NANOG Meeting Presentation Abstract

Practical Approaches to Dealing with DDoS Attacks
Meeting:	NANOG22
Date / Time:	2001-05-21 10:15am - 10:45am
Room:	Forum Hall
Presenters:	Speakers: Massimiliano Poletto, Mazu Networks Prior to co-founding Mazu, Poletto was a postdoctoral associate at the MIT Laboratory for Computer Science, where he collaborated on the modular packet processing architecture that has since evolved into the Mazu platform. He received a Ph.D. from MIT in 1999 for research on improving the performance of computer programs by allowing them to automatically adapt to changing run-time conditions. Poletto\'s work on compiler algorithms has been adopted by groups at Microsoft and IBM.
Abstract:	Distributed denial of service (DDoS) attacks are really network operations and performance problems, rather than strictly security events. To effectively address these attacks, the network infrastructure must be able to quickly identify unusual packet streams at high rates and help operators move closer to the packets\' sources. This talk will focus on novel anomaly-detection techniques developed to identify potential DDoS traffic. The analyses are triggered by congestion or unusual network traffic levels---the common characteristics of any network-based DoS attack. The analyses look at various parameters, ranging from IP addresses to packet payloads, to rapidly build \"dynamic signatures\" of high-volume traffic that is likely to be causing the anomaly. Since the analyses identify aggregate traffic properties, rather than looking for signatures of specific attack tools, they are fast and should remain effective even in the presence of new attack tools. When run on multiple devices deployed in strategic points throughout the network, the anomaly-detection analyses can be used in a distributed manner to quickly move closer to the source of an attack, pinpointing the networks from which the attack is originating.
Files:	Massimiliano Poletto Presentation(PPT) Practical Approaches to Dealing with DDoS Attacks
Sponsors:	None.

Back to NANOG22 agenda.

NANOG22 Abstracts

• Show All

• BGP Techniques for Service Providers
  Speakers:
  Phil Smith, Cisco Systems;

• Basic ISP Traffic Engineering Tools and Practices
  Speakers:
  John Brown, Chagres Technologies;

• ARIN Policies and Guidelines
  Speakers:
  Richard Jimmerson, ARIN;

• Estimating Global Denial-of-Service Activity
  Speakers:
  Stefan SavageUCSD/Asta Networks; .
  David MooreCAIDA/CAIMIS; .
  Geoff VoelkerUCSD CSE; .
  

• Estimating Global Denial-of-Service Activity
  Speakers:
  Stefan SavageUCSD/Asta Networks; .
  David MooreCAIDA/CAIMIS; .
  Geoff VoelkerUCSD CSE; .
  

• Estimating Global Denial-of-Service Activity
  Speakers:
  Stefan SavageUCSD/Asta Networks; .
  David MooreCAIDA/CAIMIS; .
  Geoff VoelkerUCSD CSE; .
  

• Observations and Experiences Tracking Denial-Of-Service Attacks Across a Large Regional ISP
  Speakers:
  Rob MalanUniversity of Michigan; .
  Farnam JahanianUniversity of Michigan; .
  Jon ArnoldUniversity of Michigan; .
  Matthew SmartUniversity of Michigan; .
  Paul HowellMerit Network; .
  Russell DwarshuisMerit Network; .
  Jeff OgdenMerit Network; .
  Jon PolandMerit Network; .
  

• Observations and Experiences Tracking Denial-Of-Service Attacks Across a Large Regional ISP
  Speakers:
  Rob MalanUniversity of Michigan; .
  Farnam JahanianUniversity of Michigan; .
  Jon ArnoldUniversity of Michigan; .
  Matthew SmartUniversity of Michigan; .
  Paul HowellMerit Network; .
  Russell DwarshuisMerit Network; .
  Jeff OgdenMerit Network; .
  Jon PolandMerit Network; .
  

• Observations and Experiences Tracking Denial-Of-Service Attacks Across a Large Regional ISP
  Speakers:
  Rob MalanUniversity of Michigan; .
  Farnam JahanianUniversity of Michigan; .
  Jon ArnoldUniversity of Michigan; .
  Matthew SmartUniversity of Michigan; .
  Paul HowellMerit Network; .
  Russell DwarshuisMerit Network; .
  Jeff OgdenMerit Network; .
  Jon PolandMerit Network; .
  

• Observations and Experiences Tracking Denial-Of-Service Attacks Across a Large Regional ISP
  Speakers:
  Rob MalanUniversity of Michigan; .
  Farnam JahanianUniversity of Michigan; .
  Jon ArnoldUniversity of Michigan; .
  Matthew SmartUniversity of Michigan; .
  Paul HowellMerit Network; .
  Russell DwarshuisMerit Network; .
  Jeff OgdenMerit Network; .
  Jon PolandMerit Network; .
  

• Observations and Experiences Tracking Denial-Of-Service Attacks Across a Large Regional ISP
  Speakers:
  Rob MalanUniversity of Michigan; .
  Farnam JahanianUniversity of Michigan; .
  Jon ArnoldUniversity of Michigan; .
  Matthew SmartUniversity of Michigan; .
  Paul HowellMerit Network; .
  Russell DwarshuisMerit Network; .
  Jeff OgdenMerit Network; .
  Jon PolandMerit Network; .
  

• Observations and Experiences Tracking Denial-Of-Service Attacks Across a Large Regional ISP
  Speakers:
  Rob MalanUniversity of Michigan; .
  Farnam JahanianUniversity of Michigan; .
  Jon ArnoldUniversity of Michigan; .
  Matthew SmartUniversity of Michigan; .
  Paul HowellMerit Network; .
  Russell DwarshuisMerit Network; .
  Jeff OgdenMerit Network; .
  Jon PolandMerit Network; .
  

• Observations and Experiences Tracking Denial-Of-Service Attacks Across a Large Regional ISP
  Speakers:
  Rob MalanUniversity of Michigan; .
  Farnam JahanianUniversity of Michigan; .
  Jon ArnoldUniversity of Michigan; .
  Matthew SmartUniversity of Michigan; .
  Paul HowellMerit Network; .
  Russell DwarshuisMerit Network; .
  Jeff OgdenMerit Network; .
  Jon PolandMerit Network; .
  

• Observations and Experiences Tracking Denial-Of-Service Attacks Across a Large Regional ISP
  Speakers:
  Rob MalanUniversity of Michigan; .
  Farnam JahanianUniversity of Michigan; .
  Jon ArnoldUniversity of Michigan; .
  Matthew SmartUniversity of Michigan; .
  Paul HowellMerit Network; .
  Russell DwarshuisMerit Network; .
  Jeff OgdenMerit Network; .
  Jon PolandMerit Network; .
  

• Practical Approaches to Dealing with DDoS Attacks
  Speakers:
  Massimiliano Poletto, Mazu Networks;

• A Fine-Grained View of High-Performance Networking
  Speakers:
  Steve Casner, Packet Design; Cengiz AlaettinogluPacket Design; .
  Chia-Chee KuanPacket Design; .
  

• A Fine-Grained View of High-Performance Networking
  Speakers:
  Steve Casner, Packet Design; Cengiz AlaettinogluPacket Design; .
  Chia-Chee KuanPacket Design; .
  

• A Fine-Grained View of High-Performance Networking
  Speakers:
  Steve Casner, Packet Design; Cengiz AlaettinogluPacket Design; .
  Chia-Chee KuanPacket Design; .
  

• Some Initial Measurements of Prefix Length Phyltreing
  Speakers:
  Jennifer RexfordAT&T; .
  Steve BellovinAT&T; .
  Randy BushNone; .
  

• Some Initial Measurements of Prefix Length Phyltreing
  Speakers:
  Jennifer RexfordAT&T; .
  Steve BellovinAT&T; .
  Randy BushNone; .
  

• Some Initial Measurements of Prefix Length Phyltreing
  Speakers:
  Jennifer RexfordAT&T; .
  Steve BellovinAT&T; .
  Randy BushNone; .
  

• IPv4 Address Space Allocation and Usage Trends
  Speakers:
  Scott Marcus, Genuity;

• Progress With the DNS Security Extensions
  Speakers:
  Edward Lewis, TISlabs;

• Introduction to IP Multicast Practice
  Speakers:
  Bill Nickless, Argonne National Lab;

• SNMP Update
  Speakers:
  Jeff Case, SNMP Research International;

• More on Network Policy - Sequel to a BOF, Prelude to a Tutorial
  Speakers:
  Stephen StuartMFN; .
  

• The New IETF Sub-IP Area: A Brief Summary for Service Providers
  Speakers:
  Curtis VillamizarAvici; .
  

• MPLS Enhancements to Support Layer 2 Transport Services
  Speakers:
  Jeremy Brayley, Laurel Networks;

• Very Pleasant/Painful Networking: The Highs and Lows of Building and Maintaining VPNs
  Speakers:
  Matt Baker, Intel;

• OSPF for a Broadband Wireless Campus Backbone
  Speakers:
  Joseph Hui, Arizona State University;

• Operational Experience with IPv6 Migration
  Speakers:
  Bill ManningISI; .
  Akira KatoISI; .
  

• Operational Experience with IPv6 Migration
  Speakers:
  Bill ManningISI; .
  Akira KatoISI; .
  

• An Information Sharing and Analysis Center for the Internet
  Speakers:
  Kelly Cooper, Genuity;