflare Inc. All rights reserved. 23
24.
Identifying interfaces © 2016
Cloudflare Inc. All rights reserved. 24
25.
Identifying interfaces © 2016
Cloudflare Inc. All rights reserved. 25
26.
What’s on the
other side of the Cable? © 2016 Cloudflare Inc. All rights reserved. 26
27.
What’s on the
other side of the Cable? • For most internet networks, there are several types of input sources: • Direct Peering: Where you have a single network and their customer cone on that interfaces • Internet Exchange: many networks connected to a single fabric. Possible hundreds of direct networks and thousands of in-direct networks • Internet Carrier / Transit Provider: The whole Internet © 2016 Cloudflare Inc. All rights reserved. 27
28.
1. Direct Peering ©
2016 Cloudflare Inc. All rights reserved. 28
29.
1. Direct Peering •
Where we have direct peering with another network, you have a pretty good idea of what’s on the other side • This is going to be limited to that network and their customers • In a case like this, it’s pretty easy to identify at least the ISP responsible for traffic © 2016 Cloudflare Inc. All rights reserved. 29
30.
2. IXP /
Internet Exchange Point © 2016 Cloudflare Inc. All rights reserved. 30 3. Transit Provider
31.
IXPs and Transit
Providers • Both of these represent an issue • There is any number of networks where traffic could be coming from • No easy way to identify the source over either of these • Let’s explore a little but more about IXPs © 2016 Cloudflare Inc. All rights reserved. 31
32.
2. IXP /
Internet Exchange Point © 2016 Cloudflare Inc. All rights reserved. 32
33.
2. IXP /
Internet Exchange Point © 2016 Cloudflare Inc. All rights reserved. 33 ?.?.?.?
34.
2. IXP /
Internet Exchange Point • When traffic enters the IXP, we have no idea where the source came from • Since you’re on one big fabric, anyone can inject it • Very hard to track back • Some ways to trace, but poorly implemented. I’ll touch on this later. © 2016 Cloudflare Inc. All rights reserved. 34
35.
3. Transit Provider ©
2016 Cloudflare Inc. All rights reserved. 35 Src ip = 8.8.8.8
36.
3. Transit Provider ©
2016 Cloudflare Inc. All rights reserved. 36 ??? Src ip = 8.8.8.8 ??? 8.8.8.0/24
37.
3. Transit Provider •
So, we see an attack coming from 8.8.8.8 • This is coming in over a transit provider • But we have direct peering with the network that represents this traffic • Why isn’t this traffic coming over the peering? • ….Because it’s spoofed. © 2016 Cloudflare Inc. All rights reserved. 37
38.
Lack of Attribution ©
2016 Cloudflare Inc. All rights reserved. 38
39.
IP Spoofing 1. Tracing
back is impossible 2. Allows sophisticated attacks © 2016 Cloudflare Inc. All rights reserved. 39
40.
Amplification © 2016 Cloudflare
Inc. All rights reserved. 40
41.
Amplification • We know
about amplification attacks, so I’m not going to go into technical detail • The premise: Send a small request and get a big response directed at your target • Amplification means you can knock off a service, much larger than you are, without using all your resources. © 2016 Cloudflare Inc. All rights reserved. 41
42.
March 2013: Spamhaus ©
2016 Cloudflare Inc. All rights reserved. 42
43.
March 2013: Spamhaus •
During the Spamhaus attacks, DNS amplification was used • Large DNS replies (eg. ANY isc.org ~4,000 byte reply to a very small query) • 37Gbps of attack traffic was able to be amplified to 300Gbps of attack traffic © 2016 Cloudflare Inc. All rights reserved. 43
44.
Amplification is relatively
easy to block…. • …If you have the bandwidth. (few networks can absorb hundreds of Gbps) • Block on firewall: • src UDP/53 > deny • Internet is fighting amplification sources: • openresolverproject.org • openntpproject.org © 2016 Cloudflare Inc. All rights reserved. 44
45.
Source IP Addresses ©
2016 Cloudflare Inc. All rights reserved. 45 ??? Src ip = 8.8.8.8 ??? 8.8.8.0/24
46.
Source IP Addresses •
So, what happens when we trace the source IP address in attacks. • Taking this lovely picture from xkcd, we see a map of what the internet is © 2016 Cloudflare Inc. All rights reserved. 46
47.
Source IP Addresses ©
2016 Cloudflare Inc. All rights reserved. 47 https://xkcd.com/195/
48.
Source IP Addresses •
What does this same map look like, when we see a large scale attack? © 2016 Cloudflare Inc. All rights reserved. 48
49.
Source IP Addresses ©
2016 Cloudflare Inc. All rights reserved. 49
50.
Source IP Addresses •
What about a different type of attack? • This attack is coming from a single network, the graph on the left is the view of what is routed by that network • The graph on the right is attack sources from that network • Is this network doing egress filtering? Is it spoofed or all direct from that network? © 2016 Cloudflare Inc. All rights reserved. 50
51.
Source IP Addresses ©
2016 Cloudflare Inc. All rights reserved. 51
52.
Dealing with Attacks ©
2016 Cloudflare Inc. All rights reserved. 52
53.
Null Routing © 2016
Cloudflare Inc. All rights reserved. 53
54.
Null Routing • Probably
the simplest way to deal with an attack • You instruct your ISP not to route traffic for a single host, or a series of hosts in your network • Except, you’ve just let the attacker win • If you null route your service, you’ve taken it offline. Perhaps you have an advanced system and can quickly renumber, but the attacker can update their attack too © 2016 Cloudflare Inc. All rights reserved. 54
55.
The only way
to stay online is to absorb the attack © 2016 Cloudflare Inc. All rights reserved. 55
56.
Receive and Process ©
2016 Cloudflare Inc. All rights reserved. 56
57.
Receive and Process •
To absorb the attack you need to receive and process it • This means you need to scale up infrastructure or develop advanced techniques to deal with attacks • Both of these need huge amounts of capacity, both physical and logical • Few networks are ready for it, so you outsource • But this breaks the model of de-centralization © 2016 Cloudflare Inc. All rights reserved. 57
58.
Centralization © 2016 Cloudflare
Inc. All rights reserved. 58
59.
Solution? © 2016 Cloudflare
Inc. All rights reserved. 59
60.
Technical solutions to
IP Spoofing have failed © 2016 Cloudflare Inc. All rights reserved. 60
61.
Don’t just solve
the IP Spoofing © 2016 Cloudflare Inc. All rights reserved. 61
62.
Don’t just solve
the IP Spoofing… © 2016 Cloudflare Inc. All rights reserved. 62 …solve the attribution!
63.
© 2016 Cloudflare
Inc. All rights reserved. 63
64.
Netflow • Opensource Toolsets
are great • Scales very well • Privacy Concerns? • This is very very simple data • Rotate (delete) logs every few days • Use a high sampling rate. 1/16,000 © 2016 Cloudflare Inc. All rights reserved. 64
65.
Netflow • H/W vendors
must get better • Netflow v9 supports src/dst MAC • Which vendor supports it? © 2016 Cloudflare Inc. All rights reserved. 65 Photo: The Simpsons/FOX
66.
NetFlow • It is
EMBARRASING that a transit provider doesn’t know where packets ingress their networks • It’s even more embarrassing that service providers who have NetFlow equipment, be it open sourced / in house or provided by a vendor don’t know how to use it • It’s also EMBARRASING that hardware vendors don’t support full NetFlow v9 • This needs to be resolved now © 2016 Cloudflare Inc. All rights reserved. 66
67.
This is the
first step © 2016 Cloudflare Inc. All rights reserved. 67
68.
Attribution allows informed
discussion © 2016 Cloudflare Inc. All rights reserved. 68
69.
DDoS Causes centralization ©
2016 Cloudflare Inc. All rights reserved. 69
70.
To fix DDoS
we need attribution © 2016 Cloudflare Inc. All rights reserved. 70
71.
To make the
internet better for everyone © 2016 Cloudflare Inc. All rights reserved. 71