University of Twente Student Theses


Anycast for DDoS

Kuipers, J.H. (2017) Anycast for DDoS.

Abstract:In this work we investigate the im- pact of DDoS attacks on anycast services and the possibilities of anycast recon- �guration as a possible mitigation against the e�ects of a DDoS attacks. To analyse the e�ects of a DDoS attack on anycast services we combined DDoS attack data and an anycast testbed developed for research purposes. We used DDoS attack data from captured real DDoS attacks [2] and simulated DDoS attacks based on captured botnet tra�c. The anycast testbed consists of 9 sites spread around the world and is capable of measuring which IPs reach each instance using active measurements. DDoS attack defense and mitigation is a popular and broad subject and active research domain. One mitigation method used to alleviate the e�ects of a DDoS attack is (anycast) network recon�g- uration. Anycast services are generally con�gured to spread the tra�c load across sites according to site capacity. But anycast services can be recon�gured to spread the load of DDoS tra�c in various other ways. The anycast service could for instance be con�gured to redirect all (DDoS) tra�c to one site with scrubbing devices installed. We recon�gured the anycast testbed using a method called AS-path prepending and measured the impact of several of these mitiga- tion strategies. Several other anycast con�guration and manipulation methods exist, such as BGP communities, but we decided to choose AS-path prepending only to be able to evuluate this method more thoroughly and prevent attribu- tion problems when two methods are used at the same time.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page