Denial of Service attacks are the most affective danger in the online services nowadays. Starting from volumetric attacks designed to damage larger networks and infrastructure, to protocol attacks designed to put in crisis dedicated services, arriving to application attacks meant to push offline different servers, they are all constructed with a malicious purpose. A DDoS attack can take many forms and attack many different protocols. In the last two years, the world has had to face attacks that have reached a volume as large as 1.35Tbps and these volumes are expected to increase further more in the close future. In order to absorb or mitigate these attacks a dedicated protection needs to be deployed, especially when considering large network operators with a legacy infrastructure to be protected. There are various phases of protection of the network, each designed and implemented with its specific purpose. The starting phase is dedicated to the detection of the attack, covered by a packet inspector that decides whether a specific flow of packets is malicious or not. Once passed this phase, arrives the mitigation of the traffic including the diversion of the real and malicious traffic towards the scrubbing center and the cleaning of the traffic. Next phase is the reinjection of the traffic and the conclusion of the attack with a following peace-time period. Each of the phases is concluded by the dedicated nodes implemented in the dedicated Anti DDoS infrastructure that gets tested and accepted in order to be implemented further on. Once implemented, this part of the network is being watched closely and undergoes a series of tuning, especially over the first months while it is observing and learning the necessities of the actual traffic.
Al giorno d'oggi gli attacchi Denial of Service sono il pericolo più affettivo nei servizi online. Partendo da attacchi volumetrici progettati per danneggiare reti e infrastrutture di grandi dimensioni, fino a attacchi di protocollo progettati per mettere in crisi servizi dedicati, arrivando ad attacchi applicativi volti a spingere offline diversi server, sono tutti costruiti con uno scopo malevole. Un attacco DDoS può assumere molte forme e attaccare molti protocolli diversi. Negli ultimi due anni, il mondo ha dovuto affrontare attacchi che hanno raggiunto un volume di 1,35 Tbps e si prevede che questi volumi aumenteranno ulteriormente nel prossimo futuro. Al fine di assorbire o mitigare questi attacchi, è necessario implementare una protezione dedicata, soprattutto quando si devono proteggere i grandi operatori di rete con un'infrastruttura legacy. Esistono varie fasi di protezione della rete, ognuna progettata e implementata con il suo scopo specifico. La fase iniziale è dedicata al rilevamento dell'attacco, coperto da un ispettore di pacchetti che decide se un flusso specifico di pacchetti è dannoso o meno. Una volta superata questa fase, arriva la mitigazione del traffico tra cui la deviazione del traffico reale e dannoso verso il scrubbing center e la pulizia del traffico. La fase successiva è il reinserimento del traffico e la conclusione dell'attacco con un successivo periodo di pace. Ciascuna delle fasi è conclusa dai nodi dedicati implementati nell'infrastruttura Anti DDoS dedicata che viene testata e accettata per essere ulteriormente implementata. Una volta implementata, questa parte della rete viene osservata da vicino e subisce una serie di ottimizzazioni, in particolare nei primi mesi mentre osserva e apprende le caratteristiche e le esigenze del traffico effettivo.
AntiDDoS in modern networks
JANKULOSKA, ANASTAZIJA
2018/2019
Abstract
Denial of Service attacks are the most affective danger in the online services nowadays. Starting from volumetric attacks designed to damage larger networks and infrastructure, to protocol attacks designed to put in crisis dedicated services, arriving to application attacks meant to push offline different servers, they are all constructed with a malicious purpose. A DDoS attack can take many forms and attack many different protocols. In the last two years, the world has had to face attacks that have reached a volume as large as 1.35Tbps and these volumes are expected to increase further more in the close future. In order to absorb or mitigate these attacks a dedicated protection needs to be deployed, especially when considering large network operators with a legacy infrastructure to be protected. There are various phases of protection of the network, each designed and implemented with its specific purpose. The starting phase is dedicated to the detection of the attack, covered by a packet inspector that decides whether a specific flow of packets is malicious or not. Once passed this phase, arrives the mitigation of the traffic including the diversion of the real and malicious traffic towards the scrubbing center and the cleaning of the traffic. Next phase is the reinjection of the traffic and the conclusion of the attack with a following peace-time period. Each of the phases is concluded by the dedicated nodes implemented in the dedicated Anti DDoS infrastructure that gets tested and accepted in order to be implemented further on. Once implemented, this part of the network is being watched closely and undergoes a series of tuning, especially over the first months while it is observing and learning the necessities of the actual traffic.| File | Dimensione | Formato | |
|---|---|---|---|
|
AntiDDoS_in_modern networks_Jankuloska.pdf
solo utenti autorizzati dal 16/09/2022
Descrizione: Thesis text
Dimensione
2.83 MB
Formato
Adobe PDF
|
2.83 MB | Adobe PDF | Visualizza/Apri |
I documenti in POLITesi sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/10589/149982