DDOS防御技术

©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID1DDOS防御策略©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID2最新攻击手段-僵尸网络更多的木马病毒都是在你上网时不经意感染上的。黑客从内部攻击导致信息泄漏。2.HackedWebSite1.Hackercompromiseslegitimatewebsite3.Victimwithvulnerablebrowser4.Legitimateconnectiontohackedwebsite5.BrowserExploit(i.e.hiddeniframe)6.VictimsPCcompromisedandowned...thenpartofabotnet©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID3网络感染--恶意挂马,隐性侵入.©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID4异常流量动态清洗区域1:WEB区域2:DNS区域3:E-Commerce应用InternetLegitimateTraffic正常流量攻击目标1.检测非正常流量2.启动保护(自动/手动)RemoteHealthInjection（RHI）3.将流量转移到Guard模块5.将正常流量重新注入6.到其他区域的流量没有受到影响BGPPeerO192.168.3.0/24[110/2]via100.0.0.3,2d11h,GigabitEthernet2B192.168.3.128/32[20/0]via20.0.0.2,00:00:01192.168.3.128=zone,10.0.0.2=GuardModule,20.0.0.2=MSFCBGPannounce4.攻击缓解(清洁)©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID5内部动态策略调整Multi-VerificationProcess(MVP)ActiveVerificationStatisticalAnalysisLayer7AnalysisRateLimitingLegitimate+attacktraffictotargetDynamic&StaticFilters监测恶意动作和发现攻击的流量及源/目标地址启动anti-spoofing阻挡恶意流量动态增加访问列表阻挡攻击启动速率限制Legitimatetraffic©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID6正常流量动态学习InjectDivert防卫学习DefenseLearning攻击缓解Mitigate‘学习’阶段基于CiscoNFP实现对网络的数据平面,控制平面的保护.采用CiscoGuard对数据流清洁采用CiscoNetflow或Detector进行主动的攻击检测将出现攻击流量转移到一个清洁中心将’清洁’的流量重新注入网络攻击检测Detect©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID7AddingDynamic-FiltersStaticPacketFiltersfilteroutpacketsaccordingtopre-definedrulesRate-limitingoftraffictowardsthezoneDynamicPacketFiltersfilteroutpacketsPerFlow,Protocol,SourceIPAnti-SpoofingMechanismsfilteroutpacketsfromspoofedsourcesStatisticalInspectionAnomalyRecognitionperflowcomparedtoabaselineRate-Limiting流量动态层次清洗流程Multi-VerificationProcess™(MVP)©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID8云监控–NetflowV9实现NOC/SOC二合一异常流量的监测高速采样与时控网络与安全融合标准网元的管理©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID9