179 lines
4.6 KiB
TeX
179 lines
4.6 KiB
TeX
\documentclass[aspectratio=169]{beamer}
|
|
\usepackage[T1]{fontenc}
|
|
\usepackage[utf8]{inputenc}
|
|
\usepackage{lmodern}
|
|
\usepackage{amsmath}
|
|
\usetheme{Darmstadt}
|
|
\setbeamercovered{transparent}
|
|
|
|
\title{Protecting Internet Networks Against DoS Attacks}
|
|
\subtitle{State Exam Presentation}
|
|
\subject{This presentation contains a short overview of the topics mentioned in the thesis, a gentle touch
|
|
of the research methodology and approaches taken and the description of the
|
|
results of the practical part.}
|
|
\author{Adam Mirre, \\Supervisor: Ing. Tomáš Dulík, Ph.D.}
|
|
\keywords{DoS, Networks, BGP, Black-holing}
|
|
\institute{TBU in Zlín}
|
|
\date{3 June 2021}
|
|
|
|
|
|
\begin{document}
|
|
|
|
\frame{\titlepage}
|
|
|
|
\begin{frame}{}
|
|
\tableofcontents[pausesections]
|
|
\end{frame}
|
|
|
|
\section{Theoretical part}
|
|
\subsection{Outline}
|
|
\begin{frame}{}
|
|
\begin{block}{Outline}
|
|
\begin{itemize}[<+>]
|
|
\item overview, context, definitions, including historically notable
|
|
occasions and actors (attacker/defender)
|
|
\item attack methods (known and popular) along with their potential impact
|
|
\item attack tools
|
|
\item mitigation methods, correct use of them and the potential impact of
|
|
BCP
|
|
\item mitigation/protection tools
|
|
\end{itemize}
|
|
\end{block}
|
|
\end{frame}
|
|
|
|
\subsection{Context}
|
|
\begin{frame}{}
|
|
\begin{block}{Context}
|
|
\begin{itemize}[<+>]
|
|
\item DoS vs. DDoS
|
|
\item steeply growing tendency over the past decade
|
|
\item various kinds of targets since attackers are not particularly
|
|
discerning
|
|
\item highly accessible (technically and financially)
|
|
\end{itemize}
|
|
\end{block}
|
|
\end{frame}
|
|
|
|
\subsection{Attack methods}
|
|
\begin{frame}{}
|
|
\begin{block}{Attack methods}
|
|
\begin{itemize}[<+>]
|
|
\item SYN floods
|
|
\item amplified reflection attacks
|
|
\item BGP hijacking
|
|
\end{itemize}
|
|
\end{block}
|
|
\end{frame}
|
|
|
|
\subsection{Attack tools}
|
|
\begin{frame}{}
|
|
\begin{block}{Attack tools}
|
|
\begin{itemize}[<+>]
|
|
\item HOIC
|
|
\item Metasploit
|
|
\item slowloris.py
|
|
\end{itemize}
|
|
\end{block}
|
|
\end{frame}
|
|
|
|
\subsection{Mitigation methods}
|
|
\begin{frame}{}
|
|
\begin{block}{Mitigation methods}
|
|
\begin{itemize}[<+>]
|
|
\item scrubbing
|
|
\item sinkholing
|
|
\item null-routing
|
|
\item rate-limiting
|
|
\end{itemize}
|
|
\end{block}
|
|
\end{frame}
|
|
|
|
|
|
\section{Practical part}
|
|
\subsection{Overview}
|
|
\begin{frame}{Set-up}
|
|
\begin{block}{Practical part}
|
|
\begin{itemize}
|
|
\item<1> Infrastructure set-up (and teardown)
|
|
\item<2> automated configuration
|
|
\frametitle<2>{Configuration}
|
|
\item<3> staging an attack
|
|
\frametitle<3>{Attack}
|
|
\frametitle<4->{Response}
|
|
\item<4> attack detection and response
|
|
\end{itemize}
|
|
\end{block}
|
|
\end{frame}
|
|
|
|
\subsection{Infrastructure}
|
|
\begin{frame}{Setup}
|
|
\begin{block}{Infrastructure set-up}
|
|
Testing host: ULW Skylake i5, 24GB RAM, Fedora 34 w/ Linux 5.11.20
|
|
|
|
Infrastructure as code principles
|
|
\begin{itemize}
|
|
\item<1> Terraform + libvirt provider for Terraform (QCOW2 cloud images)
|
|
\frametitle<2,3>{Configuration}
|
|
\item<2> CloudInit for initial OS image configuration
|
|
\item<3> Ansible
|
|
\end{itemize}
|
|
\end{block}
|
|
\end{frame}
|
|
|
|
\subsection{Configuration}
|
|
\begin{frame}{CloudInit}
|
|
\begin{block}{Initial OS image configuration}
|
|
\begin{itemize}
|
|
\item disk resize
|
|
\item hostnames
|
|
\item MAC addressess
|
|
\item network interfaces
|
|
\end{itemize}
|
|
\end{block}
|
|
\begin{block}{Host roles}
|
|
\begin{itemize}
|
|
\item routers
|
|
\begin{itemize}
|
|
\item our edge
|
|
\item peer (upstream) device
|
|
\end{itemize}
|
|
\item victim
|
|
\item attacker
|
|
\item defender
|
|
\end{itemize}
|
|
\end{block}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Ansible}
|
|
\begin{block}{Program/service configuration}
|
|
utilizing Ansible roles for host groups
|
|
\begin{itemize}
|
|
\item GoBGPd role for routers (\texttt{host\_vars} customization)
|
|
\item fprobe (NetFlow) role for router metric reporting
|
|
\item FastNetMon role for the defender host (attack detection)
|
|
\end{itemize}
|
|
\end{block}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Attack attempt}
|
|
\begin{block}{Attack attempt}
|
|
\begin{itemize}
|
|
\item slowloris.py - successfully mitigated
|
|
\item FastNetMon and GoBGPd issues
|
|
\end{itemize}
|
|
\end{block}
|
|
\end{frame}
|
|
|
|
\section*{Conclusion}
|
|
\begin{frame}{}
|
|
The goal of describing several attack and mitigation techniques and tools has
|
|
been achieved, infrastructure set-up automated and attacks staging partially
|
|
successful.
|
|
\end{frame}
|
|
|
|
\begin{frame}[plain]{Conclusion}
|
|
\textbf{Thank you for your attention.}
|
|
\end{frame}
|
|
|
|
\end{document}
|