DDoS-атаки вчера, сегодня, завтра

  • View
    158

  • Download
    1

Embed Size (px)

Transcript

  • DDoS- , ,

    Qrator Labs as@qrator.net

  • DoS/DDoS-? DoS = Denial of Service, DDoS = Distributed Denial of Service,

    : DoS

    (ping of death, INVITE of death, route leaks) DDoS -

    (SYN-flood, amp-)

    04/12/15 DDoS- , , 2

    ().

  • DDoS-

    1. 2. (ex: DNS) (ex: BGP)

    3. ( ) 4. 5.

    04/12/15 DDoS- , , 3

  • DDoS

    :

    04/12/15 DDoS- , , 4

  • Robot bot , ,

    , , , , .

    , .

    , , , .

    04/12/15 DDoS- , , 5

  • 04/12/15 DDoS- , , 6

  • 04/12/15 DDoS- , , 7

    :

  • : , ,

    , .

    , : DNS, NTP, SSDP, Chargen/UDP, ICMP.

    100 / .

    04/12/15 DDoS- , , 8

  • DNS 28-54

    NTP 500-1300

    SNMPv2 6

    NetBIOS 4

    SSDP 30

    Chargen 350

    QOTD 140

    BitTorrent 4

    Kad 16

    Quake Network Protocol 64

    RIPv1 130

    Portmap (RPCbind) 7-28 04/12/15 DDoS- , , 9

  • DDoS:

    DDoS- 1996 .

    1999 , Amazon, Yahoo, CNN, eBay, E-Trade .

    2002 : (Trinoo, TFN, Stacheldraht, TFN2K ..)

    , .

    04/12/15 DDoS- , , 10

  • 2003-2005 2003 DNS (Chicago Webs), 700 . 2003 .

    2003 . 260000 .

    2003 , DDoS (Prolexic)

    2003 ICMP- .

    2004 +

    2003 : 1Gbps 2004 : 3Gbps

    2005

    04/12/15 DDoS- , , 11

  • 2006-2009 2006 DNS ( EDNS0, )

    2007 . DDoS- DNS-.

    2007 2007 DC++ DDoS 2009 DNS-

    04/12/15 DDoS- , , 12

  • 2007 LOIC,

    DDoS-: 2007 : (, )

    2008 : ( win+love+in+Rusia)

    2009 : ( )

    2009 : Google, Facebook, Twier (-, Cyxymu)

    2009 :

    04/12/15 DDoS- , , 13

  • 2010-2012 : Qrator

    2010 >1Gbps (Qrator: 15 )

    2011 15Gbps, >1Gbps 23 . .

    2012 >10Gbps (28 )

    04/12/15 DDoS- , , 14

  • 2013

    DNS, EDNS0 ( DNSSEC)

    DDoS- : Spamhaus, 300 Gbps

    04/12/15 DDoS- , , 15

  • 2014 DNS- NTP-

    1000 (!) : 400Gbps . 2014 :

    ,

    CapEx OpEx

    04/12/15 DDoS- , , 16

  • 2015 NTP- SSDP-

    NTP- SSDP-

    (Qrator: 2015Q1 2.5 , 2014Q1).

    (!) : ( ) .

    DNS

    DDoS (DD4BC, Armada Cooperave).

    04/12/15 DDoS- , , 17

  • 04/12/15 DDoS- , , 18

    100000

    200000

    300000

    400000

    500000

    2010 2011 2012 2013 2014 2015

  • 04/12/15 DDoS- , , 19

    0

    1000

    2000

    3000

    4000

    5000

    6000

    7000

    2011 2012 2013 2014 2015

    ,

  • ?

    . ? . , .

    , use cases +?

    04/12/15 DDoS- , , 20

  • 04/12/15 DDoS- , , 21

    2500

    3000

    3500

    Monday Tuesday Wednesday Thursday Friday Saturday Sunday

  • DDoS

    DDoS- , . .

    , .

    DDoS- .

    DDoS- .

    04/12/15 DDoS- , , 22

  • 04/12/15 DDoS- , , 23

  • : ,

    . ( DNS, ).

    . -, , .

    .

    04/12/15 DDoS- , , 24

  • DDoS-:

    04/12/15 DDoS- , , 25

  • MANRS = Mutually Agreed Norms for Roung Security : IP-

    ISOC,

    ( )

    DOTS = DDoS Open Threat Signalling : CPE .

    IETF

    04/12/15 DDoS- , , 26

  • !

    04/12/15 DDoS- , , 27