Huawei Anti-DDoS Solution Mainslide - ISP

Huawei Enterprise A Better Way
Secure and Continuous services

Huawei Anti-DDoS Solution
Dr. Hong Kuang
kuanghong@huawei.com
Huawei Security Solution Sales Team
HUAWEI TECHNOLOGIES CO., LTD.
enterprise.huawei.com
Content
1
Attack Status and Challenges
Huawei AntiDDoS Solution
Case study
DDoS Events Playback

DNS server
August 2013
Chinese .CN domain was attack by
DDoS attacks and large scaled

internet Failed.
Financial service
April.2013
ING bank customers were unable to use
online banking services in April.2013.
And the Bank was attack by DDoS for
Several times this year.
Huawei Confidential
Security Provider
Mar. 2013
Spamhaus were suffering a large DDoS
Attack against their website in Mar 2013,

And the DDoS attack traffic get to 300G.
Page 3
What are DDoS attacks?

What are DDoS atacks
DDoS is Distribution Denial of Service
Hacker use Bots or free proxy servers
send large attack traffic for aim-servers
and cause the servers deny of service for
normal users.
DDoS attacks characteristics

Easy get attack tools and easy launch, but
difficult to defend
Attack can cause lost money or business.
According the latest report ,more than
65% DDoS cause enterprise lost more than
$10K per hour.
DDoS attack targets
DDoS attack affect more

DDoS
57%
31%
29%
20%
15%
25%
5%
Internet
Network Pipe
E-Commercial Online
game
database
FW/IPS Loadbal
servers
ance
Huawei Confidential
Page 4
7%
4%
7%
DNS
services
Financial
services
Others
DDoS attack trends

Started long ago
Started long
ago
1996
..
1996
Scanning and sniffing
DoS attack
2000
Flood attack
2007
HTTP App. attack
DDoS attack
Attack trends
Bot attack
Flood attack
300G
37%
Encryption attack
App. attack
71%
87%
29%
13%
2011
2013
100G
40G
2008
63%
2011
2013
Attack traffic get larger and larger
2008
App. Attack get more and more
Huawei Confidential
2012
Mobile DDoS
2011
SSL DDoS
Page 5
Mobile DDoS
Attack tools upgrade

Encryption attacks
Attack get more simulate
Attack characters
exchange random
Competitive Products of Huawei and Peer Vendors

Performance
AntiDDoS8160: 200G
AntiDDoS8160: 100G
Cisco CRS + Arbor TSM?
TMS4400: 40G
40G
TMS4200: 20G
DefensePro40420: 40G
AntiDDoS8080: 40G
AntiDDoS8030: 20G
TMS4100: 10G
10G
ADS6000: 10G
TMS3100: 10G
AntiDDoS8030: 10G
APS2108: 10G
APS2107: 8G
DefensePro8412: 8G
TMS3050: 5G
5G
ADS4000: 4G
2G
1G
ADS2000D: 1G
AntiDDoS1550: 5G
APS2105: 4G
DefensePro4412: 4G
TMS2500: 2.5G
DefensePro2016: 2G
APS2104: 2G
DefensePro2006: 2G
TMS1200: 1.5G
DefensePro1016: 1G
DefensePro3016: 3G
ADS1600D: 500M
Main vendors:
A10, Andrisoft, Arbor
Networks, Corero, F5,
Fortinet, GenieNRM,
Huawei, Juniper,
Narus, Radware,
RioRey.
Source:
Infonetics
2014.6.4
AntiDDoS1520: 2G
DefensePro1006: 1G
DefensePro506: 500M
Huawei Confidential
Page 6
Challenges of DDoS attack

Too difficult to discover DDoS attacks
How to prevent DDoS attack from source
How to cut cost of DDoS
Huawei Confidential
Page 7
Content
1
Case study
Huawei AntiDDoS Solution Components
Management Center
AntiDDoS
Solution
HUAWEI AntiDDoS
Solution
Detection Center
Huawei Confidential
Cleaning Center
Page 9
Huawei AntiDDoS Portfolio

DDoS Detection Center
DDoS Cleaning Center
Management Center
<=200G
<=200G
<=5G
AntiDDoS1500-D
AntiDDoS8000
From Third
Part
AntiDDoS8000
<=2G
AntiDDoS1520
<=5G
AntiDDoS1550
ATIC
Managerment Center
Software and
Management servers
Netflow Analysis device
Huawei Confidential
Page 10
AntiDDoS8030 AC chassis
8030
Front Panel
8030 MPU
2 MPU
3 Slots
5U
Power 1+1
8030 with double MPU blade ,and every blaode with two G CF
Cards.
AntiDDoS 8000 used high performance CPU
Channel form MPU to SPU/LPU is 1G
8030 Back Panel

8030 AC Bundle
Fans 1+1
Huawei Confidential
include
8030 AC Chassis 5U
With 2 MPU,2 power, 2 Fans
Page 11
Anti-DDoS Deployment Recommendation Matrix

Scenario Detecting Center
1
anti-DDoS
appliance
Netflow appliance
Customers' own
appliance
No
Clearing
Center
Management
Center
Customer Cases
byte, equinix,
carrier operators,
big ISP
anti-DDoS
appliance
carrier operators
ATIC
Huawei Confidential
Tencent, Alibaba,
big ASPs
small enterprises,
online game
operators
Page 12
Huawei AntiDDoS workflow

Internet
Mirror traffic for DDoS detect
AntiDDoS Detection
center
Configure policy for detect center

and detect center send logs for
management center.
1:1
When traffic abnormal , management center

send cleaning policy to cleaning center.
AntiDDoS Cleaning
center
Internal Network
AntiDDoS management
center
Cleaning center publishes diversion policy

to the Router ,than the traffic be send to
cleaning center .
Cleaning traffic was re-injected to the network ,
Mirrored traffic
logs are sent to the management center.
Management traffic
Traffic before cleaning
Traffic after cleaning

Log Traffic
Huawei Confidential
Page 13
Huawei Anti-DDoS Solution Highlights

Value-added operation : Botnet, Trojan, and
Fine-grained policies
Protection for 100,000 tenants
Diversified self-services
worm attacks
Application-layer
attacks
Malformed packet
attacks
Large-traffic
attacks
Efficient and speedy :

200 Gbit/s processing capability
Seconds-level response
Accurate and comprehensive :

V-ISA reputation Mechanism ,ability to
defend against more than 100 types of
DDoS attacks
IPv6 attack defense capabilities
Error-free attack identification
Huawei Confidential
Service protection system
Tenant self-help system
Page 14
Huawei V-ISA Reputation System

V
Number of DDoS
that could
defense
DDoS detection
mechanism
V-ISA reputation
mechanism to defense
DDoS
Huawei
Others
100+
30+
Per packet deep

detection
Flow detection
Worms
/Bots/Trojans
200+
100+
AntiDDoS
Evolution
Support IPv6-IPv4
at same time
Only support
IPv4or IPv6
VSupport Virtual defend and Operation
I Based on IP reputation can defend Bots attacks
SBased on Session reputation can defend

slow attacks
ABased on behavior Analysis can defend App.

attacks
Huawei Confidential
Page 15
Defendable Attacks Details

Comprehensive Attack Defense
Protocol Vulnerability
Scanning And Sniffing
IP Spoofing attack
Land attack
Fraggle attack
WinNuke
Ping of Death
Tear Drop
Smurf
IP option
Large ICMP
DNS vulnerabilities
Port scanning
IP scanning
Tracert
IP source routing packet
control
IP routing record packet
control
Flood Attacks
Icmp flood
Syn flood
Tcp flood
Udp flood
Ack flood
SYN flood
ACK flood
SYN-ACK flood
FIN/RST flood
TCP fragment flood
UDP flood
UDP fragment flood
ICMP flood
Bots And worms
Application Attacks
DNS query flood

DNS reply flood
DNS cache poisoning
DNS reflection
TCP connection flood
TCP low-rate connection
Sockstress
HTTP flood
HTTP retransmission
HTTP slow headers
HTTP slow post
SIP flood
HTTPS flood
SSL DoS/DDoS
Web application threat
Fast-Flux
LOIC
HOIC
Slowloris
Pyloris
HttpDosTool
Slowhttptest
Thc-ssl-dos
.
Over 200 kinds of
bots ,worms and
Trojans detect.
Hundreds of attack defense means and dedicated anti-DDoS for DNS services and web applications
Huawei Confidential
Page 16
Within second attack response
When traffic abnoramal

happened , defense start
,reaction time within
seconds.
IP layer+ TCP layer + App. Layer

Deep detect and accurate defense
Huawei Confidential
In time fingerprint collect

and defend , do not need
upgrade database of
attack fingerprint
Page 17
Industry-leading performance
200G
performance
Huawei
Industry
Number of service boards
Most highly integrated service boards in the

industry
Four high-performance multi-core CPUs
Dedicated boards that each defends against
up to 15 million pps DDoS attacks
Traffic diversion on interface boards,

ensuring load balancing
Ten times expansion capability for an
integrated system
Support of eighty 10-GB interfaces
Huawei Confidential
200 Gbit/s processing capability for

an integrated system
Less than 2s attack response time
Continuous and reliable protection
for 1 to 3 years
Page 18
Huawei Anti-DDoS Solution Highlights

Value-added operation : Botnet, Trojan, and
Fine-grained policies
Protection for 100,000 tenants
Diversified self-services
worm attacks
Application-layer
attacks
Malformed packet
attacks
Large-traffic
attacks
Efficient and speedy :

200 Gbit/s processing capability
Seconds-level response
Accurate and comprehensive :

V-ISA reputation Mechanism ,ability to
defend against more than 100 types of
DDoS attacks
IPv6 attack defense capabilities
Error-free attack identification
Huawei Confidential
Service protection system
Tenant self-help system
Page 19
Content
1
Case study
Global Cases of Huawei AntiDDoS
Huawei AntiDDoS serviced for more than 100 customers ,including

Carries , Government, Financial , Enterprise ,and soon on.
Huawei Confidential
Page 21
MTN
Challenges
MTN enterprise business provide Security Service for customers
and AntiDDoS is one of the services .
But online AntiDDoS solution need to expand and do not need
MTNS service requirement .
Solution
High performance meet MTN whole deployment requirements.
Accurate defend and easy to management .
Operational portal made Security service easy to be operated and

customers can do policy and report by them selves.
Huawei Confidential
Page 22
Alibaba Cloud Computing Protect Online Commerce

After being deployed, Huawei anti-DDoS solution
runs reliably and stably to protect the system
against various DDoS attacks.
Protect the Biggest

Online Commerce
In addition, Huawei solution is scalable and can meet our

current and future development demands.
Wei Xingguo, department director of the Information Security Center
Challenge
Frequent DDoS attacks of 10 Gbit/s to 40 Gbit/s

Diversified attacks Frequent application-layer attacks
Defense against DDoS attacks for thousands of tenants (small and
medium-sized enterprises) and growth in return on investment
Solution
Deploy 40 Gbit/s gateways in bypass mode on the outgoing gateway server

to protect carriers against more than 100 types of DDoS attacks.
Offer operation features, such as fine-grained multi-tenancy configurations
and self-services.
Huawei Confidential
Page 23

Copyright 2012 Huawei Technologies Co., Ltd. All Rights Reserved.
The information in this document may contain predictive statements including, without limitation, statements regarding the future financial
and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and
developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for
reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.

Huawei Anti-DDoS Solution Mainslide - ISP

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Huawei Anti-DDoS Solution Mainslide - ISP

Uploaded by

Copyright:

Available Formats

Huawei Enterprise A Better Way

Secure and Continuous services

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Enterprise A Better Way

Attack Status and Challenges