Verify John Lefever`s Outpace Defense against DDoS Simulation
Download
Report
Transcript Verify John Lefever`s Outpace Defense against DDoS Simulation
Simulation of internet backbone
under DDoS Attacks
Simulation of adaptive Network Reconfiguration under
Overwhelming Denial of Service Attack
by
John William Lefever’s Thesis Project(2010)
Rajya Badam
Outline
Purpose
Various DDoS Defense Mechanisms
Network Topology
Benefits
Results
Conclusion
Future Work
Purpose
DDoS
Attackers behaving like normal traffics
◦ Firewall systems and Router filters
Traffic flow
◦ Size and timing of request
BGP, DNS
Reduces impact on ISP’s
GTnetS Simulator
DDoS Defense Mechanisms
Network Topology
Benefits
No operator intervention
No differentiation due to patterns or
anomalies
No difference between 'good‘ and 'bad‘
networks
No need to maintain state information
No reconfiguration of network's topology
No reconfiguration of peers to their network
No post-attack reconfiguration
Optimal Performance
Impact on Traffic
32 Servers : 50 Attackers :1024 Clients
Conclusion
Attack traffic was easily separated from
legitimate traffic
DNS rotation interval strategy worked
Dropped massive amounts of legitimate
seeming attack traffic
Gives illusion of successful attack to
attackers
More than twice as many IP addresses
Best for high attackers/clients ratio
Future Work
Self-optimizing algorithm must be
developed
BGP must be implemented in the real
world black-hole routing
Implement in the real world environment,
to find the performance of the simulation