SlideShare a Scribd company logo

Lekker weer nlnog_nlnog_ddos_fl

Pavel Odintsov
Pavel Odintsov

Cheap and Efficient DDoS Traffic Analysis Fabian Labohm f.labohm@duocast.nl Duocast

Technology
1 of 10
Download to read offline
Cheap and Efficient DDoS Traffic Analysis Fabian Labohm f.labohm@duocast.nl Duocast
• ASN: 31477 • Routing: Juniper MX80 • KRT Issue
 Last major incident: 17-11-2015
 Impact: 2x 20 mins * • Netflow / Inline Jflow (ipfix) • Fastnetmon implemenation * https://noc.duocast.net/rca-eunetworks-16112015.pdf Cheap and Efficient DDoS Traffic Analysis
• Doel: • Uitschakelen van Netflow, verlagen van load op routers • implementatie Fastnetmon • Mogelijke oplossingen: • Portmirror op routers of aggregatie switches • Routers vervangen door MX240+ • Optical taps Cheap and Efficient DDoS Traffic Analysis
Cheap and Efficient DDoS Traffic Analysis
• 2 POPs in Amsterdam (Globalswitch, EuNetworks) • 4 10Gbps uplinks (AMS-IX, NL-IX, NTT, KPN) • 2 optische taps per POP • 8 optische signalen om te monitoren Cheap and Efficient DDoS Traffic Analysis
• TAP Host hardware • Supermicro met 2x E5-2620, 32GB, 2 disks raid1 • 2x Intel X710-DA2 (dual port SFP+) • Intel X710 NIC = 10GBase-SX en 10GBase-LX optics only Cheap and Efficient DDoS Traffic Analysis
• Resultaat: • TAPHost per POP • 4 10Gbps poorten per host - alleen RX aangesloten • 4 NICs in OS (linux) • Netflow op beide MX80’s uit Cheap and Efficient DDoS Traffic Analysis
• Configuratie • TAPHost 1 • iptables ipt_NETFLOW • NFSen • TAPHost 2 • iptables ipt_NETFLOW • Fastnetmon + Grafana Cheap and Efficient DDoS Traffic Analysis
• Ervaring tot op heden: • Full table laden in 6 minuten in plaats van 20 • Fastnetmon werkt goed! • Minimale investering • Nadelen: • Schaalbaarheid • Aggregatie van data Cheap and Efficient DDoS Traffic Analysis
Feedback / Vragen ? Cheap and Efficient DDoS Traffic Analysis

Recommended

Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersLekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersPavel Odintsov
 
Netflow Performance
Netflow PerformanceNetflow Performance
Netflow PerformanceRijksoverheid
 
IDMEF Specifics
IDMEF SpecificsIDMEF Specifics
IDMEF SpecificsRijksoverheid
 
TOPsis in een notendop
TOPsis in een notendopTOPsis in een notendop
TOPsis in een notendopTOPdesk
 
Mijn site beveiliging
Mijn site beveiligingMijn site beveiliging
Mijn site beveiligingMarko Heijnen
 
Netwerkfunctievirtualisatie: proof-of-concept en demo
Netwerkfunctievirtualisatie: proof-of-concept en demoNetwerkfunctievirtualisatie: proof-of-concept en demo
Netwerkfunctievirtualisatie: proof-of-concept en demoSURFnet
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSPavel Odintsov
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 

Recommended

Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersLekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersPavel Odintsov
 
Netflow Performance
Netflow PerformanceNetflow Performance
Netflow PerformanceRijksoverheid
 
IDMEF Specifics
IDMEF SpecificsIDMEF Specifics
IDMEF SpecificsRijksoverheid
 
TOPsis in een notendop
TOPsis in een notendopTOPsis in een notendop
TOPsis in een notendopTOPdesk
 
Mijn site beveiliging
Mijn site beveiligingMijn site beveiliging
Mijn site beveiligingMarko Heijnen
 
Netwerkfunctievirtualisatie: proof-of-concept en demo
Netwerkfunctievirtualisatie: proof-of-concept en demoNetwerkfunctievirtualisatie: proof-of-concept en demo
Netwerkfunctievirtualisatie: proof-of-concept en demoSURFnet
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSPavel Odintsov
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiPavel Odintsov
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonPavel Odintsov
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 
Presenatie cisco 20101115
Presenatie cisco 20101115Presenatie cisco 20101115
Presenatie cisco 20101115previder
 
VITO - Voorstelling Vito dag raamcontract datacenter 2016
VITO - Voorstelling Vito dag raamcontract datacenter 2016VITO - Voorstelling Vito dag raamcontract datacenter 2016
VITO - Voorstelling Vito dag raamcontract datacenter 2016VITO - Securitas
 
Salespresentatie Previder Datacenters rvl 1.0
Salespresentatie Previder Datacenters rvl 1.0Salespresentatie Previder Datacenters rvl 1.0
Salespresentatie Previder Datacenters rvl 1.0Rien van der Laan
 
SURFnet8: automatiseren van netwerkbeheer - Peter Boers (SURF) - Netwerkdag 2019
SURFnet8: automatiseren van netwerkbeheer - Peter Boers (SURF) - Netwerkdag 2019SURFnet8: automatiseren van netwerkbeheer - Peter Boers (SURF) - Netwerkdag 2019
SURFnet8: automatiseren van netwerkbeheer - Peter Boers (SURF) - Netwerkdag 2019SURFevents
 
Alcatel-Lucent WLAN Seminar bij Alcadis - 10 april 2014
Alcatel-Lucent WLAN Seminar bij Alcadis - 10 april 2014Alcatel-Lucent WLAN Seminar bij Alcadis - 10 april 2014
Alcatel-Lucent WLAN Seminar bij Alcadis - 10 april 2014Matthijs Kortlever
 
The Big Switch
The Big SwitchThe Big Switch
The Big SwitchSURFnet
 
Real-Time in industriëel Ehternet
Real-Time in industriëel EhternetReal-Time in industriëel Ehternet
Real-Time in industriëel Ehternetie-net ingenieursvereniging vzw
 
Real-Time in industriëel Ehternet
Real-Time in industriëel EhternetReal-Time in industriëel Ehternet
Real-Time in industriëel Ehternetie-net ingenieursvereniging vzw
 
ICT & Gezond verstand
ICT & Gezond verstandICT & Gezond verstand
ICT & Gezond verstandB.A.
 
C.V. hendry2016Linkedin
C.V. hendry2016LinkedinC.V. hendry2016Linkedin
C.V. hendry2016LinkedinHendry Rampersad
 
Je eigen draadloos thuisnetwerk
Je eigen draadloos thuisnetwerkJe eigen draadloos thuisnetwerk
Je eigen draadloos thuisnetwerkAvansa Mid- en Zuidwest
 
Rene Kamphuis - De groene energietransitie, de rol van de virtuele en fysieke...
Rene Kamphuis - De groene energietransitie, de rol van de virtuele en fysieke...Rene Kamphuis - De groene energietransitie, de rol van de virtuele en fysieke...
Rene Kamphuis - De groene energietransitie, de rol van de virtuele en fysieke...Dutch Power
 
Netwerksimulatie met behulp van ns-3
Netwerksimulatie met behulp van ns-3Netwerksimulatie met behulp van ns-3
Netwerksimulatie met behulp van ns-3Bob van der Vleuten
 
Supernet NL - De eerste supergeleidende kabel in Nederland
Supernet NL - De eerste supergeleidende kabel in NederlandSupernet NL - De eerste supergeleidende kabel in Nederland
Supernet NL - De eerste supergeleidende kabel in NederlandDutch Power
 

More Related Content

Viewers also liked

Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiPavel Odintsov
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonPavel Odintsov
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 

Viewers also liked (8)

Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simple
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solution
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka Ishizaki
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow Spec
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and Discussion
 

Similar to Lekker weer nlnog_nlnog_ddos_fl

Presenatie cisco 20101115
Presenatie cisco 20101115Presenatie cisco 20101115
Presenatie cisco 20101115previder
 
VITO - Voorstelling Vito dag raamcontract datacenter 2016
VITO - Voorstelling Vito dag raamcontract datacenter 2016VITO - Voorstelling Vito dag raamcontract datacenter 2016
VITO - Voorstelling Vito dag raamcontract datacenter 2016VITO - Securitas
 
Salespresentatie Previder Datacenters rvl 1.0
Salespresentatie Previder Datacenters rvl 1.0Salespresentatie Previder Datacenters rvl 1.0
Salespresentatie Previder Datacenters rvl 1.0Rien van der Laan
 
SURFnet8: automatiseren van netwerkbeheer - Peter Boers (SURF) - Netwerkdag 2019
SURFnet8: automatiseren van netwerkbeheer - Peter Boers (SURF) - Netwerkdag 2019SURFnet8: automatiseren van netwerkbeheer - Peter Boers (SURF) - Netwerkdag 2019
SURFnet8: automatiseren van netwerkbeheer - Peter Boers (SURF) - Netwerkdag 2019SURFevents
 
Alcatel-Lucent WLAN Seminar bij Alcadis - 10 april 2014
Alcatel-Lucent WLAN Seminar bij Alcadis - 10 april 2014Alcatel-Lucent WLAN Seminar bij Alcadis - 10 april 2014
Alcatel-Lucent WLAN Seminar bij Alcadis - 10 april 2014Matthijs Kortlever
 
The Big Switch
The Big SwitchThe Big Switch
The Big SwitchSURFnet
 
ICT & Gezond verstand
ICT & Gezond verstandICT & Gezond verstand
ICT & Gezond verstandB.A.
 
Rene Kamphuis - De groene energietransitie, de rol van de virtuele en fysieke...
Rene Kamphuis - De groene energietransitie, de rol van de virtuele en fysieke...Rene Kamphuis - De groene energietransitie, de rol van de virtuele en fysieke...
Rene Kamphuis - De groene energietransitie, de rol van de virtuele en fysieke...Dutch Power
 
Netwerksimulatie met behulp van ns-3
Netwerksimulatie met behulp van ns-3Netwerksimulatie met behulp van ns-3
Netwerksimulatie met behulp van ns-3Bob van der Vleuten
 
Supernet NL - De eerste supergeleidende kabel in Nederland
Supernet NL - De eerste supergeleidende kabel in NederlandSupernet NL - De eerste supergeleidende kabel in Nederland
Supernet NL - De eerste supergeleidende kabel in NederlandDutch Power
 

Similar to Lekker weer nlnog_nlnog_ddos_fl (14)

Presenatie cisco 20101115
Presenatie cisco 20101115Presenatie cisco 20101115
Presenatie cisco 20101115
 
VITO - Voorstelling Vito dag raamcontract datacenter 2016
VITO - Voorstelling Vito dag raamcontract datacenter 2016VITO - Voorstelling Vito dag raamcontract datacenter 2016
VITO - Voorstelling Vito dag raamcontract datacenter 2016
 
Salespresentatie Previder Datacenters rvl 1.0
Salespresentatie Previder Datacenters rvl 1.0Salespresentatie Previder Datacenters rvl 1.0
Salespresentatie Previder Datacenters rvl 1.0
 
SURFnet8: automatiseren van netwerkbeheer - Peter Boers (SURF) - Netwerkdag 2019
SURFnet8: automatiseren van netwerkbeheer - Peter Boers (SURF) - Netwerkdag 2019SURFnet8: automatiseren van netwerkbeheer - Peter Boers (SURF) - Netwerkdag 2019
SURFnet8: automatiseren van netwerkbeheer - Peter Boers (SURF) - Netwerkdag 2019
 
Alcatel-Lucent WLAN Seminar bij Alcadis - 10 april 2014
Alcatel-Lucent WLAN Seminar bij Alcadis - 10 april 2014Alcatel-Lucent WLAN Seminar bij Alcadis - 10 april 2014
Alcatel-Lucent WLAN Seminar bij Alcadis - 10 april 2014
 
The Big Switch
The Big SwitchThe Big Switch
The Big Switch
 
Real-Time in industriëel Ehternet
Real-Time in industriëel EhternetReal-Time in industriëel Ehternet
Real-Time in industriëel Ehternet
 
Real-Time in industriëel Ehternet
Real-Time in industriëel EhternetReal-Time in industriëel Ehternet
Real-Time in industriëel Ehternet
 
ICT & Gezond verstand
ICT & Gezond verstandICT & Gezond verstand
ICT & Gezond verstand
 
C.V. hendry2016Linkedin
C.V. hendry2016LinkedinC.V. hendry2016Linkedin
C.V. hendry2016Linkedin
 
Je eigen draadloos thuisnetwerk
Je eigen draadloos thuisnetwerkJe eigen draadloos thuisnetwerk
Je eigen draadloos thuisnetwerk
 
Rene Kamphuis - De groene energietransitie, de rol van de virtuele en fysieke...
Rene Kamphuis - De groene energietransitie, de rol van de virtuele en fysieke...Rene Kamphuis - De groene energietransitie, de rol van de virtuele en fysieke...
Rene Kamphuis - De groene energietransitie, de rol van de virtuele en fysieke...
 
Netwerksimulatie met behulp van ns-3
Netwerksimulatie met behulp van ns-3Netwerksimulatie met behulp van ns-3
Netwerksimulatie met behulp van ns-3
 
Supernet NL - De eerste supergeleidende kabel in Nederland
Supernet NL - De eerste supergeleidende kabel in NederlandSupernet NL - De eerste supergeleidende kabel in Nederland
Supernet NL - De eerste supergeleidende kabel in Nederland
 

More from Pavel Odintsov

DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentPavel Odintsov
 
Network telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentationNetwork telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentationPavel Odintsov
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedPavel Odintsov
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresPavel Odintsov
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
Flowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoiseFlowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoisePavel Odintsov
 
Detectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSDetectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSPavel Odintsov
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaPavel Odintsov
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossPavel Odintsov
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaPavel Odintsov
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdPavel Odintsov
 

More from Pavel Odintsov (20)

DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environment
 
Network telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentationNetwork telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentation
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume Based
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP Infrastructures
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection tool
 
Flowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoiseFlowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoise
 
Detectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSDetectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOS
 
Jon Nield FastNetMon
Jon Nield FastNetMonJon Nield FastNetMon
Jon Nield FastNetMon
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_voss
 
SIG-NOC Tools Survey
SIG-NOC Tools SurveySIG-NOC Tools Survey
SIG-NOC Tools Survey
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner Maia
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And Mitigation
 
9534715
95347159534715
9534715
 
03 estrategia-ddos
03 estrategia-ddos03 estrategia-ddos
03 estrategia-ddos
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigation
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPd
 

Lekker weer nlnog_nlnog_ddos_fl

  • 1. Cheap and Efficient DDoS Traffic Analysis Fabian Labohm f.labohm@duocast.nl Duocast
  • 2. • ASN: 31477 • Routing: Juniper MX80 • KRT Issue
 Last major incident: 17-11-2015
 Impact: 2x 20 mins * • Netflow / Inline Jflow (ipfix) • Fastnetmon implemenation * https://noc.duocast.net/rca-eunetworks-16112015.pdf Cheap and Efficient DDoS Traffic Analysis
  • 3. • Doel: • Uitschakelen van Netflow, verlagen van load op routers • implementatie Fastnetmon • Mogelijke oplossingen: • Portmirror op routers of aggregatie switches • Routers vervangen door MX240+ • Optical taps Cheap and Efficient DDoS Traffic Analysis
  • 4. Cheap and Efficient DDoS Traffic Analysis
  • 5. • 2 POPs in Amsterdam (Globalswitch, EuNetworks) • 4 10Gbps uplinks (AMS-IX, NL-IX, NTT, KPN) • 2 optische taps per POP • 8 optische signalen om te monitoren Cheap and Efficient DDoS Traffic Analysis
  • 6. • TAP Host hardware • Supermicro met 2x E5-2620, 32GB, 2 disks raid1 • 2x Intel X710-DA2 (dual port SFP+) • Intel X710 NIC = 10GBase-SX en 10GBase-LX optics only Cheap and Efficient DDoS Traffic Analysis
  • 7. • Resultaat: • TAPHost per POP • 4 10Gbps poorten per host - alleen RX aangesloten • 4 NICs in OS (linux) • Netflow op beide MX80’s uit Cheap and Efficient DDoS Traffic Analysis
  • 8. • Configuratie • TAPHost 1 • iptables ipt_NETFLOW • NFSen • TAPHost 2 • iptables ipt_NETFLOW • Fastnetmon + Grafana Cheap and Efficient DDoS Traffic Analysis
  • 9. • Ervaring tot op heden: • Full table laden in 6 minuten in plaats van 20 • Fastnetmon werkt goed! • Minimale investering • Nadelen: • Schaalbaarheid • Aggregatie van data Cheap and Efficient DDoS Traffic Analysis
  • 10. Feedback / Vragen ? Cheap and Efficient DDoS Traffic Analysis