You are on page 1of 4

Viettel Anti DDOS Volume Based

solution

Viettel Anti DDOS Volume Based Solution


Anti DDOS Volume Based l gii php chng tn u im ni bt:
cng bng thng ln, lm nghn traffic uplink
ca khch hng, nh hng dch v ca khch Pht hin v cnh bo cc cuc tn cng
hng hoc nh hng mng li lm mt dch v DDOS bng thng ln, cnh bo n
din rng. ngi qun tr bng SMS hoc email
Gim thiu cc kiu tn cng bng thng
V sao phi trin khai Viettel Anti DDOS ln nh: UDP flood, ICMP flood,SYN
Volume Based Solution Flood, DNS Amplification, NTP
Amplificaion
Cc cuc tn cng DDOS ngy nay ngy mt a
X l cc cuc tn cng bng thng ln
dng v quy m v mc ch, khng ch n
thun l nhng hnh vi ph hoi h thng v mc t vi chc Gbps n vi trm Gbps, hoc
ch c nhn m cn l nhng cuc tn cng c cc lung tn cng n 10 triu pps
t chc, c ng c kinh t v chnh tr. Cc kiu Pht hin v cnh bo tn cng lm
tn cng cng nh quy m tn cng ngy cng nghn uplink theo tng interface, x l
a dng v phc tp. nghn link trc tip qua portal
D dng vn hnh v x l
D dng trin khai v tng thch vi
nhiu h tng mng

Hacker c th s dng nhng li ca cc thit b u cui, s dng nhiu kiu tn cng m huy ng cc
lung tn cng ln c vi Gbps n vi chc thm ch vi trm Gbps:

Cc kiu tn cng c th l cc kiu tn cng UDP flood, ICMP flood,SYN Flood, DNS
Amplification, NTP Amplificaion, SSDP
Cc t tn cng c th nhm vo i tng l 1 khch hng FTTH, mt khch hng
Leaseline, mt doanh nghip hoc thm ch c th c 1 nh mng

H thng Anti DDOS Volume Based l mt gii php tng th nhm bo v ngi dng, t chc khi cc
cuc tn cng DDOS nh trn, vi vic ngn chn lung traffic tn cng ngay ti mng ca ISP.

M hnh trin khai ca gii php Viettel Anti


DDOS Volume Based Solution
H thng Anti DDOS Volume Based bao gm 4 thnh phn chnh :

Detection: Dng pht hin cnh bo IP b tn cng DDOS.

Scrubber: Dng lc cc traffic tn cng, tr v traffic sch

Portal: Xem thng tin cnh bo, trng thi cuc tn cng, ra lnh cho h thng divertsion
thay i nh tuyn.

Divertsion: L thnh phn li traffic v h thng scrubber, dng thay i nh tuyn, nhn
lnh t portal

Cc tnh nng chnh


- Pht hin tn cng DDOS Volumed based:
Phn hin IP b tn cng da trn vic profile traffic thc t ca khch hng t pht
hin khi c bt thng xy ra
Pht hin IP b tn cng da trn ngng
Cc loi tn cng pht hin c: Volumed based: UDP & ICMP Flood, SYN Flood, da
trn Volume, khng quan tm n giao thc
Thi gian pht hin tn cng di 2 pht
Xc nh tp good IP i vi ton mng v tng khch hng (l danh sch IP tin cy m
khch hng thng xuyn kt ni ti trng thi bnh thng)
a ra ACL (Access list) ca IP b tn cng
- Ngn chn tn cng DDOS Volumed based:
X l trit tiu hn lung tn cng trc tip trn portal: Xy ra nghn link quc t, nghn
link IDC-VTNET, lm cao ti Allot): Gi lnh xung router RTBH x l tn cng:
Route null, c cc option chn ton b, hoc ton b trong nc, hoc ton b quc t,
hoc ton b PE
Trng hp 2: Li lung traffic tn cng DDOS qua h thng scrubber lc traffic tn
cng, m bo dch v khch hng:
o Chn invalid packet
o Permit Good IP: cho php cc good IP c i qua nhanh m khng phi x
l thm (ACL, bp bng thng)
o Drop bad ACL: Chn traffic tn cng da vo ACL t Detection
o Bp bng thng theo IP dest: Bp bng thng theo ngng c sn
o Bt pcap gi tin trc v sau khi x l theo di thm
o X l tn cng ti a 20 Gbps/ 01 server vt l
- Chn nhanh 1 IP xu:
Chn nhanh cc IP xu (VD: theo yu cu B Cng An, IP ca CnC): Gi lnh xung
Router RTBH
- Portal theo di, x l cc cuc tn cng:
Theo di cc cuc tn cng ang xy ra, thng tin chi tit cuc tn cng (thng tin IP,
thng tin bng thng, loi tn cng)
X l tn cng: Route IP b tn cng vo null/Scrubber. Thm sa xa Access list ca
cuc tn cng
Theo di su hn: Xem gi tin pcap chiu in/out nu IP b tn cng i qua scrubber
nh gi hiu qu ca vic pht hin/ngn chn
c t yu cu phn cng cho h thng my ch Tp trung
Model Anti DDOS 60 Gbps Anti DDOS 120 Anti DDOS 180 Anti DDOS 240
Gbps Gbps Gbps
Lung traffic <60 Gbps <120 Gbps <180 Gbps <240 Gbps
chng tn
cng ti a
Server cu 01 Server 2 x E5- 02 Server 2 x 03 Server 2 x E5- 04 Server 2 x E5-
hnh 2687Wv4 E5-2687Wv4 2687Wv4 2687Wv4
128GB DDR, 128GB DDR, 128GB DDR, 128GB DDR,
4x 1.2TB SAS 10K 4x 1.2TB SAS 4x 1.2TB SAS 10K 4x 1.2TB SAS 10K
rpm HDD, 3 x back 10K rpm HDD, 3 rpm HDD, 3 x back rpm HDD, 3 x back
plane PCI, 3 x 4 port x back plane plane PCI, 3 x 4 plane PCI, 3 x 4
ethernet 10Gbps quang, PCI, 3 x 4 port port ethernet port ethernet
12 modul single mode ethernet 10Gbps 10Gbps quang, 12 10Gbps quang, 12
1310mm quang, 12 modul modul single mode modul single mode
single mode 1310mm 1310mm
1310mm.

Copyright 2016 Viettel Information Security Center (VISC).


The information contained herein is subject to change without
notice. The only warranties for VISC products and services are
set forth in the express warranty statements accompanying
such products and services. Nothing herein should be
construed as constituting an additional warranty. VISC shall
not be liable for technical or editorial errors or omissions
contained herein.
For more information, go to www.viettel.com.vn