0

2023년 4분기 DDoS 위협 보고서

Cloudflare DDoS 위협 보고서 제16호에 오신 것을 환영합니다. 이번 호에서는 2023년 4분기이자 마지막 분기의 DDoS 동향과 주요 결과를 다루며, 연중 주요 동향을 검토합니다.

DDoS 공격이란 무엇일까요?

DDoS 공격 또는 분산 서비스 거부 공격은 웹 사이트와 온라인 서비스가 처리할 수 있는 트래픽을 초과하여 사용자를 방해하고 서비스를 사용할 수 없게 만드는 것을 목표로 하는 사이버 공격의 한 유형입니다. 이는 교통 체증으로 길이 막혀 운전자가 목적지에 도착하지 못하는 것과 유사합니다.

이 보고서에서 다룰 DDoS 공격에는 크게 세 가지 유형이 있습니다. 첫 번째는 HTTP 서버가 처리할 수 있는 것보다 더 많은 요청으로 서버를 압도하여 서비스 거부 이벤트를 발생시키는 것을 목표로 하는 HTTP 요청집중형 DDoS 공격입니다. 두 번째는 라우터, 방화벽, 서버 등의 인라인 장비에서 처리할 수 있는 패킷보다 많은 패킷을 전송하여 서버를 압도하는 것을 목표로 하는IP 패킷집중형 DDoS 공격입니다. 세 번째는 비트 집중형 공격으로, 인터넷 링크를 포화 상태로 만들어 막히게 함으로써 앞서 설명한 '정체'를 유발하는 것을 목표로 합니다. 이 보고서에서는 세 가지 유형의 공격에 대해 다양한 기법과 인사이트를 중점적으로 다룹니다.

보고서의 이전 버전은 여기에서 확인할 수 있으며, 대화형 허브인Cloudflare Radar에서도 확인할 수 있습니다. Cloudflare Radar는 전 세계 인터넷 트래픽, 공격, 기술 동향, 인사이트를 보여주며, 드릴 다운 및 필터링 기능을 통해 특정 국가, 산업, 서비스 공급자에 대한 인사이트를 확대할 Continue reading

0

BGP Labs: Reuse BGP AS Number Across Sites

When I published the Bidirectional Route Redistribution lab exercise, some readers were quick to point out that you’ll probably have to reuse the same AS number across multiple sites in a real-life MPLS/VPN deployment. That’s what you can practice in today’s lab exercise – an MPLS/VPN service provider allocated the same BGP AS number to all your sites and expects you to deal with the aftermath.

0

BGP Labs: Reuse BGP AS Number Across Sites

When I published the Bidirectional Route Redistribution lab exercise, some readers were quick to point out that you’ll probably have to reuse the same AS number across multiple sites in a real-life MPLS/VPN deployment. That’s what you can practice in today’s lab exercise – an MPLS/VPN service provider allocated the same BGP AS number to all your sites and expects you to deal with the aftermath.

0

Tech Bytes: AI-Powered Autonomous Digital Experience Management (Sponsored)

Autonomous Digital Experience Management (ADEM) provides detailed visibility into end user device and application performance. On today’s sponsored episode, we talk with Palo Alto Networks about how it uses AIOps with ADEM to help IT and help desk teams quickly identify and respond to problems for a distributed workforce. We also discuss synthetic transactions, and... Read more »

0

5G Advanced Standards Set Stage for 6G Release

Recent 3GPP work on Releases 18 and 19 in areas such as AI/ML, MIMO, and power savings provide a starting point for future 6G standards.

0

An overview of Cloudflare’s logging pipeline

One of the roles of Cloudflare's Observability Platform team is managing the operation, improvement, and maintenance of our internal logging pipelines. These pipelines are used to ship debugging logs from every service across Cloudflare’s infrastructure into a centralised location, allowing our engineers to operate and debug their services in near real time. In this post, we’re going to go over what that looks like, how we achieve high availability, and how we meet our Service Level Objectives (SLOs) while shipping close to a million log lines per second.

Logging itself is a simple concept. Virtually every programmer has written a Hello, World! program at some point. Printing something to the console like that is logging, whether intentional or not.

Logging pipelines have been around since the beginning of computing itself. Starting with putting string lines in a file, or simply in memory, our industry quickly outgrew the concept of each machine in the network having its own logs. To centralise logging, and to provide scaling beyond a single machine, we invented protocols such as the BSD Syslog Protocol to provide a method for individual machines to send logs over the network to a collector, providing a single pane of glass Continue reading

0

VXLAN/EVPN – Host ARP

In the last post Advertising IPs In EVPN Route Type 2, I described how to get IPs advertised in EVPN route type 2, but why do we need it? There are three main scenarios where having the MAC/IP mapping is useful:

• Host ARP.
• Host mobility.
• Host routing.

In this post I will cover the first use case and the topology below will be used:

Host ARP

When two hosts in the same subnet want to send Ethernet frames to each other, they will ARP to discover the MAC address of the other host. This is no different in a VXLAN/EVPN network. The ARP frame, which is broadcast, will have to be flooded to other VTEPs either using multicast in the underlay or by ingress replication. Because the frame is broadcast, it will have to go to all the VTEPs that have that VNI. The scenario with ingress replication is shown below:

In this scenario, SERVER-1 is sending an ARP request to get the MAC address of SERVER-4. As all leafs are participating in the L2 VNI, LEAF-1 will perform ingress replication and send it to all leafs. However, sending the ARP request to LEAF-2 and LEAF-3 is not needed Continue reading

0

On Routing Protocol Metrics

This LinkedIn snippet just came in from the someone is not exactly right on the Internet department:

Unlike IGP protocols, BGP is not dependent on a single type of metric to choose the best path.

EIGRP is an immediate counterexample that brought the above quote to my attention, but it’s worth exploring the topic in more detail.

0

On Routing Protocol Metrics

This LinkedIn snippet just came in from the someone is not exactly right on the Internet department:

Unlike IGP protocols, BGP is not dependent on a single type of metric to choose the best path.

EIGRP is an immediate counterexample that brought the above quote to my attention, but it’s worth exploring the topic in more detail.

0

Ethernet Holds Its Own in Demanding AI Compute Environments

While InfiniBand is making gains, many enterprises are sticking with Ethernet for their data center switching and interconnectivity needs to run their AI workloads.

0

The browsers biggest TLS mistake

The browsers biggest TLS mistake

Much like a previous talk of mine at Chaos Computer Congress this blog post is a direct write-up of a talk, if you prefer to consume this kind

0

AWS Advanced Networking Speciality

https://codingpackets.com/blog/aws-advanced-networking-speciality

0

BGP in 2023 – Have we reached Peak IPv4?

At the start of each year, I’ve been reporting on the behaviour of the Internet’s inter-domain routing system over the previous 12 months, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet. The year 2023 marks a significant point in the evolution of the Internet where the strong growth numbers that were a constant feature of the past thirty years are simply not present in the data. Not only is the Internet’s growth slowing down significantly, but in the IPv4 network it appears to be shrinking, which is unprecedented in the brief history of the Internet to date.

0

BGP in 2023 – Have we reached Peak IPv4?

At the start of each year, I’ve been reporting on the behaviour of the Internet’s inter-domain routing system over the previous 12 months, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet. The year 2023 marks a significant point in the evolution of the Internet where the strong growth numbers that were a constant feature of the past thirty years are simply not present in the data. Not only is the Internet’s growth slowing down significantly, but in the IPv4 network it appears to be shrinking, which is unprecedented in the brief history of the Internet to date.

0

HN715: Prescribing The Right Dose Of Automation For A Hospital Network

We talk with network architects and engineers at NewYork-Presbyterian Hospital about their automation strategy for mission-critical networks that support patient care. We explore the automation progress they've made, long-term goals, technical and cultural challenges, what they'd like to see from vendors, and more.

The post HN715: Prescribing The Right Dose Of Automation For A Hospital Network appeared first on Packet Pushers.

0

HN715: Prescribing The Right Dose Of Automation For A Hospital Network

At NewYork-Presbyterian Hospital, patients are the priority. That focus on patient care extends to the hospital’s campus network, data center, wireless network, and SD-WAN. These networks are instrumental for delivering medical applications and connecting medical devices. On today’s Heavy Networking, we talk with network architects and engineers at NewYork-Presbyterian about their use of automation to... Read more »

0

Weekend Reads 011524

Thanks to Mark Prosser for a few links to add to the pile this week.

There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents.

Microsoft found that a popular form of video-based training reduces phish-clicking behavior by about 3%, at best. This number has been stable over the years, says Microsoft, while phishing attacks are increasing yearly.

The Internet Architecture Board (IAB) has warned that policy proposals requiring or enabling the automated scouring of people’s devices for illegal material – as floated by the European Union, the United Kingdom, and the United States – threaten the open internet.

Another update of the Ultimate PCAP is available. Again, there are some special new packets in there which I want to point out here. Feel free to download the newest version to examine those new protocols and packets by yourself. Featuring: SNMPv3, WoL, IPMI, HSRP, Zabbix, Pile of Poo, and Packet Comments.

The Genesis Market began operating in 2017, four years after Silk Road closed shop. Like its predecessor, though, the Federal Bureau of Investigation (FBI) and other law enforcement agencies took the Genesis Market down last April.

Miyake events are believed to be Continue reading

0

The Future of IT Infrastructure: Embracing the Multi-cloud Revolution

Multi-cloud infrastructure could be the answer to escaping unbending contracts and increased control over the outcomes of your business.

0

Public Videos: Routing Protocols

One of the delightful side effects of leaving the paid content business is that I no longer have to try to persuade anyone that my content is any good. That includes the “this video is now public” announcements – instead of elaborate introductions, I’ll just publish a short blog post with the links.

As of today, these videos (along with dozens of previously-released videos) from the Routing Protocols section of the How Networks Really Work webinar are no longer behind a login wall:

0

Advertising IPs In EVPN Route Type 2

In my last post EVPN Deepdive Route Types 2 and 3, we took a deepdive into these two route types. I mentioned that the IP address of a host, a /32 or /128 address, could optionally be advertised. I also mentioned that this is mainly to facilitate features such as ARP suppression where a VTEP will be aware of the MAC/IP mapping and not have to flood BUM frames. However, in my last lab no IP addresses were advertised. Why is that? How do we get them advertised?

Currently, I have only setup a L2 VNI in the lab. This provides connectivity for the VLAN that my hosts are in, but it does not provide any L3 services. There is no SVI configured and there is also no L3 service configured that can route between different VNIs. The “standard” way of setting this up would be to configure anycast gateway on the leafs where every leaf that hosts the VNI has the same IP/MAC, but I consider this to be an optimization that I want to cover in a future posts. I prefer to break things down into their components and focus on the configuration needed for each component Continue reading