DDOS Defense by Offense OFFENSE Presented by Anup

DDOS Defense by Offense OFFENSE Presented by: Anup Goyal Aojan Su

Objections Ø Several objections identified By Authors itself ü ü ü Ø Bandwidth Envy Flash Crowds Variable bandwidth cost Is It Practical in real Internet ? ?

Clients’ upload capacity Ø Ø Clients with limited upload capacity (dialup users) can not “speak-up” They can’t increase their chance to obtain service. In worse case, they can suffer when everyone else speaks up.

Can’t detect malicious client Ø Ø Even good clients need to flood the server to get service. It could be much more difficult to detect attackers.

Access Link Congestion Ø Ø If the access link of thinner is congested, legitimate clients would back off due to congestion control. Attackers could ignore congestion control and send at higher capacity.

Edge Network Flooding Ø Good client’s flooding traffic effect edge networks by increased traffic volumes. ü potentially harming other flows.

Problem for good guys Ø Ø No good way to accommodate clientèle (good and bad) coming from the same location. Good Client always loose while sharing a Bottleneck link.

Impact on Other Traffic THIS IS BAD !!!!

Problems Unaddressed/overlooked Ø Effect of low-rate attack not addressed ü Ø Bad client also has spare bandwidth. Assumptions hold because of nature of current network characteristics ü ü ü How to detect when these assumptions break? Switch off speak-up (automatically? ) under these conditions. Effect of various traffic patterns? (i. e. heavy-tail distribution)

My Question Ø Are speak-up’s assumptions reasonable? ü Ø “The thinner is never congested”? Impact on network ü ü good traffic amplifier? How much bandwidth will be wasted for dummy bytes?

Primary Focus on HTTP Ø Ø Focus primarily on Web traffic and its properties (e. g. HTTP). Does not mention its usefulness for any other situation or protocol.

Market Survey Missing Ø Ø The researchers have not done a market survey, thus all their findings are theoretical. Economic issue consideration is missing.

Extra hardware Ø There is extra hardware (the Thinner) that has to sit in front of any server we want to protect by Speak-Up. Ø Expensive Ø Single Point of Failure