Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Tuesday, January 10 • 1:00pm - 1:30pm
Backbone Network DRDoS Attack Monitoring and Analysis

Sign up or log in to save this to your schedule and see who's attending!

DRDoS (Distributed Reflection Denial of Service) now is the most popular and powerful DDoS method. As the continual reports like "The largest DDoS attack - XXX G bps attack against YYY is ongoing" we can see, the "YYY" may change or not while the "XXX" is steadily rising. We have to know it better if we want to solve this problem better. Based on backbone network traffic we can get, our team runs the Chinese biggest public available PassiveDNS database (passivedns.cn), and the Global DDoS Attack Detection System (ddosmon.net). In this talk, I want to share some of my practical experience about DRDoS monitoring in backbone network, and some analysis results from the perspective of our data.

The following questions will be covered:

  1. DRDoS: the most popular and powerful DDoS method a) DDoS in all network traffic b) DRDoS in all DDoS
  2. DRDoS Monitoring in Netflow a)Process Architecture & Data Modeling b) Keypoint Feature: package size length/dispersion, talker dispersion, well-known port, fragmentedpackets c) Partial Data d) ICMP as Side Effect Indicator e) Interesting Case: tracking unknown amplifier
  3. DRDoS Monitoring in PDNS a)Observing Point Matters b) Keypoint Feature: src port/transaction id/query type c) Side Effect: query spike to authority server d) Interesting Case:bug caused attack fail
  4. Cross Validation
  5. Amplifier Utilization Report: Kill Top, Kill Half
  6. FQDN Utilization Report: Kill Top, Kill Almost All

Speakers
avatar for Yang Xu

Yang Xu

Yang is a Network Security Engineer with 6 years of experience in the field and currently a member of Network Security Research Lab at Qihoo 360 (Netlab) where he focuses on network/passive-DNS, data process/analysis, and threat research like DDoS Monitoring, Scanner Tracking. Before joining NetLab, he was a Security Engineer in NSFOCUS and has been involved in many different projects, like SOC(security operation center), architecture design... Read More →



Tuesday January 10, 2017 1:00pm - 1:30pm
Great Room V-VIII 7450 Hazard Center Dr.

Attendees (24)