The Internet by the numbers. Presented by Dave Phelan at IDNOG 9
apnic
313 views
46 slides
Aug 12, 2024
Slide 1 of 46
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
About This Presentation
Dave Phelan Senior Network Analyst / Technical Trainer at APNIC presented 'The Internet by the numbers' at IDNOG 9 held from 22 to 25 July 2024 in Jakarta, Indonesia.
Slide Content
1
The Internet –By the numbers
What are we doing?
Dave Phelan -APNIC
The Internet –By the numbers
What are we doing?
Dave Phelan -APNIC
2
Who Am I?
•Dave Phelan
–Network and Infrastructure engineer for a LONG time
–Trainer at APNIC
–Parent to 2 Human children and 3 Fur Children
–Likes Cat memes
Who Am I?
•Dave Phelan
–Network and Infrastructure engineer for a LONG time
–Trainer at APNIC
–Parent to 2 Human children and 3 Fur Children
–Likes Cat memes
33
What are we going to talk about?
•Numbers NumbersNumbers!!!
•IPv6 Stats
–What are we doing and why we need to do better
•RPKI Stats
–What and why this important
•Security Stats
–How many doors are open?
–How does this affect me (and the rest of the internet)
What are we going to talk about?
•Numbers NumbersNumbers!!!
•IPv6 Stats
–What are we doing and why we need to do better
•RPKI Stats
–What and why this important
•Security Stats
–How many doors are open?
–How does this affect me (and the rest of the internet)
44
Why do we care about the numbers?
•We can use this as a benchmark
–How are we performing
•Network to Network
•Economy to Economy
•Region to Region
•What do we need to “fix”
–Are we doing all we can within our region (see Benchmarks Above)
•Can we do better
–For our Networks and our Users
4
Why do we care about the numbers?
•We can use this as a benchmark
–How are we performing
•Network to Network
•Economy to Economy
•Region to Region
•What do we need to “fix”
–Are we doing all we can within our region (see Benchmarks Above)
•Can we do better
–For our Networks and our Users
4
5
Sources
•Data for this presentation have come from numerous
sources
–https://stats.labs.apnic.net
–https://radar.cloudflare.com
–https://shodan.io
–My own collection of stats
Sources
•Data for this presentation have come from numerous
sources
–https://stats.labs.apnic.net
–https://radar.cloudflare.com
–https://shodan.io
–My own collection of stats
6
IPv6 – Global Snapshot
https://stats.labs.apnic.net/ipv6/XA?o=cXUw30x1r1
IPv6 – Global Snapshot
https://stats.labs.apnic.net/ipv6/XA?o=cXUw30x1r1
7
IPv6 – Global Snapshot
•38% Global Preference
•43.14% Asia
•53% North America
•36% South America
•30% Europe
•2.4% Africa
•35.8% Oceania
https://stats.labs.apnic.net/ipv6/XA?o=cXUw30x1r1
IPv6 – Global Snapshot
•38% Global Preference
•43.14% Asia
•53% North America
•36% South America
•30% Europe
•2.4% Africa
•35.8% Oceania
https://stats.labs.apnic.net/ipv6/XA?o=cXUw30x1r1
8
IPv6 – Asia Sub-Region
•3 Sub-regions
–67.17% South Asia
•IN,LK,NP,BT,PK,BD,AF,MV
–35.92% East Asia
•TW,JP,MN,CN,MO,KR,HK,KP
–29.86% South-East Asia
•MY,VN,TH,SG,PH,ID,MM,LA,BN,KH,TL
https://stats.labs.apnic.net/ipv6/XD?o=cXAw30x1r1
IPv6 – Asia Sub-Region
•3 Sub-regions
–67.17% South Asia
•IN,LK,NP,BT,PK,BD,AF,MV
–35.92% East Asia
•TW,JP,MN,CN,MO,KR,HK,KP
–29.86% South-East Asia
•MY,VN,TH,SG,PH,ID,MM,LA,BN,KH,TL
https://stats.labs.apnic.net/ipv6/XD?o=cXAw30x1r1
9
IPv6 – South-East Asia Sub-Region
https://stats.labs.apnic.net/ipv6/XU?o=cXDw30x1r1
CC Country 2020 Preferred2022 Preferred2023 Preferred2024 Preferred
MY Malaysia, South-Eastern Asia, Asia 46.36% 60.42% 59.80% 71.14%
VN Vietnam, South-Eastern Asia, Asia 39.85% 50.75% 51.07% 59.46%
TH Thailand, South-Eastern Asia, Asia 29.61% 45.08% 43.31% 48.03%
MM Myanmar, South-Eastern Asia, Asia 10.37% 37.47% 43.43% 11.29%
SG Singapore, South-Eastern Asia, Asia 13.10% 28.24% 14.60% 18.99%
PH Philippines, South-Eastern Asia, Asia 2.75% 16.46% 14.51% 17.87%
ID Indonesia, South-Eastern Asia, Asia 0.32% 11.98% 12.67% 13.01%
LA Lao People's Democratic Republic, South-Eastern Asia, Asia 0.01% 0.34% 0.32% 1.06%
BN Brunei Darussalam, South-Eastern Asia, Asia 0.02% 0.05% 0.09% 0.18%
TL Timor-Leste, South-Eastern Asia, Asia 0.12% 0.04% 0.06% 0.08%
KH Cambodia, South-Eastern Asia, Asia 0.02% 0.04% 0.04% 0.12%
IPv6 – South-East Asia Sub-Region
https://stats.labs.apnic.net/ipv6/XU?o=cXDw30x1r1
CC Country 2020 Preferred2022 Preferred2023 Preferred2024 Preferred
MY Malaysia, South-Eastern Asia, Asia 46.36% 60.42% 59.80% 71.14%
VN Vietnam, South-Eastern Asia, Asia 39.85% 50.75% 51.07% 59.46%
TH Thailand, South-Eastern Asia, Asia 29.61% 45.08% 43.31% 48.03%
MM Myanmar, South-Eastern Asia, Asia 10.37% 37.47% 43.43% 11.29%
SG Singapore, South-Eastern Asia, Asia 13.10% 28.24% 14.60% 18.99%
PH Philippines, South-Eastern Asia, Asia 2.75% 16.46% 14.51% 17.87%
ID Indonesia, South-Eastern Asia, Asia 0.32% 11.98% 12.67% 13.01%
LA Lao People's Democratic Republic, South-Eastern Asia, Asia 0.01% 0.34% 0.32% 1.06%
BN Brunei Darussalam, South-Eastern Asia, Asia 0.02% 0.05% 0.09% 0.18%
TL Timor-Leste, South-Eastern Asia, Asia 0.12% 0.04% 0.06% 0.08%
KH Cambodia, South-Eastern Asia, Asia 0.02% 0.04% 0.04% 0.12%
10
IPv6 – South-East Asia Sub-Region
https://stats.labs.apnic.net/ipv6/XU?o=cXDw30x1r1
IPv6 – South-East Asia Sub-Region
https://stats.labs.apnic.net/ipv6/XU?o=cXDw30x1r1
11
IPv6 – Indonesia
https://stats.labs.apnic.net/ipv6/ID?o=cXUw30x1r1
IPv6 – Indonesia
https://stats.labs.apnic.net/ipv6/ID?o=cXUw30x1r1
12
IPv6 – Indonesia
https://stats.labs.apnic.net/ipv6/ID?o=cXUw30x1r1
•What are we looking at?
–Is IPv6 REALLY going backwards?
•Yes..and No – There are more networks
–BUT
•Out of Approx 2800 ASN
–31 Are over 10% IPv6 Preferred
–3 are have a good QTY of Eyeballs
–2266 less than 10%
–2207 less than 1%
12
IPv6 – Indonesia
https://stats.labs.apnic.net/ipv6/ID?o=cXUw30x1r1
•What are we looking at?
–Is IPv6 REALLY going backwards?
•Yes..and No – There are more networks
–BUT
•Out of Approx 2800 ASN
–31 Are over 10% IPv6 Preferred
–3 are have a good QTY of Eyeballs
–2266 less than 10%
–2207 less than 1%
12
13
Challenges
Challenges
1414
IPv6 Challenges
•End user acceptance
–Residential and Mobile
–Business and Enterprise
•Networks not ready
–Older equipment
–Software (Billing/LOB)
–Additional Licencing cost(especially Mobile)
•People
–Staff are not adequately trained
•Current Tertiary/Industry training rarely addresses IPv6(Pun Intended)
–Misconception on use
–Lack of ability to adequately address plan
–Management not willing make changes
IPv6 Challenges
•End user acceptance
–Residential and Mobile
–Business and Enterprise
•Networks not ready
–Older equipment
–Software (Billing/LOB)
–Additional Licencing cost(especially Mobile)
•People
–Staff are not adequately trained
•Current Tertiary/Industry training rarely addresses IPv6(Pun Intended)
–Misconception on use
–Lack of ability to adequately address plan
–Management not willing make changes
15
Why Deploy IPv6?
Why Deploy IPv6?
1616
IPv6 Deployment
•Cost
–IPv4 Address space ~US$40-50 Per IP
•US$12,800 /24
–Hardware
•CGNAT is not free
•The world is changing
–3 x increase/5 years
–Hyperscalers are catching up
–CDN Providers are ready for your IPv6 Packets
–IPv6 is now the higher preferred Protocol in the USA
IPv6 Deployment
•Cost
–IPv4 Address space ~US$40-50 Per IP
•US$12,800 /24
–Hardware
•CGNAT is not free
•The world is changing
–3 x increase/5 years
–Hyperscalers are catching up
–CDN Providers are ready for your IPv6 Packets
–IPv6 is now the higher preferred Protocol in the USA
1717
IPv6 Deployment
•Stop saying “I’ll do it tomorrow”
–We have been saying that for 25 years
•Networks are not going to get simpler
•Grants Are available
–https://isif.asia/infrastructure-ipv6/
•US$30-250K
•Open to all Industry types
•Need practical help?
–Training: https://academy.apnic.net/
–TA: https://academy.apnic.net/en/technical-assistance
IPv6 Deployment
•Stop saying “I’ll do it tomorrow”
–We have been saying that for 25 years
•Networks are not going to get simpler
•Grants Are available
–https://isif.asia/infrastructure-ipv6/
•US$30-250K
•Open to all Industry types
•Need practical help?
–Training: https://academy.apnic.net/
–TA: https://academy.apnic.net/en/technical-assistance
18
RPKI
RPKI
19
RPKI ROA – Global Snapshot
https://stats.labs.apnic.net/roas
RPKI ROA – Global Snapshot
https://stats.labs.apnic.net/roas
20
RPKI ROA – Global Snapshot
https://stats.labs.apnic.net/roas
•47.8% Global IPv4 Signed
•57.9% Asia
•34.6% North America
•54.2% South America
•53.7% Europe
•29.7% Africa
•69.4% Oceania
RPKI ROA – Global Snapshot
https://stats.labs.apnic.net/roas
•47.8% Global IPv4 Signed
•57.9% Asia
•34.6% North America
•54.2% South America
•53.7% Europe
•29.7% Africa
•69.4% Oceania
21
RPKI ROA – Asia Subregion
https://stats.labs.apnic.net/roa/XD
•3 Sub-regions
–86.5% South Asia
•IN,LK,NP,BT,PK,BD,AF,MV
–29.4% East Asia
•TW,JP,MN,CN,MO,KR,HK,KP
–76.2% South-East Asia
•MY,VN,TH,SG,PH,ID,MM,LA,BN,KH,TL
RPKI ROA – Asia Subregion
https://stats.labs.apnic.net/roa/XD
•3 Sub-regions
–86.5% South Asia
•IN,LK,NP,BT,PK,BD,AF,MV
–29.4% East Asia
•TW,JP,MN,CN,MO,KR,HK,KP
–76.2% South-East Asia
•MY,VN,TH,SG,PH,ID,MM,LA,BN,KH,TL
22
RPKI ROA – South-East Asia Subregion
https://stats.labs.apnic.net/roa/XD
Code Region V4 ValidPc V4 InvalidPc2 V4 UnknwnPc3
V4 Total
Addrs
VN Vietnam 1544764696.0% 6050 0.0% 637952 4.0% 16091648
MY Malaysia 654565795.6% 25097 0.4% 277504 4.1% 6848258
PH Philippines 583440595.2% 32859 0.5% 262272 4.3% 6129536
LA
Lao People's Democratic
Republic 7859293.0% 0 0.0% 5888 7.0% 84480
KH Cambodia 39219289.3% 768 0.2% 4608010.5% 439040
MM Myanmar 18406486.7% 2048 1.0% 2611212.3% 212224
SG Singapore 1034636381.3% 44167 0.3% 232964618.3% 12720176
TH Thailand 619011769.5% 55771 0.6% 265779229.9% 8903680
TL Timor-Leste 1126457.9% 0 0.0% 819242.1% 19456
ID Indonesia 831175244.9% 67897 0.4%1014041654.8% 18520065
BN Brunei Darussalam 6272043.6% 256 0.2% 8089656.2% 143872
RPKI ROA – South-East Asia Subregion
https://stats.labs.apnic.net/roa/XD
Code Region V4 ValidPc V4 InvalidPc2 V4 UnknwnPc3
V4 Total
Addrs
VN Vietnam 1544764696.0% 6050 0.0% 637952 4.0% 16091648
MY Malaysia 654565795.6% 25097 0.4% 277504 4.1% 6848258
PH Philippines 583440595.2% 32859 0.5% 262272 4.3% 6129536
LA
Lao People's Democratic
Republic 7859293.0% 0 0.0% 5888 7.0% 84480
KH Cambodia 39219289.3% 768 0.2% 4608010.5% 439040
MM Myanmar 18406486.7% 2048 1.0% 2611212.3% 212224
SG Singapore 1034636381.3% 44167 0.3% 232964618.3% 12720176
TH Thailand 619011769.5% 55771 0.6% 265779229.9% 8903680
TL Timor-Leste 1126457.9% 0 0.0% 819242.1% 19456
ID Indonesia 831175244.9% 67897 0.4%1014041654.8% 18520065
BN Brunei Darussalam 6272043.6% 256 0.2% 8089656.2% 143872
23
RPKI ROA – Indonesia
https://stats.labs.apnic.net/roa/ID
RPKI ROA – Indonesia
https://stats.labs.apnic.net/roa/ID
24
RPKI ROV – South-East Asia
https://stats.labs.apnic.net/rpki/XU?o=cXDw7v0p1x0l1
RPKI ROV – South-East Asia
https://stats.labs.apnic.net/rpki/XU?o=cXDw7v0p1x0l1
25
RPKI ROV – South-East Asia
https://stats.labs.apnic.net/rpki/XU?o=cXDw7v0p1x0l1
Code Region RPKI Validates
MY Malaysia 30.04%
ID Indonesia 15.74%
SG Singapore 14.26%
TL Timor-Leste 7.06%
MM Myanmar 4.53%
VN Vietnam 2.21%
TH Thailand 1.83%
LA Lao People's Democratic Republic 1.44%
PH Philippines 0.48%
BN Brunei Darussalam 0.32%
KH Cambodia 0.25%
RPKI ROV – South-East Asia
https://stats.labs.apnic.net/rpki/XU?o=cXDw7v0p1x0l1
Code Region RPKI Validates
MY Malaysia 30.04%
ID Indonesia 15.74%
SG Singapore 14.26%
TL Timor-Leste 7.06%
MM Myanmar 4.53%
VN Vietnam 2.21%
TH Thailand 1.83%
LA Lao People's Democratic Republic 1.44%
PH Philippines 0.48%
BN Brunei Darussalam 0.32%
KH Cambodia 0.25%
26
RPKI – What do I need to do
•ROA
–Sign your Routes (IDNIC/APNIC Portal)
–Make sure your ROA’s Match your BGP Routing
•Check with routeviews/bgp.tools etc
•ROV
–Full Routing Table
•Attend some RPKI Training
•Setup A Validator and start dropping invalid routes
–Default/Partial Feed
•Encourage Up-streams to Drop Invalids.
RPKI – What do I need to do
•ROA
–Sign your Routes (IDNIC/APNIC Portal)
–Make sure your ROA’s Match your BGP Routing
•Check with routeviews/bgp.tools etc
•ROV
–Full Routing Table
•Attend some RPKI Training
•Setup A Validator and start dropping invalid routes
–Default/Partial Feed
•Encourage Up-streams to Drop Invalids.
27
Security
Security
2828
Network
Access
Application
Transport
Internet
Application
Presentation
Session
Transport
Network
Data Link
Physical
WiFi, Ethernet,
Fiber, Copper
HTTP, FTP,
DHCP, NTP,
TFTP, DNS
TCP, UDP
IP, ICMP, RIP
SYN Flood
ICMP Flood
Wi-Fi De-auth & Jamming
Electrical Interference
Construction Equipment
Reflection and
Amplification
(DNS, NTP, SSDP, etc),
Slowloris, SIP Flood,
Complex DB Queries
DoS by Layers
28
TCP/IP ModelOSI Model
Protocols and
Services Attacks
* Colour animated slide
Network
Access
Application
Transport
Internet
Application
Presentation
Session
Transport
Network
Data Link
Physical
WiFi, Ethernet,
Fiber, Copper
HTTP, FTP,
DHCP, NTP,
TFTP, DNS
TCP, UDP
IP, ICMP, RIP
SYN Flood
ICMP Flood
Wi-Fi De-auth & Jamming
Electrical Interference
Construction Equipment
Reflection and
Amplification
(DNS, NTP, SSDP, etc),
Slowloris, SIP Flood,
Complex DB Queries
DoS by Layers
28
TCP/IP ModelOSI Model
Protocols and
Services Attacks
* Colour animated slide
29
Anatomy of a Plain DoS Attack
Attacker Victim
Attacker sends any valid or
invalid traffic to the victim1
Simple DoS
Anatomy of a Plain DoS Attack
Attacker Victim
Attacker sends any valid or
invalid traffic to the victim1
Simple DoS
30
Anatomy of a Plain DDoS
Attack
Botnet
Attacker
Victim
Attacker directs
bots to begin attack1
All bots send any valid or
invalid traffic to the victim2
BOT
BOT BOT
BOT
BOT
Simple DDoS
Anatomy of a Plain DDoS
Attack
Botnet
Attacker
Victim
Attacker directs
bots to begin attack1
All bots send any valid or
invalid traffic to the victim2
BOT
BOT BOT
BOT
BOT
Simple DDoS
31
Anatomy of a Reflected
Amplification Attack
Open recursive
DNS servers
Botnet
Attacker directs bots
to begin attack1
All bots send DNS queries for the TXT record in domain “evil.com”
to open recursive DNS servers and fake "my IP is 10.10.1.1"2
Open
resolvers
ask the
authoritative
name server
for the TXT
record
“evil.com”
3
4
evil.com name
server responds
with 4000 byte
TXT records
Open resolvers
cache the
response and
send a stream
of 4000 byte
DNS responses
to the victim
5
Victim
(10.10.1.1)
BOT
BOT BOT
BOT
evil.com
authoritative
name server
Attacker
BOT
Reflected and Amplified DDoS
Anatomy of a Reflected
Amplification Attack
Open recursive
DNS servers
Botnet
Attacker directs bots
to begin attack1
All bots send DNS queries for the TXT record in domain “evil.com”
to open recursive DNS servers and fake "my IP is 10.10.1.1"2
Open
resolvers
ask the
authoritative
name server
for the TXT
record
“evil.com”
3
4
evil.com name
server responds
with 4000 byte
TXT records
Open resolvers
cache the
response and
send a stream
of 4000 byte
DNS responses
to the victim
5
Victim
(10.10.1.1)
BOT
BOT BOT
BOT
evil.com
authoritative
name server
Attacker
BOT
Reflected and Amplified DDoS
3232
Reflection and Amplification
•What makes for good reflection?
–UDP
•Spoofable / forged source IP addresses
•Connectionless (no 3-way handshake)
•What makes for good amplification?
–Small command results in a larger reply
•This creates a Bandwidth Amplification Factor (BAF)
•Reply Length / Request Length = BAF
–Example: 3223 bytes / 64 bytes = BAF of 50.4
•Chart on next slide created with data from
https://www.us-cert.gov/ncas/alerts/TA14-017A
32
Reflection and Amplification
•What makes for good reflection?
–UDP
•Spoofable / forged source IP addresses
•Connectionless (no 3-way handshake)
•What makes for good amplification?
–Small command results in a larger reply
•This creates a Bandwidth Amplification Factor (BAF)
•Reply Length / Request Length = BAF
–Example: 3223 bytes / 64 bytes = BAF of 50.4
•Chart on next slide created with data from
https://www.us-cert.gov/ncas/alerts/TA14-017A
32
3333
Amplification Factors
Protocol
Bandwidth
Amplification
Factor
Multicast DNS (mDNS)2-10
BitTorrent 3.8
NetBIOS 3.8
Steam Protocol 5.5
SNMPv2 6.3
Portmap (RPCbind) 7 to 28
DNS 28 to 54
SSDP 30.8
33
Protocol
Bandwidth
Amplification
Factor
LDAP 46 to 55
TFTP 60
Quake Network Protocol63.9
RIPv1 131.24
QOTD 140.3
CHARGEN 358.8
NTP 556.9
Memcached up to 51,000
Amplification Factors
Protocol
Bandwidth
Amplification
Factor
Multicast DNS (mDNS)2-10
BitTorrent 3.8
NetBIOS 3.8
Steam Protocol 5.5
SNMPv2 6.3
Portmap (RPCbind) 7 to 28
DNS 28 to 54
SSDP 30.8
33
Protocol
Bandwidth
Amplification
Factor
LDAP 46 to 55
TFTP 60
Quake Network Protocol63.9
RIPv1 131.24
QOTD 140.3
CHARGEN 358.8
NTP 556.9
Memcached up to 51,000
34
So why are you telling me this?
•Operators Complain about DoS/DDoS
•Do the minimum to ensure they are not contributing
•But How bad is it really?
–(Hint: It’s not good….)
So why are you telling me this?
•Operators Complain about DoS/DDoS
•Do the minimum to ensure they are not contributing
•But How bad is it really?
–(Hint: It’s not good….)
35
Global Numbers
•Most data sourced from
–Cloudflare Radar
–Shodan.io
•Top 5 Countries DDoS Sources
https://radar.cloudflare.com/security-and-attacks
OCTOBER 2023 APRIL 2024 July 2024
USA - 31%
India – 9.2%
Germany – 5.4%
Brazil – 5.2%
China – 3.3%
USA – 22.6%
Germany – 6.5%
China - 5.5%
Indonesia – 4.7%
Brazil – 4.3%
USA – 18.8%
Germany – 8.45%
China = 7.49
Pakistan – 5.9%
UK – 4.5%
Global Numbers
•Most data sourced from
–Cloudflare Radar
–Shodan.io
•Top 5 Countries DDoS Sources
https://radar.cloudflare.com/security-and-attacks
OCTOBER 2023 APRIL 2024 July 2024
USA - 31%
India – 9.2%
Germany – 5.4%
Brazil – 5.2%
China – 3.3%
USA – 22.6%
Germany – 6.5%
China - 5.5%
Indonesia – 4.7%
Brazil – 4.3%
USA – 18.8%
Germany – 8.45%
China = 7.49
Pakistan – 5.9%
UK – 4.5%
36
Global Numbers
https://radar.cloudflare.com/security-and-attacks
Global Numbers
https://radar.cloudflare.com/security-and-attacks
37
Indonesia
Top Source Networks:
https://radar.cloudflare.com/security-and-attacks/id?dateRange=12w
# ASN %
1
7713 -TELKOMNET-AS-AP PT Telekomunikasi Indonesia
12.0%
2
17451 - BIZNET-AS-AP BIZNET NETWORKS
3.4%
3
23693 -TELKOMSEL-ASN-ID PT. Telekomunikasi Selular
2.5%
4
4761 - INDOSAT-INP-AP INDOSAT Internet Network Provider
2.2%
5
38511 - TACHYON-AS-ID PT Remala Abadi
2.1%
Indonesia
Top Source Networks:
https://radar.cloudflare.com/security-and-attacks/id?dateRange=12w
# ASN %
1
7713 -TELKOMNET-AS-AP PT Telekomunikasi Indonesia
12.0%
2
17451 - BIZNET-AS-AP BIZNET NETWORKS
3.4%
3
23693 -TELKOMSEL-ASN-ID PT. Telekomunikasi Selular
2.5%
4
4761 - INDOSAT-INP-AP INDOSAT Internet Network Provider
2.2%
5
38511 - TACHYON-AS-ID PT Remala Abadi
2.1%
38
Indonesia
Attack Types
https://radar.cloudflare.com/security-and-attacks/id?dateRange=12w
Indonesia
Attack Types
https://radar.cloudflare.com/security-and-attacks/id?dateRange=12w
39
Indonesia
•Open Ports
https://www.shodan.io/search?query=country%3Aid
DNS 103,367
NTP 66,532
SSDP 556
MemcacheD 705
Telnet 15,838
SNMP 93,126
Winbox 73,809
Indonesia
•Open Ports
https://www.shodan.io/search?query=country%3Aid
DNS 103,367
NTP 66,532
SSDP 556
MemcacheD 705
Telnet 15,838
SNMP 93,126
Winbox 73,809
40
Indonesia
•Targets
https://radar.cloudflare.com/security-and-attacks/id?dateRange=12w
Indonesia
•Targets
https://radar.cloudflare.com/security-and-attacks/id?dateRange=12w
4141
Mitigation Strategies
•Protect your services from attack
–Anycast
–IPS / DDoS protection
–Overall network architecture
•Protect your services from attacking others
–Rate-limiting
–BCP38 (outbound filtering) source address validation
–Securely configured DNS, NTP and SNMP servers
–No open resolvers!
Only allow owned or authorised IP addresses to connect
41
Mitigation Strategies
•Protect your services from attack
–Anycast
–IPS / DDoS protection
–Overall network architecture
•Protect your services from attacking others
–Rate-limiting
–BCP38 (outbound filtering) source address validation
–Securely configured DNS, NTP and SNMP servers
–No open resolvers!
Only allow owned or authorised IP addresses to connect
41
4242
Mitigation Strategies
•Remote Triggered Black Hole (RTBH) filtering
–With your ISP
42
Attack traffic
Signalling
Mitigation Strategies
•Remote Triggered Black Hole (RTBH) filtering
–With your ISP
42
Attack traffic
Signalling
4343
Mitigation Strategies
•Remote Triggered Black Hole (RTBH) filtering
–With your ISP
43
Attack traffic
Signalling
Mitigation Strategies
•Remote Triggered Black Hole (RTBH) filtering
–With your ISP
43
Attack traffic
Signalling
4444
Mitigation Strategies
44
•uRPF
–Strict: verifies both
source address and
incoming interface
with entries in the
forwarding table
–Loose: verifies
existence of route to
source address
pos0/0ge0/0
Src = 2406:6400:100::1
Src = 2406:6400:200::1
Forwarding Table:
2406:6400:100::/48 ge0/0
2406:6400:200::/48 fa0/0
pos0/0
ge0/0
Src = 2406:6400:100::1
Src = 2406:6400:200::1
Mitigation Strategies
44
•uRPF
–Strict: verifies both
source address and
incoming interface
with entries in the
forwarding table
–Loose: verifies
existence of route to
source address
pos0/0ge0/0
Src = 2406:6400:100::1
Src = 2406:6400:200::1
Forwarding Table:
2406:6400:100::/48 ge0/0
2406:6400:200::/48 fa0/0
pos0/0
ge0/0
Src = 2406:6400:100::1
Src = 2406:6400:200::1
4545
Mitigation Strategies
•Source Remote Triggered Black Hole (sRTBH) filtering
–RTBH with uRPF (Unicast Reverse Path Forwarding)
•RFC5635
–Basic Operation
•Setup a RTBH Sinkhole (routing to a Null Interface)
•Enable uRPF in loose mode
•Create an appropriate community to NH traffic to your Sinkhole
•When a source is identified
–Tag with appropriate community to send to the Sink
–uRPF check will fail (as it is routed to a Null)
–Traffic Dropped
45
http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
Mitigation Strategies
•Source Remote Triggered Black Hole (sRTBH) filtering
–RTBH with uRPF (Unicast Reverse Path Forwarding)
•RFC5635
–Basic Operation
•Setup a RTBH Sinkhole (routing to a Null Interface)
•Enable uRPF in loose mode
•Create an appropriate community to NH traffic to your Sinkhole
•When a source is identified
–Tag with appropriate community to send to the Sink
–uRPF check will fail (as it is routed to a Null)
–Traffic Dropped
45
http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
46
Questions?
Questions?
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 313
- Slides 46
- Age 477 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views