Cisco Cisco Catalyst 6500 Cisco 7600 Router Anomaly Guard Module プリント
444
© 2005 Cisco Systems, Inc. All rights reserved.
Cisco DDoS Mitigation
Service Provider Solutions
Service Provider Solutions
Attack Evolution
•
Nonessential
protocols
(e.g., ICMP)
protocols
(e.g., ICMP)
•
100s of sources
•
10K packets/second
Scale
of
Attacks
Sophistication of Attacks
Two scaling dimensions:
•
Millions of
packets/second
packets/second
•
100Ks zombies
•
Essential protocols
•
Spoofed
•
10K zombies
•
100K packets/second
•
Compound and
morphing
morphing
Past
Present
Emerging
Potentially
random
Targeted
economic
Publicity
driven
Mainstream
corporations
High-profile
targets
Niche targets
Stronger and More Widespread