DDoS Protection Protecting Against The DDoS Attacks Since 2007
CloudFlare DDoS attacks 101: what are they and how to protect your site?
-
Upload
cloudflare -
Category
Technology
-
view
673 -
download
8
description
Transcript of CloudFlare DDoS attacks 101: what are they and how to protect your site?
Distributed Denial of Service
!
An attack coming from all many locations which overwhelms your resources and prevents you from serving legitimate
customers.
Fake Pizza Orders
Variety of Attacks
Volumetric
Protocol Attacks
Application Attacks
Real Life Example
Wednesday, March 20 ~75Gbps attack
100Gbps Magic ceiling in DDoS attacks
March 24 – March 25 Peaks of the attack reached at least 309Gbps
dig ANY isc.org @63.217.84.76 +edns=0 +notcp +bufsize=4096
64-byte query
$ dig ANY isc.org @63.217.84.76 +edns=0 +notcp +bufsize=4096 !
3,363-byte response
Amplification
50x Amplification factor
Attack Amplification !
DNS - 50 x NTP - 200x
Coming: SNMP - 650x
UDP = no handshake
Problem Ingredients: Networks that allows
source IP spoofing +
Servers that reply to “non-customers”
Good networks don’t let packets originate from IPs they don’t own (BCP38)
Not all networks are good
How common are these ingredients?
28 million open resolvers
24.6% networks allow spoofing
10s of Millions Open NTP DNS servers
1 attacker’s laptop controlling 5–7 compromised servers on 3 networks that allowed spoofing of 9Gbps DNS requests to 0.1% of open resolvers resulted in 300Gbps+ of DDoS attack traffic.
+ + + +
How did we stop it?
Anycast
Inherently “dilutes” the attack
300Gbps 25 Anycasted PoPs 12 Gbps/PoP
÷
Make sure you’re not part of the problem…
Are you running open DNS resolvers?
Are you running open NTP servers?
Implement BCP38 (uRPF)