SlideShare uma empresa Scribd logo
1 de 19
Spamhaus DDoS
#while42
Sebastien Pahl
Matthieu Tourne
sebastien@cloudflare.com
matthieu@cloudflare.com
Friday, June 28, 13
Spamhaus
2
Organisation internationale de lutte antispam
• Maintient des listes d’adresse IP malveillantes
• Utilisé par beaucoup d’entreprises et logiciels
Friday, June 28, 13
Pourquoi cette attaque?
Spamhaus ajoute des IPs de clients de l’hébergeur
hollandais “Cyberbunker” au listes.
• Spamhaus demande a Cyberbunker de bloquer le spam
• Refus de coopération
• Cyberbunker accuse Spamhaus de jouer à la police du net
3
Friday, June 28, 13
Cloudflare aide Spamhaus
Pourquoi Cloudflare protège Spamhaus?
• Cloudflare se veut neutre
• Améliorer internet pour tout le monde
4
Friday, June 28, 13
Utilisation de CloudFlare
5
CloudFlare
Client
Client
Client
Origin
Friday, June 28, 13
Réseau Cloudflare
6
Friday, June 28, 13
Fonctionalitées
7
Caching
Optimisation de contenu
Sécurité
Friday, June 28, 13
Types d’attaques
Layer 3/4
SMURF
ACK
Layer 7
DNS Amplification
8
Friday, June 28, 13
DNS Amplification
9
Friday, June 28, 13
DNS Amplification
10
Friday, June 28, 13
DNS Amplification
11
Friday, June 28, 13
This is the Internet
12
Friday, June 28, 13
Breaking point - Attack #1
13
Spamhaus up, l’attaquant s’en prend à notre infrastructure.
En pratique:
• traceroute www.spamhaus.org, la dernière IP routable est notre point de
connexion avec nos fournisseurs de BP.
• 300 gbs de traffic == ouch.
Friday, June 28, 13
Breaking point - Attack #1
14
Friday, June 28, 13
Breaking point - Mitigation #1
15
Mitigation avec nos “upstreams”:
• Mitigation humaine (aka, téléphone)
• Utilisation d’addresses non-routables (rfc 1918)
• “Ingress filtering” (bcp-38)
Friday, June 28, 13
Breaking point - Attack #2
16
Friday, June 28, 13
Breaking point - Mitigation #2
17
Internet Exchange Point ?
Mitigation avec LINX (London Internet Exchange) :
• Plus difficile (subnet partagé entre beaucoup de réseaux)
• “Abandon” de LINX jusqu’à la fin de l’attaque.
Friday, June 28, 13
Leçons
• Utilisation d’IP privées pour les interconnexions
• Lutte contre les Récurseurs DNS ouverts
• Exposition publique
• Ingress filtering (bcp-38)
• ...
• 300 gbs, yeah right!
18
Friday, June 28, 13
Questions ?
Friday, June 28, 13

Mais conteúdo relacionado

Destaque

Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016DefensiveDepth
 
MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?Memoori
 
How IoT Is Breaking The Internet
How IoT Is Breaking The InternetHow IoT Is Breaking The Internet
How IoT Is Breaking The InternetCarl J. Levine
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
DNS Security
DNS SecurityDNS Security
DNS Securityinbroker
 
Dns security overview
Dns security overviewDns security overview
Dns security overviewVladimir2003
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecuritySam Bowne
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSASrikrupa Srivatsan
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.Taras Matyashovsky
 

Destaque (15)

Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
 
MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
 
How IoT Is Breaking The Internet
How IoT Is Breaking The InternetHow IoT Is Breaking The Internet
How IoT Is Breaking The Internet
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
Dns security overview
Dns security overviewDns security overview
Dns security overview
 
Security of DNS
Security of DNSSecurity of DNS
Security of DNS
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS Security
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.
 
Montres rotiques42
Montres  rotiques42Montres  rotiques42
Montres rotiques42
 

Spamhaus DDoS - FR