运营商的网络安全体系解决方案

houjtl
0 ℃
2019-02-20

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID1cleanpipeservicesolution200612©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID2TypesofDDoSattacksEvolutionofSPDDoSdefenceCleanpipeCleanpipeCleanpipeCleanpipe©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID3InternetDDoS8internet.eCommercePC,PC,,.DDoS:,,,,,,,…:4%,16%,1©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID4DDoSAttacksAreHereToStaySymantecInternetSecurityReport–June‘05DoSattacksgrowfrom119to927perday-anincreaseof679%Large%ofDDoSattacksaremotivatedbyextortiondemands75MillioncomputersestimatedtobeinfestedwithbotsoftwareAttacksizeisinthe2-7GigrangeTheDoSproblemisnota100yearfloodanymore!‘Zombie'ringallegedlyhit1.5millioncomputers–“onlyadropintheocean.©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID5BOTNETS–DDOSCECE:,,…‘’LastMileConnectionISPBOTNET!BOTNET’’,,.BOTNETsDDOS:ICMPAttacks,TCPAttacks,andUDPAttacks,httpoverloadBOTNET,.BOTNET.©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID6DDoS/TCP/HTTP,,.,DNS/DHCP,.©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID7Denial-of-service(DoS)1988112RobertMorrisJr.—internet90DoS90InternetDoS90DoSPingofdeath,smurf,SYNflooding,“”2000DDoSYahoo,AmazonCodered,SQLslammer“”DDoS’botnet’‘DDoS’DDoS©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID8DDoSSYNfloodingTCPTCP3---SYNUDPfloodingUDPUDPUDPICMPSmurf‘’ICMPICMPLandUDPTeardropfragementPingofdeath65535pingTCPIPDDOS©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID9DDoSHTTPTCPDDoSTCPDNSDNSUDPDNSSQLSQLSQLCPU©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID10CiscoGuardBroadestAttackProtection1.SpoofedandNon-SpoofedFloodAttacks–TCPFlag(SYN,SYN-ACK,ACK,FIN)–ICMP–UDP–Examples:SYNFlood,Smurf,LAND,UDPFlood2.Zombie/BotnetAttacks–EachzombieorbotsourceopensmultipleTCPconnections–EachzombieorbotsourceopensmultipleTCPsessionsandissuerepetitiveHTTPrequests3.DNSAttacks–DNSRequestFlood1.PacketSizeAttacksFragmentedPacketsLargePacketsExamples:Teardrop,Ping-of-Death2.LowRateZombie/BotnetAttacks–SimilartoBandwidthconsumptionattacksexceptthateachattacksourcesendsmultiplerequestsatlowrate3.DNSAttacks–DNSRecursiveLookupSIPProtection–SIPAnti-SpoofingBandwidthConsumptionAttacksResourceStarvationAttacks©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID11DOSvs.DDOSDOSDOSTearDropLandICMPFloodDDOS“”©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID12TypesofDDoSattacksEvolutionofSPDDoSdefenceCleanpipeCleanpipeCleanpipeCleanpipe©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID13DDOSISPIDCISPMailServerDNSServerISP©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID14TypesofDDoSattacksEvolutionofSPDDoSdefenceCleanpipeCleanpipeCleanpipeCleanpipe©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID15EvolutionofSPDDoSdefenceURPFSinkhole/blackholeCleanpipe©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID16uRPFuRPFstrict(uRPFCEFDCEF)interfacepos1/0ipverifyunicastreverse-pathACLinterfacepos1/0ipverifyunicastreverse-path190access-list190permitip{customernetwork}{customernetworkmask}anyaccess-list190denyipanyany[log]Looseinterfacepos1/0ipverunicastsourcereachable-viaany©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID17SinkHoleRouters/Networks©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID18SinkHoleRouters/Networks©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID19BlackHoleFiltering©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID20RemotelyTriggeredBlackHoleFiltering-Preparation©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID21RemotelyTriggeredBlackHoleFiltering-Activation©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID22RemotelyTriggeredBlackHoleFiltering-Activation©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID23TypesofDDoSattacksEvolutionofSPDDoSdefenceCleanpipeCleanpipeCleanpipeCleanpipe©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID24“,DDOS,”242424©2003CiscoSystems,Inc.Allrightsreserved.Presentation_IDCleanPipes:DDoSCleanpipes,DDoS,,.“CleanPipes”©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID25CleanPipesInjectDivertDefenseMitigateCiscoNFP,.CiscoGuardCiscoNetflowDetector’’Detect©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID26Cleanpipe?,Defend&LearnDetectionDiversionCleaningRe-InjectionYesYesNoNo©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID27CleanPipes‘’CleanPipesDDOSCleanPipesover-subscriberGuard30Zone()1:10GuardGuardGuardGuard‘’GuardDDoS