Fighting the DDoS Menace!
http://vig.prenhall.com/catalog/academic/product/0,1144,0131475738,00.html
Recent High Profile DDoS Attacks
●
●
●
●
Protx (Online payments processing firm) :
October 31st
WeaKnees.com, RapidSatellite.com (e-commerce)
October 6th
WorldPay (section of Royal Bank of Scotland) :
October 4th
Authorize.net (US credit card processing firm) :
September 23rd
Fighting the Good Fight
●
●
Aggregate-based congestion control (ACC)
–
identify a pattern of packets
–
apply a rate-limiter to the pattern(s)
Local ACC versus Global ACC
–
allow a router to request adjacent upstream routers to
rate-limit traffic corresponding to a specific
aggregate.
An Illustrated Example
“Controlling High Bandwidth Aggregates in the Network” (Mahajan et al, 2001)
ACC Works???
The Scalable
Simulation
Framework
(http://www.ssfnet.org)
focus on scalability
model scalability: # of nodes, traffic flows,
bandwidth, system heterogeneity
● contains a DDoS scenario
● much faster learning curve than NS tools (no tcl/tk)
●
What's the catch?
●
●
●
Well, it turns out the DDoS scenario models a
TCP SYN flooding denial of service attack.
This DDoS attacks the TCP/IP stack of the target
servers. It is not bandwidth limited! So
congestion control is not the appropriate
response.
Quickly, we must model a bandwidth-limited
DDoS attack....
Network
Topology
Client Topology
Server Topology
DDoS
Topology
But What Does It Do?
●
164 iterations, no DDoS enabled:
–
●
68 iterations, DDoS enabled:
–
●
mean 202.71 connections, std. dev. 13.79
mean 194.29 connections, std. dev. 15.47
59 iterations, DDoS enabled & local ACC:
–
mean 196.98 connections, std. dev. 14.33
TODO LIST
●
●
Improve the effectiveness of the DDoS attack
Use identical random number seeds across all
three trial. This will show strict ordering of,
DDoS < DDoS + local ACC ≤ no DDoS