1 / 16

Autonomous Anti-DDoS Network V2.0 (A2D2-2)

Autonomous Anti-DDoS Network V2.0 (A2D2-2). Sarah Jelinek University Of Colorado, Colo. Spgs. sarah.jelinek@sun.com Spring Semester 2003, CS691 Project. Project Goals. Ultimate goal of project To make DDoS technology more robust Relationship to other projects

tom
Télécharger la présentation

Autonomous Anti-DDoS Network V2.0 (A2D2-2)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Autonomous Anti-DDoS Network V2.0(A2D2-2) Sarah Jelinek University Of Colorado, Colo. Spgs. sarah.jelinek@sun.com Spring Semester 2003, CS691 Project

  2. Project Goals • Ultimate goal of project • To make DDoS technology more robust • Relationship to other projects • Enhancements of existing A2D2 architecture to incorporate IDIP and Alternate Proxy Servers • High-level timing goals • Research and new architecture, now • Project completion planned for 9/03

  3. Description - A2D2 • Developed by Angela Cearns, UCCS Masters Thesis • DDoS Intrusion Detection and Response • Uses freeware as main detection component • Modifications made to affect better response FOR MORE INFO... http://cs.uccs.edu/~chow/pub/master/acearns/doc/angThesis-final.pdf

  4. A2D2, cont..

  5. A2D2, cont.. • Strengths • Uses open source components • Portable • Configurable • Weaknesses • Host Based • Local Network response • No attempt made to actively trace intruder • Possible bottleneck at firewall • Static thresholds

  6. A2D2-2 Technology • New technology being used • Intrusion Detection and Isolation Protocol (IDIP) • Alternate Proxy Servers • Standards being adopted • IDIP • Will work with other IDIP enabled Intrusion Detection Networks • Service Location Protocol (SLP) • Allows discovery of registered IDIP Nodes

  7. A2D2-2 What It Solves • Host Based • Now a dynamic, network wide solution • Will work with other IDIP enabled Intrusion Detection Networks utilizing CITRA • Active Tracing of Intruder • SLP is used to discover other network IDIP services

  8. A2D2-2 What It Solves, cont.. • Local Response • SLP used for location of alternate proxy servers for more global response • Firewall Bottleneck • Response Coordination Centralized

  9. A2D2-2 & IDIP • IDIP • Developed by Boeing and NAI Labs • Supports real-time tracking and containment of DDoS attacks • Three layers: • Application Layer • Message Layer • Discovery Coordinator

  10. A2D2-2 - Discovery Coordinator • IDIP Discovery Coordinator • Bulk of the work done here • Network wide response coordinator • Will notify clients and client dns of alternate routes available • Standardized language used for messages and topology (CISL) • Local attack response still active if down

  11. IDIP Nodes FOR MORE INFO... http://zen.ece.ohiou.edu/~inbounds/DOCS/reldocs/IDIP_Architecture.doc

  12. A2D2-2 Proposed Architecture

  13. Alternate Routes FOR MORE INFO... http://cs.uccs.edu/%7Echow/research/security/uccsSecurityResearch.ppt

  14. Alternate Routes, cont..

  15. Proxy3 IDIP Node Proxy2 IDIP Node Proxy1 IDIP Node A2D2-2 & SLP -> Alternate Routes net-a.com net-b.com net-c.com ... ... ... ... A A A A A A A A DNS3 DNS1 DNS2 R R R New route via Proxy3 to R3 Attack msgs blocked by IDS Block and traceback R IDIP Node R2 R3 R1 A2D2-2 IDIP DC SLP Discovery and communication Local IDS Response A2D2-2 Network IDS

  16. A2D2-2 Futures • IDIP Redundant/Cooperative Discovery Coordinators • Discovery Coordinator Response Optimization Enhancements • Updates To Snort • Secure DNS (already started?)

More Related