^ Top

NANOG Meeting Presentation Abstract

Practical Approaches to Dealing with DDoS Attacks
Meeting: NANOG22
Date / Time: 2001-05-21 10:15am - 10:45am
Room: Forum Hall
Presenters: Speakers:

Massimiliano Poletto, Mazu Networks

Prior to co-founding Mazu, Poletto was a postdoctoral associate at the MIT Laboratory for Computer Science, where he collaborated on the modular packet processing architecture that has since evolved into the Mazu platform. He received a Ph.D. from MIT in 1999 for research on improving the performance of computer programs by allowing them to automatically adapt to changing run-time conditions. Poletto\'s work on compiler algorithms has been adopted by groups at Microsoft and IBM.
Abstract: Distributed denial of service (DDoS) attacks are really network operations and performance problems, rather than strictly security events. To effectively address these attacks, the network infrastructure must be able to quickly identify unusual packet streams at high rates and help operators move closer to the packets\' sources.

This talk will focus on novel anomaly-detection techniques developed to identify potential DDoS traffic. The analyses are triggered by congestion or unusual network traffic levels---the common characteristics of any network-based DoS attack. The analyses look at various parameters, ranging from IP addresses to packet payloads, to rapidly build \"dynamic signatures\" of high-volume traffic that is likely to be causing the anomaly. Since the analyses identify aggregate traffic properties, rather than looking for signatures of specific attack tools, they are fast and should remain effective even in the presence of new attack tools. When run on multiple devices deployed in strategic points throughout the network, the anomaly-detection analyses can be used in a distributed manner to quickly move closer to the source of an attack, pinpointing the networks from which the attack is originating.
Files: pptMassimiliano Poletto Presentation(PPT)
youtubePractical Approaches to Dealing with DDoS Attacks
Sponsors: None.

Back to NANOG22 agenda.

NANOG22 Abstracts

  • SNMP Update
    Jeff Case, SNMP Research International;


^ Back to Top