PPT-Stopping amplified DNS DDoS attacks through query rate sharing between DNS resolvers

Jun Ho Huh Research Scientist Cybersecurity Lab Saurabh Verma Ali Hamieh Jun Huh Ho Siva Raj Rajagopalan Maciej Korczynski Nina Fefferman 1 Motivation money talks 2 Its becoming very serious. . DDoS. Attacks. ------ An Overview. Zhang Fu. zhafu@chalmers.se. Outline. What is . DDoS. ? How it can be done?. Different types of . DDoS. attacks.. Reactive VS Proactive Defence. Some noticeable solutions. DDoS Protector. June 2012. Cybercrime Trends for 2012. SQL. Injections. 44%. APTs. 35%. Botnet. 33%. DDoS. 32%. Ponemon. Institute, May 2012. 32%. DDoS. 65%. . Businesses Experienced Attacks. Average. Nurfedin Zejnulahi, Arbor Consultant. Ten + Years of Innovation. Trusted Experts. Globally. Global ATLAS. Proprietary and Confidential Information of Arbor Networks, Inc.. Founded from DARPA grant. Over 40 networking and security patents . Darren Anstee, Arbor Solutions Architect. 8. th. Annual Edition . Key Findings in the Survey*. Advanced . Persistent Threats (APT) . a. . t. op . c. oncern . for . service providers and enterprises. a.kroczek@f5.com. Jak . zwiększyć bezpieczeństwo . i . wysoką dostępność . aplikacji wg. F5 . Networks. Mobility. SDDC/Cloud. Advanced . threats. Internet of. Things. “Software defined”. everything. Orly Sorokin. January 2013. AGENDA. DDoS attacks & Cyber security Statistics. About 2012 Global Security Report. Key Findings & Trends. Recommendations. DoS – How does it Look . Simple Way. The Stakes Have Changed. . Have You?. November 17, 2016. Today’s Speakers. Sean Pike. Program Vice President, Security Products, IDC. Tom Bienkowski. Director, Product Marketing, Arbor Networks. Kevin Whalen. Underestimating the Impact of DDoS. Jim Benanti – Sr. Consulting Engineer, Arbor Networks. Don’t Take My Word For It. Size Still Matters. 1H16 - ATLAS has recorded:. An average of 124,000 events per week over the last 18 months.. DDoS Protector. June 2012. Cybercrime Trends for 2012. SQL. Injections. 44%. APTs. 35%. Botnet. 33%. DDoS. 32%. Ponemon. Institute, May 2012. 32%. DDoS. 65%. . Businesses Experienced Attacks. Average. Michaelson. . APNICLabs. September 2012. What are the questions?. What proportion of DNS resolvers are DNSSEC-capable?. What proportion of users are using DNSSEC-. validatingDNS. resolvers?. Where are these users?. Michaelson. . APNICLabs. October 2012. What are the questions?. What proportion of DNS resolvers are . capable of performing DNS queries using IPv6?. What proportion of users are using . IPv6-capable DNS . Plaguing the Internet. DNS based DDoS attacks increasing. Late 2012 - DNS amplification remerges as a problem. January 2014 - new . innovation with . random subdomain attacks. Major attack . vector - open home gateways . Huston. APNIC. February 2014. The E. volution of Evil. It used to be that . they sent . evil packets to . their . chosen . victim. but this exposed the attacker, and limited the damage they could cause. Geoff Huston. APNIC. Some thoughts about . for. Well . –. guess - from the snippets that have been released. …. It was a . Mirai. attack. It used a compromised device collection. It used a range of attack vectors.