Marko Bolčič Tavčar (2018) Detection and prevention of DDOS attacks in the environment of a small internet service provider. EngD thesis.
Abstract
In the age of information clouds DDOS attacks pose a huge threat to hosted services and may cause the loss of revenue for the companies that use these services. Hosting and web application providers are often targets of DDOS attacks. Herein, I describe the process of detection and prevention of the consequences of DDOS attacks and present the protocols, tools and methods that the network engineers use on a daily basis to manage the communication networks. I have used these protocols and open source tools to establish a solution for DDOS detection and prevention, which is suitable for a small internet service provider (ISP). The solution includes a monitoring system to monitor the key elements of the network in anticipation of the attack. I use the proposed solution on a fictional network in which I simulate DDOS attacks of three different scales using UDP flooding. I demonstrate the attacks mitigation with RTBH method. I analyze the obtained results with the aid of graphs obtained with described tools. The obtained graphs indicate that the attacked server is almost unreachable for ICMP packets during the attack. The routers in the network also have significantly higher CPU utilization than normal. After mitigating the attack, the network load indicators return to their original state. The proposed open source tools are dedicated to the environment of smaller ISPs. Their development depends on the open source community. Moreover, the operation and maintenance of these tools depends on the engineers employed by the ISP. In the case of commercial solutions, the development, operation and maintenance is provided by the vendor of the solution. On the other hand, the problem of such solutions is the price inaccessibility for smaller ISPs.
Actions (login required)
![[img]](http://eprints.fri.uni-lj.si/style/images/fileicons/application_pdf.png)
