您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 资本运营 > 运营商的网络安全体系解决方案
©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID1cleanpipeservicesolution200612©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID2TypesofDDoSattacksEvolutionofSPDDoSdefenceCleanpipeCleanpipeCleanpipeCleanpipe©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID3InternetDDoS8internet.eCommercePC,PC,,.DDoS:,,,,,,,…:4%,16%,1©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID4DDoSAttacksAreHereToStaySymantecInternetSecurityReport–June‘05DoSattacksgrowfrom119to927perday-anincreaseof679%Large%ofDDoSattacksaremotivatedbyextortiondemands75MillioncomputersestimatedtobeinfestedwithbotsoftwareAttacksizeisinthe2-7GigrangeTheDoSproblemisnota100yearfloodanymore!‘Zombie'ringallegedlyhit1.5millioncomputers–“onlyadropintheocean.©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID5BOTNETS–DDOSCECE:,,…‘’LastMileConnectionISPBOTNET!BOTNET’’,,.BOTNETsDDOS:ICMPAttacks,TCPAttacks,andUDPAttacks,httpoverloadBOTNET,.BOTNET.©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID6DDoS/TCP/HTTP,,.,DNS/DHCP,.©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID7Denial-of-service(DoS)1988112RobertMorrisJr.—internet90DoS90InternetDoS90DoSPingofdeath,smurf,SYNflooding,“”2000DDoSYahoo,AmazonCodered,SQLslammer“”DDoS’botnet’‘DDoS’DDoS©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID8DDoSSYNfloodingTCPTCP3---SYNUDPfloodingUDPUDPUDPICMPSmurf‘’ICMPICMPLandUDPTeardropfragementPingofdeath65535pingTCPIPDDOS©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID9DDoSHTTPTCPDDoSTCPDNSDNSUDPDNSSQLSQLSQLCPU©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID10CiscoGuardBroadestAttackProtection1.SpoofedandNon-SpoofedFloodAttacks–TCPFlag(SYN,SYN-ACK,ACK,FIN)–ICMP–UDP–Examples:SYNFlood,Smurf,LAND,UDPFlood2.Zombie/BotnetAttacks–EachzombieorbotsourceopensmultipleTCPconnections–EachzombieorbotsourceopensmultipleTCPsessionsandissuerepetitiveHTTPrequests3.DNSAttacks–DNSRequestFlood1.PacketSizeAttacksFragmentedPacketsLargePacketsExamples:Teardrop,Ping-of-Death2.LowRateZombie/BotnetAttacks–SimilartoBandwidthconsumptionattacksexceptthateachattacksourcesendsmultiplerequestsatlowrate3.DNSAttacks–DNSRecursiveLookupSIPProtection–SIPAnti-SpoofingBandwidthConsumptionAttacksResourceStarvationAttacks©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID11DOSvs.DDOSDOSDOSTearDropLandICMPFloodDDOS“”©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID12TypesofDDoSattacksEvolutionofSPDDoSdefenceCleanpipeCleanpipeCleanpipeCleanpipe©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID13DDOSISPIDCISPMailServerDNSServerISP©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID14TypesofDDoSattacksEvolutionofSPDDoSdefenceCleanpipeCleanpipeCleanpipeCleanpipe©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID15EvolutionofSPDDoSdefenceURPFSinkhole/blackholeCleanpipe©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID16uRPFuRPFstrict(uRPFCEFDCEF)interfacepos1/0ipverifyunicastreverse-pathACLinterfacepos1/0ipverifyunicastreverse-path190access-list190permitip{customernetwork}{customernetworkmask}anyaccess-list190denyipanyany[log]Looseinterfacepos1/0ipverunicastsourcereachable-viaany©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID17SinkHoleRouters/Networks©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID18SinkHoleRouters/Networks©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID19BlackHoleFiltering©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID20RemotelyTriggeredBlackHoleFiltering-Preparation©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID21RemotelyTriggeredBlackHoleFiltering-Activation©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID22RemotelyTriggeredBlackHoleFiltering-Activation©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID23TypesofDDoSattacksEvolutionofSPDDoSdefenceCleanpipeCleanpipeCleanpipeCleanpipe©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID24“,DDOS,”242424©2003CiscoSystems,Inc.Allrightsreserved.Presentation_IDCleanPipes:DDoSCleanpipes,DDoS,,.“CleanPipes”©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID25CleanPipesInjectDivertDefenseMitigateCiscoNFP,.CiscoGuardCiscoNetflowDetector’’Detect©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID26Cleanpipe?,Defend&LearnDetectionDiversionCleaningRe-InjectionYesYesNoNo©2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID27CleanPipes‘’CleanPipesDDOSCleanPipesover-subscriberGuard30Zone()1:10GuardGuardGuardGuard‘’GuardDDoS
三七文档所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
扫描二维码
![关于加快发展公共租赁住房的指导意见(建保[XXXX]87号)](/doc-530522.png)
houjtl
本文标题:运营商的网络安全体系解决方案
链接地址:https://www.777doc.com/doc-758612 .html