Blackholing at IXPs ¹ INET, TU Berlin ² R&D, DE-CIX On the Effectiveness of DDoS Mitigation in the Wild Christoph Dietzel ¹ ², Anja Feldmann ¹, Thomas.

Slides:



Advertisements
Similar presentations
DROUGHT MONITORING CENTRE - NAIROBI WHAT COULD BE DONE ON DROUGHT WITHIN ISDR PLATFORM?
Advertisements

Advanced Technology Laboratories page 1 Network Performance Monitoring at Small Time Scales Dina Papagiannaki, Rene Cruz, Christophe Diot.
Traffic Dynamics at a Commercial Backbone POP Nina Taft Sprint ATL Co-authors: Supratik Bhattacharyya, Jorjeta Jetcheva, Christophe Diot.
NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Diverse Paths draft-ietf-grow-diverse-bgp-paths-dist-02 Keyur Patel.
Comparing IPv4 and IPv6 from the perspective of BGP dynamic activity Geoff Huston APNIC February 2012.
1 End-to-End Routing Behavior in the Internet Internet Routing Instability Presented by Carlos Flores Gaurav Jain May 31st CS 6390 Advanced Computer.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
1 Experimental Study of Internet Stability and Wide-Area Backbone Failure Craig Labovitz, Abha Ahuja Merit Network, Inc Presented by Changchun Zou.
2006 – (Almost another) BGP Year in Review A BRIEF update to the 2005 report 18 October 2006 IAB Routing Workshop Geoff Huston APNIC.
DYNAMICS OF PREFIX USAGE AT AN EDGE ROUTER Kaustubh Gadkari, Dan Massey and Christos Papadopoulos 1.
Making Route Servers Aware of Data Link Failure at IXPs Dr. Thomas King Manager R&D Discussion: Internet Draft.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
University of Massachusetts at Amherst 1 Flooding Attacks by Exploiting Persistent Forwarding Loops Jianhong Xia, Lixin Gao and Teng Fei University of.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
Protecting the BGP Routes to Top Level DNS Servers NANOG-25, June 11, 2002 UCLA Lan Wang Dan Pei Lixia Zhang USC/ISI Xiaoliang Zhao Dan Massey Allison.
Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.
Impact of BGP Dynamics on Intra-Domain Traffic Patterns in the Sprint IP Backbone Sharad Agarwal, Chen-Nee Chuah, Supratik Bhattacharyya, Christophe Diot.
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
Routing of Outgoing Packets with MP-TCP draft-handley-mptcp-routing-00 Mark Handley Costin Raiciu Marcelo Bagnulo.
DDoS Mitigation for ISP subscribers Rajaram Pejaver November 23, 2010 De-DDoS.
INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION  Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University.
Linac4 Risk Assessment Criteria and Methodology. Linac4 General Meeting – C. Rossi Definitions A risk is any event that could produce a change.
Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.
How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
1 CS 425 Distributed Systems Fall 2011 Slides by Indranil Gupta Measurement Studies All Slides © IG Acknowledgments: Jay Patel.
Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil.
BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.
Team 6: (DDoS) The Amazon Cloud Attack Kevin Coleman, Jeffrey Starker, Karthik Rangarajan, Paul Beresuita, Arunabh Verma and Amay Singhal.
David Wetherall Professor of Computer Science & Engineering Introduction to Computer Networks Hierarchical Routing (§5.2.6)
Lecture 27 Page 1 Advanced Network Security Routing Security Advanced Network Security Peter Reiher August, 2014.
Inter-Domain Routing Trends Geoff Huston APNIC March 2007.
Remote Trigger Black Hole 111. Remotely Triggered Black Hole Filtering We use BGP to trigger a network wide response to a range of attack flows. A simple.
A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡
Internet Security Trends LACNOG 2011 Julio Arruda LATAM Engineering Manager.
Eliminating Packet Loss Caused by BGP Convergence Nate Kushman Srikanth Kandula, Dina Katabi, and Bruce Maggs.
Statistics in Applied Science and Technology Supplemental: Elaborating Crosstabs: Adding a Third Variable.
BLACKHOLE BGP Community for Blackholing T. King, C. Dietzel, J. Snijders, G. Doering, G. Hankins.
Protecting your site from DDoS and data breach attacks Ronan Lavelle LeaseWeb Web Application Security Group.
On the Impact of Clustering on Measurement Reduction May 14 th, D. Saucez, B. Donnet, O. Bonaventure Thanks to P. François.
LDP extension for Inter-Area LSP draft-decraene-mpls-ldp-interarea-04 Bruno DecraeneFrance Telecom / Orange Jean-Louis Le RouxFrance Telecom / Orange Ina.
Advanced Technology Laboratories 8 December 2000 page 1 Characterization of Traffic at a Backbone POP Nina Taft Supratik Bhattacharyya Jorjeta Jetcheva.
1 Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston.
1 1 Syniverse Proprietary Fraud Management in the Cloud.
The Benefit and Need of Standard Contribution for IXPs Jan Stumpf System Engineer.
Sitecues Metrics David Young (617) Discussion Document.
Traffic Volume Dependencies between IXPs Thomas King R&D, DE-CIX.
Investigation of Traffic Dependencies between IXPs in Failure Scenarios APRICOT 2016, Peering Forum Auckland, New Zealand Arnold Nipper Chief.
PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services Ming Zhang, Chi Zhang Vivek Pai, Larry Peterson, Randy Wang Princeton.
CS 3700 Networks and Distributed Systems
CS 3700 Networks and Distributed Systems
Auto-Detecting Hijacked Prefixes?
Auto-Detecting Hijacked Prefixes?
Detecting Peering Infrastructure Outages ENOG14, Minsk
Traffic Volume Dependencies between IXPs
We Care About Data Quality at IXPs
Are We There Yet? On RPKI Deployment and Security
COS 561: Advanced Computer Networks
RFC7999 BLACKHOLE BGP Community for Blackholing
CIT 384: Network Administration
Peer Power Save Mode for TDLS
BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)
Improving global routing security and resilience
SnapChat Mini-Project
The Elusive Internet Flattening: 10 Years of IXP Growth
Presentation transcript:

Blackholing at IXPs ¹ INET, TU Berlin ² R&D, DE-CIX On the Effectiveness of DDoS Mitigation in the Wild Christoph Dietzel ¹ ², Anja Feldmann ¹, Thomas King ² RIPE 72

DDoS Attacks Remain a Serious Threat 2

What is Blackholing? 3 » Operational technique to counter DDoS attacks » Triggered directly by IP owners through BGP » Last resort to protect upstream/peering link or own network » Since a few years also at IXPs (DE-CIX, MSK-IX, NETIX, NIX-CZ, …)

Recap – Blackholing at IXPs 4 datacenter network next hop: IP D next hop: IP D next hop: IP D next hop: IP BH AS D IXP

Recap – Blackholing at IXPs 5 datacenter network next hop: IP BH next hop: IP BH next hop: IP D next hop: IP BH AS D IXP

Is it frequently used and how is it used? 6 What is the impact on traffic? How can we improve blackholing?

» About 23,000 announcements » Stable number of active /32 blackholes (~1200) » Also stable number of less specifics /31 - /18 (~50) » What about new announcements? Blackholing Usage Analysis – Active Announcements 7

» High variance in new announcements » Spikey less specifics (/31 - /18) » Blackholing is indeed widely used! » But which prefix sizes? Blackholing Usage Analysis – New Announcements 8

» Mainly /32 announcements (97%) » /24 - /31 account for 2.5% » 9 announcements for < /24 » More specific acceptance needed » Announced for how long? Blackholing Usage Analysis – Prefix Length 9

» Active duration per prefix (/32) » Majority is short-lived (~50% <= 3 hours) » Longest observed announcement days Blackholing Usage Analysis – Active Duration 10

» Majority is short-lived » Also very long living announcements » Could be the same prefix?! Blackholing Usage Analysis – Active Duration 11

» 7,864 unique prefixes » Most prefixes announced once (10%), or between two and three times (15%) » Outliers spread from 10 to 100, max 623 Blackholing Usage Analysis – Re-Announcements per Prefix 12

Case Study - Impact on Traffic »Traffic for one /32 »Traffic rises up to 17.6 Gbit/s »Traffic is reduced by one third 13

Summary » 23,000 announced blackholes (over a three month period) » Stable number of 1200 active blackholes » Observed least specific was a /18 » Very diverse announcement patterns (frequency, duration, …) » Succeeds in mitigating large DDoS attacks Full paper at

Comments? Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.