Explore defensive strategies against various denial of service attacks in this 30-minute Black Hat conference talk. Delve into CloudFlare's infrastructure optimization techniques, covering multiple layers from flowspec and sflow to kernel bypass and iptables. Learn about effective defense methods, including BPF usage, and discover why some technically sound ideas prove impractical. Gain insights on protecting HTTP/S and DNS services, with techniques applicable to common DDoS types like Chargen, SSDP, NTP, and DNS reflection. Examine real-world experiences, successful approaches, and lessons learned in defending against service attacks, network floods, and botnet threats.
Overview
Syllabus
Introduction
Service Attacks
Denial of Service
Infrastructure
Network
Routing
From Now On
DNS Flood
DNS Server
Denial of Service Tools
Dropping Packets
Identifying Invalid Packets
BPF
Network Cards
Colonel Bypass
Partial Credit Card No Bypass
No Bypass
Performance
Performance graph
Packet floods
Up flags
Stateful firewall
Syn floods
Syn contracts
Syn flood
Real botnets
Overload and application
IP Reputation
HTTP Keeper Lives
botnets
detective
mitigation
SFlow
TCP Dump
Conclusion
Taught by
Black Hat
