add a large (final) batch + do some cleanup
This commit is contained in:
parent
a38ee8c596
commit
d305949e91
GPG Key ID:
19CE1EC1D9E0486D
127
presentation.tex
127
presentation.tex
@ -8,7 +8,11 @@
|
||||
|
||||
\title{Protecting Internet Networks Against DoS Attacks}
|
||||
\subtitle{State Exam Presentation}
|
||||
\author{Adam Mirre\\Supervisor: Ing. Tomáš Dulík, Ph.D.}
|
||||
\subject{This presentation contains a short overview of the topics mentioned in the thesis, a gentle touch
|
||||
of the research methodology and approaches taken and the description of the
|
||||
results of the practical part.}
|
||||
\author{Adam Mirre, \\Supervisor: Ing. Tomáš Dulík, Ph.D.}
|
||||
\keywords{DoS, Networks, BGP, Black-holing}
|
||||
\institute{TBU in Zlín}
|
||||
\date{3 June 2021}
|
||||
|
||||
@ -32,12 +36,6 @@
|
||||
\item attack tools
|
||||
\item mitigation methods, correct use of them and the potential impact of
|
||||
BCP
|
||||
\begin{itemize}
|
||||
\item<4> blackhole routing
|
||||
\item<4> sinkholing
|
||||
\item<4> scrubbing
|
||||
\item<4> rate-limiting
|
||||
\end{itemize}
|
||||
\item mitigation/protection tools
|
||||
\end{itemize}
|
||||
\end{block}
|
||||
@ -51,13 +49,128 @@
|
||||
\item steeply growing tendency over the past decade
|
||||
\item various kinds of targets since attackers are not particularly
|
||||
discerning
|
||||
\item highly accessible (technically and financially)
|
||||
\end{itemize}
|
||||
\end{block}
|
||||
\end{frame}
|
||||
|
||||
\subsection{Attack methods}
|
||||
\begin{frame}{}
|
||||
\begin{block}{Attack methods}
|
||||
\begin{itemize}[<+>]
|
||||
\item SYN floods
|
||||
\item amplified reflection attacks
|
||||
\item BGP hijacking
|
||||
\end{itemize}
|
||||
\end{block}
|
||||
\end{frame}
|
||||
|
||||
\subsection{Attack tools}
|
||||
\begin{frame}{}
|
||||
\begin{block}{Attack tools}
|
||||
\begin{itemize}[<+>]
|
||||
\item HOIC
|
||||
\item Metasploit
|
||||
\item slowloris.py
|
||||
\end{itemize}
|
||||
\end{block}
|
||||
\end{frame}
|
||||
|
||||
\subsection{Mitigation methods}
|
||||
\begin{frame}{}
|
||||
\begin{block}{Mitigation methods}
|
||||
\begin{itemize}[<+>]
|
||||
\item scrubbing
|
||||
\item sinkholing
|
||||
\item null-routing
|
||||
\item rate-limiting
|
||||
\end{itemize}
|
||||
\end{block}
|
||||
\end{frame}
|
||||
|
||||
|
||||
\section{Practical part}
|
||||
\subsection{Overview}
|
||||
\begin{frame}{Set-up}
|
||||
\begin{block}{Practical part}
|
||||
\begin{itemize}
|
||||
\item<1> Infrastructure set-up (and teardown)
|
||||
\item<2> automated configuration
|
||||
\frametitle<2>{Configuration}
|
||||
\item<3> staging an attack
|
||||
\frametitle<3>{Attack}
|
||||
\frametitle<4->{Response}
|
||||
\item<4> attack detection and response
|
||||
\end{itemize}
|
||||
\end{block}
|
||||
\end{frame}
|
||||
|
||||
\subsection{Infrastructure}
|
||||
\begin{frame}{Setup}
|
||||
\begin{block}{Infrastructure set-up}
|
||||
Testing host: ULW Skylake i5, 24GB RAM, Fedora 34 w/ Linux 5.11.20
|
||||
|
||||
Infrastructure as code principles
|
||||
\begin{itemize}
|
||||
\item<1> Terraform + libvirt provider for Terraform (QCOW2 cloud images)
|
||||
\frametitle<2,3>{Configuration}
|
||||
\item<2> CloudInit for initial OS image configuration
|
||||
\item<3> Ansible
|
||||
\end{itemize}
|
||||
\end{block}
|
||||
\end{frame}
|
||||
|
||||
\subsection{Configuration}
|
||||
\begin{frame}{CloudInit}
|
||||
\begin{block}{Initial OS image configuration}
|
||||
\begin{itemize}
|
||||
\item disk resize
|
||||
\item hostnames
|
||||
\item MAC addressess
|
||||
\item network interfaces
|
||||
\end{itemize}
|
||||
\end{block}
|
||||
\begin{block}{Host roles}
|
||||
\begin{itemize}
|
||||
\item routers
|
||||
\begin{itemize}
|
||||
\item our edge
|
||||
\item peer (upstream) device
|
||||
\end{itemize}
|
||||
\item victim
|
||||
\item attacker
|
||||
\item defender
|
||||
\end{itemize}
|
||||
\end{block}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Ansible}
|
||||
\begin{block}{Program/service configuration}
|
||||
utilizing Ansible roles for host groups
|
||||
\begin{itemize}
|
||||
\item GoBGPd role for routers (\texttt{host\_vars} customization)
|
||||
\item fprobe (NetFlow) role for router metric reporting
|
||||
\item FastNetMon role for the defender host (attack detection)
|
||||
\end{itemize}
|
||||
\end{block}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Attack attempt}
|
||||
\begin{block}{Attack attempt}
|
||||
\begin{itemize}
|
||||
\item slowloris.py - successfully mitigated
|
||||
\item FastNetMon and GoBGPd issues
|
||||
\end{itemize}
|
||||
\end{block}
|
||||
\end{frame}
|
||||
|
||||
\section*{Conclusion}
|
||||
\begin{frame}{}
|
||||
The goal of describing several attack and mitigation techniques and tools has
|
||||
been achieved, infrastructure set-up automated and attacks staging partially
|
||||
successful.
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}[plain]{Conclusion}
|
||||
\textbf{Thank you for your attention.}
|
||||
\end{frame}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user