ddos-атаки в России в 2014 годy - udp-пакеты салом не пахнут,...

Download DDoS-атаки в России в 2014 годy - UDP-пакеты салом не пахнут, Александр Лямин (Qrator Labs)

Post on 15-Jun-2015

425 views

Category:

Internet

2 download

Embed Size (px)

TRANSCRIPT

  • 1. DDoS- : 2014

2. UDP- 3. 12014 2013 : 5 909 6 732 : 21 18 . : 93 151 : 2 066 1 540 . : 420 489 281 060 . , : 8 9 . , : 91 23 Spoofed : 56,69% 58,45% 1Gbps: 6,04% 2,58% 10Gbps: 2,62% 0,70% 100Gbps: 1,29% 0,10% 4. 12014 2013 : 5 909 6 732 : 21 18 . : 93 151 : 2 066 1 540 . : 420 489 281 060 . , : 8 9 . , : 91 23 Spoofed : 3350 3935 1Gbps: 357 174 10Gbps: 155 47 100Gbps: 76 7 5. 16014012010080604020001/01/1201/02/1201/03/1201/04/1201/05/1201/06/1201/07/1201/08/1201/09/1201/10/1201/11/1201/12/1220142013 6. 7. 8. 9. . : DNS1400012000100008000600040002000035901452002553103654204755305856406957508058609159701025108011351190124513001355 10. . : NTP160000140000120000100000800006000040000200000131415161819202123242526282930313334353638394041434445464749505152545556575960 11. . : Chargen4003503002502001501005001223344556677889100111122133144155166177188200211222233244255 12. . : SNMP3000002500002000001500001000005000003032343739414346485053555759626466697173757880 13. . : SSDP4000003500003000002500002000001500001000005000006063666972757881848790939699102105108111114117120123126128131134137140143146149152155158161164167170173176179 14. , User Datagram Protocol DNS ( x35 ) NTP ( x1300 ) SSDP ( x150 ) SNMP ( x50 ) Chargen ( x200 ) 15. DNS250000000200000000150000000100000000500000000 16. NTP35000000300000002500000020000000150000001000000050000000 17. 1.8E+091.6E+091.4E+091.2E+091E+098000000006000000004000000002000000000ChargenNTPDNSSNMPSSDPTotal 18. SSDP 19. SSDP 20. - 21. 22. 23. 24. - ! 25. : [13:21:17] melanor9 hll: ! IP , [13:21:29] Person1: [27/03/14] melanor9 hll: " 26. : [14:18:07] Person2: : ip [14:18:26] Person2: [14:18:38] Person2: ip 27. : DNS root servers ? 28. 29. 30. 31. Ok, ? 32. 1 0 0 k + 10k+ 1k+ 100+ 33. Amplifications 1 0 0 k + 10k+ 1k+ 100+ 34. 1 0 0 k + 10k+ 1k+ 100+ 35. + - 1 0 0 k + 10k+ 1k+ 100+ 36. - Netmap (Luigi Rizzo) DPDK (Intel) PF_RING DNA (ntop) 37. - Netmap (Luigi Rizzo) DPDK (Intel) PF_RING DNA (ntop) 38. - Netmap (Luigi Rizzo) DPDK (Intel) PF_RING DNA (ntop)+ Shellshock 39. - Netmap (Luigi Rizzo) DPDK (Intel) PF_RING DNA (ntop)+ Shellshock+ Habrahabr 40. 1 0 0 k + 10k+ 1k+ 100+ 41. inetnum: 188.44.56.0 - 188.44.63.255netname: dormdescr: Lomonosov Moscow State Universitydescr: Hostel network, GZ-B,Vcountry: RUadmin-c: MSU-RIPEtech-c: MSU-RIPEstatus: ASSIGNED PAmnt-by: MSU-MNT 42. : traceroute to 188.44.63.0 (188.44.63.0), 30 hops max, 60 byte packets1 192.168.200.100 (192.168.200.100) 0.134 ms 0.189 ms 0.183 ms2 msk06.transtelecom.net (217.150.47.234) 0.919 ms 1.239 ms 1.304 ms3 router.transtelecom.net (193.232.245.177) 0.209 ms * *4 m9-ix.msk.runnet.ru (193.232.244.44) 1.567 ms 1.151 ms 1.555 ms5 msu.msk.runnet.ru (194.190.254.118) 1.199 ms 1.672 ms 1.191 ms6 93.180.0.172 (93.180.0.172) 1.870 ms 2.322 ms 1.961 ms7 188.44.33.41 (188.44.33.41) 2.527 ms 2.529 ms 2.518 ms8 188.44.33.22 (188.44.33.22) 2.331 ms 2.317 ms 1.837 ms9 93.180.4.12 (93.180.4.12) 2.817 ms 2.344 ms 2.346 ms[dd] . 43. : traceroute to 188.44.63.0 (188.44.63.0), 30 hops max, 60 byte packets1 192.168.200.100 (192.168.200.100) 0.104 ms 0.095 ms 0.096 ms2 msk06.transtelecom.net (217.150.47.234) 0.932 ms 1.326 ms 1.399 ms3 212.73.250.154 (212.73.250.154) 22.529 ms 22.658 ms 22.726 ms4 212.73.250.153 (212.73.250.153) 24.388 ms 22.191 ms 22.192 ms5 * * *6 * * *7 ae-45-45.ebr3.Frankfurt1.Level3.net (4.69.143.166) 48.677 msae-46-46.ebr3.Frankfurt1.Level3.net (4.69.143.170) 46.511 msae-48-48.ebr3.Frankfurt1.Level3.net (4.69.143.178) 48.677 ms[dd] -. 44. Halloween