FortiDDos DDoS Attack Mitigation Guide - Fortinet

More documents

Recommendations

Info

DDoS Attack Trends in 2012................................................................. 10 SYN Floods will continue to grow................................................................... 10 Concurrent connection-based attacks will be on the rise.............................. 10 Botnet floods will be rising ............................................................................. 10 Support for IPv6 will become important......................................................... 11 Social network attacks will be common ......................................................... 11 Cyber Warfare will start to take shape............................................................ 11 Collateral damages in multi-tenant environment will grow............................. 11 Hosted clouds may kick you out under attack to avoid collateral damage.... 11 Conclusion...................................................................................................... 11 DDoS Mitigation Techniques ................................................................ 12 Introduction..................................................................................................... 12 SYN proxy....................................................................................................... 12 Connection limiting......................................................................................... 12 Aggressive aging ............................................................................................ 12 Source rate limiting......................................................................................... 13 Dynamic filtering ............................................................................................. 13 Active verification through legitimate IP address matching ........................... 13 Anomaly recognition....................................................................................... 13 Protocol analysis ............................................................................................ 13 Granular rate limiting ...................................................................................... 14 White-list, black-list, non-tracked sources..................................................... 14 State anomaly recognition.............................................................................. 14 Stealth attack filtering ..................................................................................... 14 Dark address scan prevention........................................................................ 14 Botnet Attack Mitigation ....................................................................... 15 Overview of botnet attacks............................................................................. 15 Distributed denial of service attacks using botnets........................................ 15 A typical botnet launch pad............................................................................ 16 What's common among the botnet attack packets ....................................... 16 Can you do the same processing in CPU based systems? ........................... 17 Blocking botnet attack packets using FortiDDoS appliances ........................ 17 Conclusion...................................................................................................... 17 Deploying a Solution.............................................................................. 18 Introduction..................................................................................................... 18 A very simple deployment .............................................................................. 18 Dual WAN link deployment with a single appliance ....................................... 20 Typical deployment for an internet data center with two links protected by two independent devices in active configuration .................................................. 21 Typical deployment for an internet data center with two links protected by two FortiDDoS DDoS Attack Mitigation Guide 28-100-167076-20120501 iv http://docs.fortinet.com/ • Feedback
independent devices ...................................................................................... 22 DDoS and SaaS Model for E-Commerce............................................. 23 Impact of third party dependence on your business...................................... 23 Use of third party services in eCommerce ..................................................... 23 The issue with third party dependence on infrastructure ............................... 24 Conclusion...................................................................................................... 24 Testing a Mitigation System ................................................................. 25 Introduction..................................................................................................... 25 Typical test benches....................................................................................... 25 DDoS attack test conditions - a broad classification ..................................... 26 Spoofed floods vs. non-spoofed floods ................................................... 26 Anomalous header floods......................................................................... 26 Anomalous state floods ............................................................................ 27 Limited sources versus large number of sources floods.......................... 27 Layer 3, 4 or 7 DDoS attack...................................................................... 27 Random header parameter attack............................................................ 27 Blended attack.......................................................................................... 27 Attacks to test functionality and performance................................................ 27 Spoofed syn flood attack.......................................................................... 27 Spoofed UDP attack................................................................................. 28 Spoofed ICMP attack ............................................................................... 28 Spoofed TCP SYN-ACK attack ................................................................ 28 Spoofed TCP FIN-ACK attack .................................................................. 28 Spoofed IP attack ..................................................................................... 28 Spoofed IP fragments attack.................................................................... 28 IP-UDP fragments attack.......................................................................... 28 IP-ICMP fragments attack ........................................................................ 28 TCP/UDP destination port attack ............................................................. 28 Spoofed TCP-SYN / UDP / ICMP blended attack.................................... 29 Non-spoofed TCP SYN-ACK.................................................................... 29 Non-spoofed TCP SYN attack.................................................................. 29 Non-spoofed TCP FIN-ACK attack........................................................... 29 Non-spoofed TCP ACK attack.................................................................. 29 HTTP half-connection attack .................................................................... 29 Non-spoofed UDP attack ......................................................................... 29 Non-spoofed DNS attack ......................................................................... 29 Non-spoofed ICMP attack........................................................................ 30 Non-spoofed TCP ACK flood ................................................................... 30 Spoofed TCP ACK flood........................................................................... 30 Non-spoofed TCP NULL flood ................................................................. 30 Spoofed TCP NULL flood ......................................................................... 30 Non-spoofed TCP random flag flood ....................................................... 30 Spoofed TCP random flag flood............................................................... 30 FortiDDoS DDoS Attack Mitigation Guide 28-100-167076-20120501 v http://docs.fortinet.com/ • Feedback
Page 1 and 2: FortiDDoS DDoS Attack Mitigation Gu
Page 3: Table of Contents Introduction.....
Page 7 and 8: Introduction Defining DDoS attacks
Page 9 and 10: Virus infections, botnets and distr
Page 11 and 12: Myths and realities about DDoS atta
Page 13 and 14: Anti-DDoS appliances Anti-DDoS appl
Page 15 and 16: Things to look for in Anti-DDoS equ
Page 17 and 18: Support for IPv6 will become import
Page 19 and 20: Source rate limiting Source rate li
Page 21 and 22: Botnet Attack Mitigation Overview o
Page 23 and 24: Can you do the same processing in C
Page 25 and 26: A very simple deployment Figure 4:
Page 27 and 28: Typical deployment for an internet
Page 29 and 30: DDoS and SaaS Model for E-Commerce
Page 31 and 32: Testing a Mitigation System Introdu
Page 33 and 34: Attacks to test functionality and p
Page 39 and 40: Conclusion Conclusion Spoofed ICMP
Page 41 and 42: Virtual partitioning and multiple p
Page 43 and 44: Role based management and audit tra
Page 45: Conclusion Conclusion Buying a DDoS

FortiDDos DDoS Attack Mitigation Guide - Fortinet

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?