izpis_h1_title_alt

Detekcija in preprečevanje napadov DDOS v okolju manjšega ponudnika internetnih storitev
ID BOLČIČ TAVČAR, MARKO (Author), ID Moškon, Miha (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (1,53 MB)
MD5: 7378AB12560E99CA5D4C512441C4A6F6
PID: 20.500.12556/rul/2502a251-e9f0-4e6a-b558-a2e87b04ac97

Abstract
Napadi DDOS v dobi informacijskih oblakov predstavljajo veliko grožnjo za gostovane storitve ter posredno grožnjo izpada dohodkov za podjetja, ki te storitve uporabljajo. Velikokrat so žrtve napadov DDOS prav ponudniki spletnega in aplikativnega gostovanja (ang. hosting providers). V okviru diplomskega dela sem podrobneje opisal proces detekcije in preprečevanja posledic napadov DDOS in predstavil protokole, odprtokodna orodja in metode, ki jih omrežni inženirji vsakodnevno uporabljajo za upravljanje omrežja. Uporabo izbrane rešitve, ki temelji na naštetih protokolih in izbranih odprtokodnih orodij, sem demonstriral na primeru omrežja manjšega ponudnika internetnih storitev. Ta vključuje nadzorni sistem, s katerim sem nadziral ključne elemente omrežja v pričakovanju napada. Simuliral sem volumetrične napade DDOS s poplavljanjem UDP (ang. UDP flood) treh velikostnih stopenj. Napade sem zaustavil s pomočjo postopka RTBH. Rezultate sem prikazal v obliki grafov, kjer je razviden začetek napada in zaustavitev z omenjenim postopkom. Iz grafov je bilo razvidno, da se napadeni strežnik med napadom na pakete ICMP skoraj ni več odzival. Usmerjevalniki v omrežju so imeli nadpovprečno obremenjene centralno procesne enote. Po zaustavitvi napada so se kazalniki obremenjenosti omrežja vrnili v prvotno stanje. Predstavljen način preprečevanja napadov se uporablja v okoljih manjših ponudnikov internetnih storitev. Razvoj takih rešitev je odvisen od delovanja odprtokodne skupnosti, delovanje in vzdrževanje pa je odvisno od inženirjev zaposlenih pri ponudniku internetnih storitev. Pri plačljivih rešitvah je, v nasprotju z odportokodnimi, razvoj, delovanje in vzdrževanje garantirano s strani proizvajalca rešitve. Problem tovrstnih rešitev je po drugi strani cenovna nedostopnost za manjše ponudnike.

Language:Slovenian
Keywords:DDOS, NetFlow, NFSEN, BGP, RTBH, poplavljanje UDP
Work type:Bachelor thesis/paper
Organization:FRI - Faculty of Computer and Information Science
Year:2018
PID:20.500.12556/RUL-99544 This link opens in a new window
Publication date in RUL:31.01.2018
Views:2789
Downloads:385
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Detection and prevention of DDOS attacks in the environment of a small internet service provider
Abstract:
In the age of information clouds DDOS attacks pose a huge threat to hosted services and may cause the loss of revenue for the companies that use these services. Hosting and web application providers are often targets of DDOS attacks. Herein, I describe the process of detection and prevention of the consequences of DDOS attacks and present the protocols, tools and methods that the network engineers use on a daily basis to manage the communication networks. I have used these protocols and open source tools to establish a solution for DDOS detection and prevention, which is suitable for a small internet service provider (ISP). The solution includes a monitoring system to monitor the key elements of the network in anticipation of the attack. I use the proposed solution on a fictional network in which I simulate DDOS attacks of three different scales using UDP flooding. I demonstrate the attacks mitigation with RTBH method. I analyze the obtained results with the aid of graphs obtained with described tools. The obtained graphs indicate that the attacked server is almost unreachable for ICMP packets during the attack. The routers in the network also have significantly higher CPU utilization than normal. After mitigating the attack, the network load indicators return to their original state. The proposed open source tools are dedicated to the environment of smaller ISPs. Their development depends on the open source community. Moreover, the operation and maintenance of these tools depends on the engineers employed by the ISP. In the case of commercial solutions, the development, operation and maintenance is provided by the vendor of the solution. On the other hand, the problem of such solutions is the price inaccessibility for smaller ISPs.

Keywords:DDOS, NetFlow, NFSEN, BGP, RTBH, UDP flooding

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back