Verify John Lefever`s Outpace Defense against DDoS Simulation

Download Report

Transcript Verify John Lefever`s Outpace Defense against DDoS Simulation

Simulation of internet backbone
under DDoS Attacks
Simulation of adaptive Network Reconfiguration under
Overwhelming Denial of Service Attack
by
John William Lefever’s Thesis Project(2010)
Rajya Badam
Outline
Purpose
 Various DDoS Defense Mechanisms
 Network Topology
 Benefits
 Results
 Conclusion
 Future Work

Purpose






DDoS
Attackers behaving like normal traffics
◦ Firewall systems and Router filters
Traffic flow
◦ Size and timing of request
BGP, DNS
Reduces impact on ISP’s
GTnetS Simulator
DDoS Defense Mechanisms
Network Topology
Benefits







No operator intervention
No differentiation due to patterns or
anomalies
No difference between 'good‘ and 'bad‘
networks
No need to maintain state information
No reconfiguration of network's topology
No reconfiguration of peers to their network
No post-attack reconfiguration
Optimal Performance
Impact on Traffic
32 Servers : 50 Attackers :1024 Clients
Conclusion
Attack traffic was easily separated from
legitimate traffic
 DNS rotation interval strategy worked
 Dropped massive amounts of legitimate
seeming attack traffic
 Gives illusion of successful attack to
attackers
 More than twice as many IP addresses
 Best for high attackers/clients ratio

Future Work
Self-optimizing algorithm must be
developed
 BGP must be implemented in the real
world black-hole routing
 Implement in the real world environment,
to find the performance of the simulation
