FortiDDos DDoS Attack Mitigation Guide - Fortinet

More documents

Recommendations

Info

TCP random sequence, acknowledgement numbers .............................. 30 TCP random window size......................................................................... 31 TCP random option value ......................................................................... 31 TCP random data length........................................................................... 31 TCP checksum error flood........................................................................ 31 IP random identification flood................................................................... 31 IP random fragment flag, offset flood....................................................... 32 IP random TTL flood ................................................................................. 32 IP random protocol ................................................................................... 32 UDP checksum error ................................................................................ 32 Non-spoofed ICMP echo reply flood........................................................ 32 Spoofed ICMP echo reply......................................................................... 32 Un-spoofed ICMP type/code flooding...................................................... 32 Spoofed ICMP random type/code flooding.............................................. 33 Non-IP flooding......................................................................................... 33 Conclusion...................................................................................................... 33 Choosing a DDoS Mitigation System................................................... 34 Introduction..................................................................................................... 34 Hardware logic or software appliance............................................................ 34 Customization................................................................................................. 34 Virtual partitioning and multiple policies......................................................... 35 Bidirectional attack mitigation ........................................................................ 35 Connectivity.................................................................................................... 35 Legacy DDoS attack mitigation systems........................................................ 35 Network layer and application layer attacks................................................... 35 Hardware redundancy .................................................................................... 36 Centralized monitoring, alerts and reports ..................................................... 36 Performance and capacity.............................................................................. 36 Openness in specifications............................................................................ 36 Field upgrades ................................................................................................ 36 Role based management and audit trails....................................................... 37 Performance and reputed third party validation............................................. 37 Post sales support.......................................................................................... 37 Customer reference is the best validation ...................................................... 37 A sample matrix for solution comparison ....................................................... 37 Conclusion...................................................................................................... 39 FortiDDoS DDoS Attack Mitigation Guide 28-100-167076-20120501 vi http://docs.fortinet.com/ • Feedback
Introduction Defining DDoS attacks Attack scenarios Causes of attacks Denial of service (DoS) attacks are attacks that are deliberate attacks on your network properties to deny service to legitimate users. When these attacks seemingly come from distributed sources, they become distributed denial of service (DDoS) attacks. A few years back, it was common to use spoofing techniques where a hacker would actually use very few machines (or just one machine) and spoof multiple IP addresses. To the attacked destination it would seem that the attack is coming from multiple IP addresses. However in the recent times, with the advent of infected PCs, increasing number of smart mobile phones, many botnets are available around the world, which can be used to launch a real DDoS attack. • Under attack, your team does not know details of the attack. They understand the symptoms, but they can’t figure out the cause and the solution. • Your routers and switches are overloaded and they don’t have the capability to stop such attacks. Firewalls simply allow these packets. IPS appliances (if you have them), don’t have the rules to block such attacks. Your equipment doesn’t match up in performance that’s required. • May be, you have multiple links to the Internet. The attackers are attacking from different links. • The attack is seemingly coming from all over the world. You cannot simply identify a Net-block to deny so that the attack can be stopped! And you cannot simply block everyone! • The attack is no different from legitimate users accessing your web pages from the point of your edge equipment. • Your team is unable to figure out the solutions quickly when the attackers are constantly changing the tactics. • You have too much collateral damage. When attack happens on one part of the network, the others bleed too. • Software solutions such as mod_evasive, iptables, Apache / LiteSpeed tuning, kernel tuning, not capable of handling the load. • You are not as rich as others to over-provision your bandwidth and to buy highbandwidth gear. • The only tool your service provider has is Null Routing your IP address! • Sometimes hackers’ exuberance gets transformed to rivalry and they try to prove their might and you just get involved in their cross fire. FortiDDoS DDoS Attack Mitigation Guide 28-100-167076-20120501 1 http://docs.fortinet.com/ • Feedback
Page 1 and 2: FortiDDoS DDoS Attack Mitigation Gu
Page 3 and 4: Table of Contents Introduction.....
Page 5: independent devices ...............
Page 9 and 10: Virus infections, botnets and distr
Page 11 and 12: Myths and realities about DDoS atta
Page 13 and 14: Anti-DDoS appliances Anti-DDoS appl
Page 15 and 16: Things to look for in Anti-DDoS equ
Page 17 and 18: Support for IPv6 will become import
Page 19 and 20: Source rate limiting Source rate li
Page 21 and 22: Botnet Attack Mitigation Overview o
Page 23 and 24: Can you do the same processing in C
Page 25 and 26: A very simple deployment Figure 4:
Page 27 and 28: Typical deployment for an internet
Page 29 and 30: DDoS and SaaS Model for E-Commerce
Page 31 and 32: Testing a Mitigation System Introdu
Page 33 and 34: Attacks to test functionality and p
Page 39 and 40: Conclusion Conclusion Spoofed ICMP
Page 41 and 42: Virtual partitioning and multiple p
Page 43 and 44: Role based management and audit tra
Page 45: Conclusion Conclusion Buying a DDoS

FortiDDos DDoS Attack Mitigation Guide - Fortinet

Create successful ePaper yourself

Delete template?

Save as template?