diff --git a/presentation.tex b/presentation.tex index f85a0b1..220ff88 100644 --- a/presentation.tex +++ b/presentation.tex @@ -8,7 +8,11 @@ \title{Protecting Internet Networks Against DoS Attacks} \subtitle{State Exam Presentation} -\author{Adam Mirre\\Supervisor: Ing. Tomáš Dulík, Ph.D.} +\subject{This presentation contains a short overview of the topics mentioned in the thesis, a gentle touch +of the research methodology and approaches taken and the description of the +results of the practical part.} +\author{Adam Mirre, \\Supervisor: Ing. Tomáš Dulík, Ph.D.} +\keywords{DoS, Networks, BGP, Black-holing} \institute{TBU in Zlín} \date{3 June 2021} @@ -32,12 +36,6 @@ \item attack tools \item mitigation methods, correct use of them and the potential impact of BCP - \begin{itemize} - \item<4> blackhole routing - \item<4> sinkholing - \item<4> scrubbing - \item<4> rate-limiting - \end{itemize} \item mitigation/protection tools \end{itemize} \end{block} @@ -51,13 +49,128 @@ \item steeply growing tendency over the past decade \item various kinds of targets since attackers are not particularly discerning + \item highly accessible (technically and financially) \end{itemize} \end{block} \end{frame} +\subsection{Attack methods} +\begin{frame}{} + \begin{block}{Attack methods} + \begin{itemize}[<+>] + \item SYN floods + \item amplified reflection attacks + \item BGP hijacking + \end{itemize} + \end{block} +\end{frame} + +\subsection{Attack tools} +\begin{frame}{} + \begin{block}{Attack tools} + \begin{itemize}[<+>] + \item HOIC + \item Metasploit + \item slowloris.py + \end{itemize} + \end{block} +\end{frame} + +\subsection{Mitigation methods} +\begin{frame}{} + \begin{block}{Mitigation methods} + \begin{itemize}[<+>] + \item scrubbing + \item sinkholing + \item null-routing + \item rate-limiting + \end{itemize} + \end{block} +\end{frame} + + \section{Practical part} +\subsection{Overview} +\begin{frame}{Set-up} + \begin{block}{Practical part} + \begin{itemize} + \item<1> Infrastructure set-up (and teardown) + \item<2> automated configuration + \frametitle<2>{Configuration} + \item<3> staging an attack + \frametitle<3>{Attack} + \frametitle<4->{Response} + \item<4> attack detection and response + \end{itemize} + \end{block} +\end{frame} + +\subsection{Infrastructure} +\begin{frame}{Setup} + \begin{block}{Infrastructure set-up} + Testing host: ULW Skylake i5, 24GB RAM, Fedora 34 w/ Linux 5.11.20 + + Infrastructure as code principles + \begin{itemize} + \item<1> Terraform + libvirt provider for Terraform (QCOW2 cloud images) + \frametitle<2,3>{Configuration} + \item<2> CloudInit for initial OS image configuration + \item<3> Ansible + \end{itemize} + \end{block} +\end{frame} + +\subsection{Configuration} +\begin{frame}{CloudInit} + \begin{block}{Initial OS image configuration} + \begin{itemize} + \item disk resize + \item hostnames + \item MAC addressess + \item network interfaces + \end{itemize} + \end{block} + \begin{block}{Host roles} + \begin{itemize} + \item routers + \begin{itemize} + \item our edge + \item peer (upstream) device + \end{itemize} + \item victim + \item attacker + \item defender + \end{itemize} + \end{block} +\end{frame} + +\begin{frame}{Ansible} + \begin{block}{Program/service configuration} + utilizing Ansible roles for host groups + \begin{itemize} + \item GoBGPd role for routers (\texttt{host\_vars} customization) + \item fprobe (NetFlow) role for router metric reporting + \item FastNetMon role for the defender host (attack detection) + \end{itemize} + \end{block} +\end{frame} + +\begin{frame}{Attack attempt} + \begin{block}{Attack attempt} + \begin{itemize} + \item slowloris.py - successfully mitigated + \item FastNetMon and GoBGPd issues + \end{itemize} + \end{block} +\end{frame} \section*{Conclusion} +\begin{frame}{} + The goal of describing several attack and mitigation techniques and tools has + been achieved, infrastructure set-up automated and attacks staging partially + successful. +\end{frame} + \begin{frame}[plain]{Conclusion} \textbf{Thank you for your attention.} \end{frame}