mirre-bt/state-exam-presentation
1
0
Fork 0
Code Issues Releases Activity

add a large (final) batch + do some cleanup

Browse Source
This commit is contained in:
surtur 2021-06-02 23:56:38 +02:00
parent a38ee8c596
commit d305949e91
Signed by: wanderer
GPG Key ID: 19CE1EC1D9E0486D
1 changed files with 120 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
presentation.tex
View File

@ -8,7 +8,11 @@
\title{Protecting Internet Networks Against DoS Attacks} \title{Protecting Internet Networks Against DoS Attacks}
\subtitle{State Exam Presentation} \subtitle{State Exam Presentation}
\author{Adam Mirre\\Supervisor: Ing. Tomáš Dulík, Ph.D.} \subject{This presentation contains a short overview of the topics mentioned in the thesis, a gentle touch
of the research methodology and approaches taken and the description of the
results of the practical part.}
\author{Adam Mirre, \\Supervisor: Ing. Tomáš Dulík, Ph.D.}
\keywords{DoS, Networks, BGP, Black-holing}
\institute{TBU in Zlín} \institute{TBU in Zlín}
\date{3 June 2021} \date{3 June 2021}
@ -32,12 +36,6 @@
\item attack tools \item attack tools
\item mitigation methods, correct use of them and the potential impact of \item mitigation methods, correct use of them and the potential impact of
BCP BCP
\begin{itemize}
\item<4> blackhole routing
\item<4> sinkholing
\item<4> scrubbing
\item<4> rate-limiting
\end{itemize}
\item mitigation/protection tools \item mitigation/protection tools
\end{itemize} \end{itemize}
\end{block} \end{block}
@ -51,13 +49,128 @@
\item steeply growing tendency over the past decade \item steeply growing tendency over the past decade
\item various kinds of targets since attackers are not particularly \item various kinds of targets since attackers are not particularly
discerning discerning
\item highly accessible (technically and financially)
\end{itemize} \end{itemize}
\end{block} \end{block}
\end{frame} \end{frame}
\subsection{Attack methods}
\begin{frame}{}
\begin{block}{Attack methods}
\begin{itemize}[<+>]
\item SYN floods
\item amplified reflection attacks
\item BGP hijacking
\end{itemize}
\end{block}
\end{frame}
\subsection{Attack tools}
\begin{frame}{}
\begin{block}{Attack tools}
\begin{itemize}[<+>]
\item HOIC
\item Metasploit
\item slowloris.py
\end{itemize}
\end{block}
\end{frame}
\subsection{Mitigation methods}
\begin{frame}{}
\begin{block}{Mitigation methods}
\begin{itemize}[<+>]
\item scrubbing
\item sinkholing
\item null-routing
\item rate-limiting
\end{itemize}
\end{block}
\end{frame}
\section{Practical part} \section{Practical part}
\subsection{Overview}
\begin{frame}{Set-up}
\begin{block}{Practical part}
\begin{itemize}
\item<1> Infrastructure set-up (and teardown)
\item<2> automated configuration
\frametitle<2>{Configuration}
\item<3> staging an attack
\frametitle<3>{Attack}
\frametitle<4->{Response}
\item<4> attack detection and response
\end{itemize}
\end{block}
\end{frame}
\subsection{Infrastructure}
\begin{frame}{Setup}
\begin{block}{Infrastructure set-up}
Testing host: ULW Skylake i5, 24GB RAM, Fedora 34 w/ Linux 5.11.20
Infrastructure as code principles
\begin{itemize}
\item<1> Terraform + libvirt provider for Terraform (QCOW2 cloud images)
\frametitle<2,3>{Configuration}
\item<2> CloudInit for initial OS image configuration
\item<3> Ansible
\end{itemize}
\end{block}
\end{frame}
\subsection{Configuration}
\begin{frame}{CloudInit}
\begin{block}{Initial OS image configuration}
\begin{itemize}
\item disk resize
\item hostnames
\item MAC addressess
\item network interfaces
\end{itemize}
\end{block}
\begin{block}{Host roles}
\begin{itemize}
\item routers
\begin{itemize}
\item our edge
\item peer (upstream) device
\end{itemize}
\item victim
\item attacker
\item defender
\end{itemize}
\end{block}
\end{frame}
\begin{frame}{Ansible}
\begin{block}{Program/service configuration}
utilizing Ansible roles for host groups
\begin{itemize}
\item GoBGPd role for routers (\texttt{host\_vars} customization)
\item fprobe (NetFlow) role for router metric reporting
\item FastNetMon role for the defender host (attack detection)
\end{itemize}
\end{block}
\end{frame}
\begin{frame}{Attack attempt}
\begin{block}{Attack attempt}
\begin{itemize}
\item slowloris.py - successfully mitigated
\item FastNetMon and GoBGPd issues
\end{itemize}
\end{block}
\end{frame}
\section*{Conclusion} \section*{Conclusion}
\begin{frame}{}
The goal of describing several attack and mitigation techniques and tools has
been achieved, infrastructure set-up automated and attacks staging partially
successful.
\end{frame}
\begin{frame}[plain]{Conclusion} \begin{frame}[plain]{Conclusion}
\textbf{Thank you for your attention.} \textbf{Thank you for your attention.}
\end{frame} \end{frame}