Professional Documents
Culture Documents
enterprise.huawei.com
Content
1
Case study
August 2013
Chinese .CN domain was attack by
Financial service
April.2013
ING bank customers were unable to use
online banking services in April.2013.
And the Bank was attack by DDoS for
Several times this year.
Huawei Confidential
Security Provider
Mar. 2013
Spamhaus were suffering a large DDoS
Page 3
57%
31%
29%
20%
15%
25%
5%
Internet
Network Pipe
E-Commercial Online
game
database
FW/IPS Loadbal
servers
ance
Huawei Confidential
Page 4
7%
4%
7%
DNS
services
Financial
services
Others
Started long
ago
1996
..
1996
Scanning and sniffing
DoS attack
2000
Flood attack
2007
HTTP App. attack
DDoS attack
Attack trends
Bot attack
Flood attack
300G
37%
Encryption attack
App. attack
71%
87%
29%
13%
2011
2013
100G
40G
2008
63%
2011
2013
2008
Huawei Confidential
2012
Mobile DDoS
2011
SSL DDoS
Page 5
Mobile DDoS
AntiDDoS8160: 200G
AntiDDoS8160: 100G
TMS4400: 40G
40G
TMS4200: 20G
DefensePro40420: 40G
AntiDDoS8080: 40G
DefensePro30420: 30G
AntiDDoS8030: 20G
TMS4100: 10G
10G
ADS6000: 10G
TMS3100: 10G
AntiDDoS8030: 10G
APS2108: 10G
APS2107: 8G
DefensePro8412: 8G
TMS3050: 5G
5G
ADS4000: 4G
2G
1G
DefensePro10420: 10G
ADS2000D: 1G
AntiDDoS1550: 5G
APS2105: 4G
DefensePro4412: 4G
TMS2500: 2.5G
DefensePro2016: 2G
APS2104: 2G
DefensePro2006: 2G
TMS1200: 1.5G
DefensePro1016: 1G
DefensePro3016: 3G
ADS1600D: 500M
Main vendors:
A10, Andrisoft, Arbor
Networks, Corero, F5,
Fortinet, GenieNRM,
Huawei, Juniper,
Narus, Radware,
RioRey.
Source:
Infonetics
2014.6.4
AntiDDoS1520: 2G
DefensePro1006: 1G
DefensePro506: 500M
Huawei Confidential
Page 6
Huawei Confidential
Page 7
Content
1
Case study
Management Center
AntiDDoS
Solution
HUAWEI AntiDDoS
Solution
Detection Center
Huawei Confidential
Cleaning Center
Page 9
Management Center
<=200G
<=200G
<=5G
AntiDDoS1500-D
AntiDDoS8000
From Third
Part
AntiDDoS8000
<=2G
AntiDDoS1520
<=5G
AntiDDoS1550
ATIC
Managerment Center
Software and
Management servers
Huawei Confidential
Page 10
AntiDDoS8030 AC chassis
8030
Front Panel
8030 MPU
2 MPU
3 Slots
5U
Power 1+1
8030 with double MPU blade ,and every blaode with two G CF
Cards.
AntiDDoS 8000 used high performance CPU
Channel form MPU to SPU/LPU is 1G
Huawei Confidential
include
8030 AC Chassis 5U
With 2 MPU,2 power, 2 Fans
Page 11
anti-DDoS
appliance
Netflow appliance
Customers' own
appliance
No
Clearing
Center
Management
Center
Customer Cases
byte, equinix,
carrier operators,
big ISP
anti-DDoS
appliance
carrier operators
ATIC
Huawei Confidential
Tencent, Alibaba,
big ASPs
small enterprises,
online game
operators
Page 12
AntiDDoS Detection
center
1:1
AntiDDoS Cleaning
center
Internal Network
AntiDDoS management
center
Mirrored traffic
Management traffic
Traffic before cleaning
Huawei Confidential
Page 13
worm attacks
Application-layer
attacks
Malformed packet
attacks
Large-traffic
attacks
Page 14
Number of DDoS
that could
defense
DDoS detection
mechanism
V-ISA reputation
mechanism to defense
DDoS
Huawei
Others
100+
30+
Flow detection
Worms
/Bots/Trojans
200+
100+
AntiDDoS
Evolution
Support IPv6-IPv4
at same time
Only support
IPv4or IPv6
Huawei Confidential
Page 15
IP Spoofing attack
Land attack
Fraggle attack
WinNuke
Ping of Death
Tear Drop
Smurf
IP option
Large ICMP
DNS vulnerabilities
Port scanning
IP scanning
Tracert
IP source routing packet
control
IP routing record packet
control
Flood Attacks
Icmp flood
Syn flood
Tcp flood
Udp flood
Ack flood
SYN flood
ACK flood
SYN-ACK flood
FIN/RST flood
TCP fragment flood
UDP flood
UDP fragment flood
ICMP flood
Application Attacks
Fast-Flux
LOIC
HOIC
Slowloris
Pyloris
HttpDosTool
Slowhttptest
Thc-ssl-dos
.
Over 200 kinds of
bots ,worms and
Trojans detect.
Hundreds of attack defense means and dedicated anti-DDoS for DNS services and web applications
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Confidential
Page 16
Huawei Confidential
Page 17
Industry-leading performance
200G
performance
Huawei
Industry
Huawei Confidential
Page 18
worm attacks
Application-layer
attacks
Malformed packet
attacks
Large-traffic
attacks
Page 19
Content
1
Case study
Huawei Confidential
Page 21
MTN
Challenges
Solution
Huawei Confidential
Page 22
Challenge
Solution
Huawei Confidential
Page 23