\documentclass[aspectratio=169]{beamer} \usepackage[T1]{fontenc} \usepackage[utf8]{inputenc} \usepackage{lmodern} \usepackage{amsmath} \usetheme{Darmstadt} \setbeamercovered{transparent} \title{Protecting Internet Networks Against DoS Attacks} \subtitle{State Exam Presentation} \subject{This presentation contains a short overview of the topics mentioned in the thesis, a gentle touch of the research methodology and approaches taken and the description of the results of the practical part.} \author{Adam Mirre, \\Supervisor: Ing. Tomáš Dulík, Ph.D.} \keywords{DoS, Networks, BGP, Black-holing} \institute{TBU in Zlín} \date{3 June 2021} \begin{document} \frame{\titlepage} \begin{frame}{} \tableofcontents[pausesections] \end{frame} \section{Theoretical part} \subsection{Outline} \begin{frame}{} \begin{block}{Outline} \begin{itemize}[<+>] \item overview, context, definitions, including historically notable occasions and actors (attacker/defender) \item attack methods (known and popular) along with their potential impact \item attack tools \item mitigation methods, correct use of them and the potential impact of BCP \item mitigation/protection tools \end{itemize} \end{block} \end{frame} \subsection{Context} \begin{frame}{} \begin{block}{Context} \begin{itemize}[<+>] \item DoS vs. DDoS \item steeply growing tendency over the past decade \item various kinds of targets since attackers are not particularly discerning \item highly accessible (technically and financially) \end{itemize} \end{block} \end{frame} \subsection{Attack methods} \begin{frame}{} \begin{block}{Attack methods} \begin{itemize}[<+>] \item SYN floods \item amplified reflection attacks \item BGP hijacking \end{itemize} \end{block} \end{frame} \subsection{Attack tools} \begin{frame}{} \begin{block}{Attack tools} \begin{itemize}[<+>] \item HOIC \item Metasploit \item slowloris.py \end{itemize} \end{block} \end{frame} \subsection{Mitigation methods} \begin{frame}{} \begin{block}{Mitigation methods} \begin{itemize}[<+>] \item scrubbing \item sinkholing \item null-routing \item rate-limiting \end{itemize} \end{block} \end{frame} \section{Practical part} \subsection{Overview} \begin{frame}{Set-up} \begin{block}{Practical part} \begin{itemize} \item<1> Infrastructure set-up (and teardown) \item<2> automated configuration \frametitle<2>{Configuration} \item<3> staging an attack \frametitle<3>{Attack} \frametitle<4->{Response} \item<4> attack detection and response \end{itemize} \end{block} \end{frame} \subsection{Infrastructure} \begin{frame}{Setup} \begin{block}{Infrastructure set-up} Testing host: ULW Skylake i5, 24GB RAM, Fedora 34 w/ Linux 5.11.20 Infrastructure as code principles \begin{itemize} \item<1> Terraform + libvirt provider for Terraform (QCOW2 cloud images) \frametitle<2,3>{Configuration} \item<2> CloudInit for initial OS image configuration \item<3> Ansible \end{itemize} \end{block} \end{frame} \subsection{Configuration} \begin{frame}{CloudInit} \begin{block}{Initial OS image configuration} \begin{itemize} \item disk resize \item hostnames \item MAC addressess \item network interfaces \end{itemize} \end{block} \begin{block}{Host roles} \begin{itemize} \item routers \begin{itemize} \item our edge \item peer (upstream) device \end{itemize} \item victim \item attacker \item defender \end{itemize} \end{block} \end{frame} \begin{frame}{Ansible} \begin{block}{Program/service configuration} utilizing Ansible roles for host groups \begin{itemize} \item GoBGPd role for routers (\texttt{host\_vars} customization) \item fprobe (NetFlow) role for router metric reporting \item FastNetMon role for the defender host (attack detection) \end{itemize} \end{block} \end{frame} \begin{frame}{Attack attempt} \begin{block}{Attack attempt} \begin{itemize} \item slowloris.py - successfully mitigated \item FastNetMon and GoBGPd issues \end{itemize} \end{block} \end{frame} \section*{Conclusion} \begin{frame}{} The goal of describing several attack and mitigation techniques and tools has been achieved, infrastructure set-up automated and attacks staging partially successful. \end{frame} \begin{frame}[plain]{Conclusion} \textbf{Thank you for your attention.} \end{frame} \end{document}