• September 23, 2020, 11:24:48 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Using sFlow and OpenFlow to mitigate DDoS attacks  (Read 4232 times)

0 Members and 1 Guest are viewing this topic.

Offline Martin2341

  • Rookie
  • **
  • Posts: 21
Using sFlow and OpenFlow to mitigate DDoS attacks
« on: February 25, 2014, 06:35:51 PM »
I found this interesting and I thought others would as well.  There is a blog write-up and video demonstration of how sFlow and OpenFlow can be combined to deliver DDoS mitigation on sflow.com.  It seems that enabling standard sFlow in the switches and routers provides a continuous stream of measurement data which can provide real-time detection and notification of DDoS attacks. If an attack is detected, hybrid port OpenFlow is employed to override the normal forwarding behavior of the selected flow, thus mitigating the attack.  I am not able to post links yet however, if you are interested, it is entitled "#NFD7 Real Time SDN and NFV Analytics for DDoS Mitigation" and I'm sure a google search will find it quickly.


Offline TankII

  • Hero Member
  • *****
  • Posts: 556
Re: Using sFlow and OpenFlow to mitigate DDoS attacks
« Reply #1 on: February 26, 2014, 11:51:51 AM »
We are using Plixer's Scrutinizer and the flow data has caught many an attempt internally and externally.

TankII

Offline Martin2341

  • Rookie
  • **
  • Posts: 21
Re: Using sFlow and OpenFlow to mitigate DDoS attacks
« Reply #2 on: February 26, 2014, 02:18:07 PM »
Thanks! I haven't used that. Quick question if you happen to know it, can the Scrutinizer do real-time mitigation as well?

Offline TankII

  • Hero Member
  • *****
  • Posts: 556
Re: Using sFlow and OpenFlow to mitigate DDoS attacks
« Reply #3 on: February 27, 2014, 01:02:48 PM »
If you are good at scripting, you can use SNMP to shut down ports and the like.
I haven't tried to use it to implement an ACL, just alert me for pattern behavior that I should take a look at.

I'll take a peek at the article you listed and see what is comparable in this tool.

Thanks!

TankII

Offline Martin2341

  • Rookie
  • **
  • Posts: 21
Re: Using sFlow and OpenFlow to mitigate DDoS attacks
« Reply #4 on: February 27, 2014, 07:12:13 PM »
Sure thing.  Thanks for the replies!

Offline TankII

  • Hero Member
  • *****
  • Posts: 556
Re: Using sFlow and OpenFlow to mitigate DDoS attacks
« Reply #5 on: February 28, 2014, 10:14:06 AM »
From Mike Patterson, owner of Plixer:

Hi David,

Yes, see attached. We have logic that can detect DDoS attacks but, it does not mitigate it like a SDN network would.  We would send the alarm or the trigger logic to the SDN application just like Inmon’s sFlow solution would. Am I answering your question?

Offline Telair

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 965