Presentation is loading. Please wait.

Presentation is loading. Please wait.

DDOS Defense by Offense OFFENSE Presented by: Anup Goyal Aojan Su.

Published byHeather Richards Modified over 9 years ago

Similar presentations

Presentation on theme: "DDOS Defense by Offense OFFENSE Presented by: Anup Goyal Aojan Su."— Presentation transcript:

1 DDOS Defense by Offense OFFENSE Presented by: Anup Goyal Aojan Su

2 Objections  Several objections identified By Authors itself Bandwidth Envy Flash Crowds Variable bandwidth cost  Is It Practical in real Internet ??

3 Clients ’ upload capacity  Clients with limited upload capacity (dialup users) can not “ speak-up ”  They can ’ t increase their chance to obtain service. In worse case, they can suffer when everyone else speaks up.

4 Can ’ t detect malicious client  Even good clients need to flood the server to get service.  It could be much more difficult to detect attackers.

5 Access Link Congestion  If the access link of thinner is congested, legitimate clients would back off due to congestion control.  Attackers could ignore congestion control and send at higher capacity.

6 Edge Network Flooding  Good client ’ s flooding traffic effect edge networks by increased traffic volumes. potentially harming other flows.

7 Problem for good guys  No good way to accommodate client è le (good and bad) coming from the same location.  Good Client always loose while sharing a Bottleneck link.

8 Impact on Other Traffic THIS IS BAD !!!!

9 Problems Unaddressed/overlooked  Effect of low-rate attack not addressed Bad client also has spare bandwidth.  Assumptions hold because of nature of current network characteristics How to detect when these assumptions break? Switch off speak-up (automatically?) under these conditions. Effect of various traffic patterns? (i.e. heavy-tail distribution)

10 My Question  Are speak-up ’ s assumptions reasonable? “ The thinner is never congested ” ?  Impact on network good traffic amplifier? How much bandwidth will be wasted for dummy bytes?

11 Primary Focus on HTTP  Focus primarily on Web traffic and its properties (e.g. HTTP).  Does not mention its usefulness for any other situation or protocol.

12 Market Survey Missing  The researchers have not done a market survey, thus all their findings are theoretical.  Economic issue consideration is missing.

13 Extra hardware  There is extra hardware (the Thinner) that has to sit in front of any server we want to protect by Speak-Up.  Expensive  Single Point of Failure

Download ppt "DDOS Defense by Offense OFFENSE Presented by: Anup Goyal Aojan Su."

Similar presentations

Performance Testing - Kanwalpreet Singh.

Performance Testing - Kanwalpreet Singh.
Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk email o Over 70% of email traffic  Bugs ---

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service.

Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.

Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.
DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker Presented by: Boris Kurktchiev and Kimberly.

DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker Presented by: Boris Kurktchiev and Kimberly.
5/18/2015 Samarpita Hurkute DDoS Defense By Offense 1 DDoS Defense by Offense Michael Walfish,Mythili Vutukuru,Hari Balakrishnan,David Karger,Scott Shenker.

5/18/2015 Samarpita Hurkute DDoS Defense By Offense 1 DDoS Defense by Offense Michael Walfish,Mythili Vutukuru,Hari Balakrishnan,David Karger,Scott Shenker.
DDoS: Defense by Offense 1 DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker, SIGCOMM ‘06 Presented.

DDoS: Defense by Offense 1 DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker, SIGCOMM ‘06 Presented.
1 DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, Scott Shenker, SIGCOMM ‘06 Presented by Lianmu Chen DDoS:

1 DDoS Defense by Offense Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, Scott Shenker, SIGCOMM ‘06 Presented by Lianmu Chen DDoS:
Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker Presented by Sunjun Kim, Donyoung Koo 1DDoS Defense by Offense.

Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker Presented by Sunjun Kim, Donyoung Koo 1DDoS Defense by Offense.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Michael Walfish, Mythili Vutukuru, Hari Balakrishanan, David Karger, Scott Shankar DDos Defense by Offense.

Michael Walfish, Mythili Vutukuru, Hari Balakrishanan, David Karger, Scott Shankar DDos Defense by Offense.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
DDoS Defense by Offense Presented by: Matthew C.H. Ma Damon Chan.

DDoS Defense by Offense Presented by: Matthew C.H. Ma Damon Chan.
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Feedback Based Routing Offense by: Ted Merchant and Kevin Tan.

Feedback Based Routing Offense by: Ted Merchant and Kevin Tan.
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.

Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.

Similar presentations

Ads by Google