Presentation is loading. Please wait.

Presentation is loading. Please wait.

Blackholing at IXPs ¹ INET, TU Berlin ² R&D, DE-CIX On the Effectiveness of DDoS Mitigation in the Wild Christoph Dietzel ¹ ², Anja Feldmann ¹, Thomas.

Published byMaurice Walton Modified over 8 years ago

Similar presentations

Presentation on theme: "Blackholing at IXPs ¹ INET, TU Berlin ² R&D, DE-CIX On the Effectiveness of DDoS Mitigation in the Wild Christoph Dietzel ¹ ², Anja Feldmann ¹, Thomas."— Presentation transcript:

1 Blackholing at IXPs ¹ INET, TU Berlin ² R&D, DE-CIX On the Effectiveness of DDoS Mitigation in the Wild Christoph Dietzel ¹ ², Anja Feldmann ¹, Thomas King ² RIPE 72

2 DDoS Attacks Remain a Serious Threat 2

3 What is Blackholing? 3 » Operational technique to counter DDoS attacks » Triggered directly by IP owners through BGP » Last resort to protect upstream/peering link or own network » Since a few years also at IXPs (DE-CIX, MSK-IX, NETIX, NIX-CZ, …)

4 Recap – Blackholing at IXPs 4 datacenter network next hop: IP D next hop: IP D next hop: IP D next hop: IP BH AS D IXP

5 Recap – Blackholing at IXPs 5 datacenter network next hop: IP BH next hop: IP BH next hop: IP D next hop: IP BH AS D IXP

6 Is it frequently used and how is it used? 6 What is the impact on traffic? How can we improve blackholing?

7 » About 23,000 announcements » Stable number of active /32 blackholes (~1200) » Also stable number of less specifics /31 - /18 (~50) » What about new announcements? Blackholing Usage Analysis – Active Announcements 7

8 » High variance in new announcements » Spikey less specifics (/31 - /18) » Blackholing is indeed widely used! » But which prefix sizes? Blackholing Usage Analysis – New Announcements 8

9 » Mainly /32 announcements (97%) » /24 - /31 account for 2.5% » 9 announcements for < /24 » More specific acceptance needed » Announced for how long? Blackholing Usage Analysis – Prefix Length 9

10 » Active duration per prefix (/32) » Majority is short-lived (~50% <= 3 hours) » Longest observed announcement 76.31 days Blackholing Usage Analysis – Active Duration 10

11 » Majority is short-lived » Also very long living announcements » Could be the same prefix?! Blackholing Usage Analysis – Active Duration 11

12 » 7,864 unique prefixes » Most prefixes announced once (10%), or between two and three times (15%) » Outliers spread from 10 to 100, max 623 Blackholing Usage Analysis – Re-Announcements per Prefix 12

13 Case Study - Impact on Traffic »Traffic for one /32 »Traffic rises up to 17.6 Gbit/s »Traffic is reduced by one third 13

14 Summary » 23,000 announced blackholes (over a three month period) » Stable number of 1200 active blackholes » Observed least specific was a /18 » Very diverse announcement patterns (frequency, duration, …) » Succeeds in mitigating large DDoS attacks Full paper at http://www.net.t-labs.tu-berlin.de/papers/DFK-BIXPO-16.pdf

15 Comments? Questions?

Download ppt "Blackholing at IXPs ¹ INET, TU Berlin ² R&D, DE-CIX On the Effectiveness of DDoS Mitigation in the Wild Christoph Dietzel ¹ ², Anja Feldmann ¹, Thomas."

Similar presentations

DROUGHT MONITORING CENTRE - NAIROBI WHAT COULD BE DONE ON DROUGHT WITHIN ISDR PLATFORM?

DROUGHT MONITORING CENTRE - NAIROBI WHAT COULD BE DONE ON DROUGHT WITHIN ISDR PLATFORM?
Advanced Technology Laboratories page 1 Network Performance Monitoring at Small Time Scales Dina Papagiannaki, Rene Cruz, Christophe Diot.

Advanced Technology Laboratories page 1 Network Performance Monitoring at Small Time Scales Dina Papagiannaki, Rene Cruz, Christophe Diot.
Traffic Dynamics at a Commercial Backbone POP Nina Taft Sprint ATL Co-authors: Supratik Bhattacharyya, Jorjeta Jetcheva, Christophe Diot.

Traffic Dynamics at a Commercial Backbone POP Nina Taft Sprint ATL Co-authors: Supratik Bhattacharyya, Jorjeta Jetcheva, Christophe Diot.
NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,

NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Diverse Paths draft-ietf-grow-diverse-bgp-paths-dist-02 Keyur Patel.

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Diverse Paths draft-ietf-grow-diverse-bgp-paths-dist-02 Keyur Patel.
Comparing IPv4 and IPv6 from the perspective of BGP dynamic activity Geoff Huston APNIC February 2012.

Comparing IPv4 and IPv6 from the perspective of BGP dynamic activity Geoff Huston APNIC February 2012.
1 End-to-End Routing Behavior in the Internet Internet Routing Instability Presented by Carlos Flores Gaurav Jain May 31st. 2000 CS 6390 Advanced Computer.

1 End-to-End Routing Behavior in the Internet Internet Routing Instability Presented by Carlos Flores Gaurav Jain May 31st CS 6390 Advanced Computer.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
1 Experimental Study of Internet Stability and Wide-Area Backbone Failure Craig Labovitz, Abha Ahuja Merit Network, Inc. 1998. Presented by Changchun Zou.

1 Experimental Study of Internet Stability and Wide-Area Backbone Failure Craig Labovitz, Abha Ahuja Merit Network, Inc Presented by Changchun Zou.
2006 – (Almost another) BGP Year in Review A BRIEF update to the 2005 report 18 October 2006 IAB Routing Workshop Geoff Huston APNIC.

2006 – (Almost another) BGP Year in Review A BRIEF update to the 2005 report 18 October 2006 IAB Routing Workshop Geoff Huston APNIC.
DYNAMICS OF PREFIX USAGE AT AN EDGE ROUTER Kaustubh Gadkari, Dan Massey and Christos Papadopoulos 1.

DYNAMICS OF PREFIX USAGE AT AN EDGE ROUTER Kaustubh Gadkari, Dan Massey and Christos Papadopoulos 1.
Making Route Servers Aware of Data Link Failure at IXPs Dr. Thomas King Manager R&D Discussion: Internet Draft.

Making Route Servers Aware of Data Link Failure at IXPs Dr. Thomas King Manager R&D Discussion: Internet Draft.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
University of Massachusetts at Amherst 1 Flooding Attacks by Exploiting Persistent Forwarding Loops Jianhong Xia, Lixin Gao and Teng Fei University of.

University of Massachusetts at Amherst 1 Flooding Attacks by Exploiting Persistent Forwarding Loops Jianhong Xia, Lixin Gao and Teng Fei University of.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
Protecting the BGP Routes to Top Level DNS Servers NANOG-25, June 11, 2002 UCLA Lan Wang Dan Pei Lixia Zhang USC/ISI Xiaoliang Zhao Dan Massey Allison.

Protecting the BGP Routes to Top Level DNS Servers NANOG-25, June 11, 2002 UCLA Lan Wang Dan Pei Lixia Zhang USC/ISI Xiaoliang Zhao Dan Massey Allison.
Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.

Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.
Impact of BGP Dynamics on Intra-Domain Traffic Patterns in the Sprint IP Backbone Sharad Agarwal, Chen-Nee Chuah, Supratik Bhattacharyya, Christophe Diot.

Impact of BGP Dynamics on Intra-Domain Traffic Patterns in the Sprint IP Backbone Sharad Agarwal, Chen-Nee Chuah, Supratik Bhattacharyya, Christophe Diot.

Similar presentations

Ads by Google