lobster lessons learned presentation
TRANSCRIPT
![Page 1: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/1.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Large Scale Attacks on the InternetLessons learned from the LOBSTER project
Evangelos MarkatosInstitute of Computer Science (ICS)
Foundation for Research and Technology – Hellas (FORTH)
Crete, Greece
The LOBSTER project
![Page 2: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/2.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Agenda
• Motivation• The LOBSTER Infrastructure
– Number of sensors - deployment – Attacks captured
• Lessons Learned • Policy Implications
![Page 3: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/3.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Agenda
• Motivation• The LOBSTER Infrastructure
– Number of sensors - deployment – Attacks captured
• Lessons Learned • Policy Implications
![Page 4: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/4.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Computer Security is gettingincreasingly important
• 1988– The Morris worm compromised 6,000 UNIX computers
• 2001– The Code Red worm compromised 300,000 computers
Source: CAIDA/UCSD
![Page 5: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/5.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Computer Security is Critical
• 2007: Vint Cerf (the father of the Internet and VP of Google) says: – 25% of all computers online are compromised
• 100-150 million computers are compromised…
![Page 6: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/6.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Vulnerabilities
0
1000
2000
3000
4000
5000
2004 2005 2006
Vulnerabilities found
• Total Vulnerabilities documented by Symantec Corporation (source: Internet Security Threat Report)
![Page 7: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/7.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Black Market Trading
![Page 8: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/8.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
So?
• One out of four computers is compromised• Hackers penetrate all different kinds of
computers • Vulnerabilities are increasing every year • They are being sold in the black market
• We need to react: – Monitor large scale attacks – Understand mechanisms and motives of attackers
![Page 9: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/9.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Agenda
• Motivation• The LOBSTER Infrastructure
– Number of sensors - deployment – Attacks captured
• Lessons Learned • Policy Implications
![Page 10: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/10.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
The LOBSTER project
• Research Networking Test-Bed project– 2005-2007 Funded by IST
• Installed a monitoring infrastructure – To study performance and security issues in European Research
and Educational networks – Deployed
• more than 40 sensors • in 10 countries
– Monitors incoming traffic to see if it contains network attacks from hackers
Funded by the European Commission
![Page 11: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/11.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
LOBSTER Deployment
![Page 12: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/12.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Attacks Captured: focus on polymorphic attacks
• Close to one million attacks captured• One attack every 30 seconds!• One attack every two seconds (peak rate)!
![Page 13: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/13.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Where do attackers come from?
All over the world
![Page 14: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/14.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Where do attackers come from?
• 70% of the attacks to an organization originate from “inside” hosts – Maybe compromised computers which attack the local network
Attacks Launched
from internalhostsfrom externalhosts
![Page 15: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/15.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Agenda
• Motivation• The LOBSTER Infrastructure
– Number of sensors - deployment – Attacks captured
• Lessons Learned • Policy Implications
![Page 16: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/16.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Lessons Learned
• Attackers launch attacks from all over the world• Several attacks originate from “internal” hosts
– Probably compromised computers of the organization
• Isolated viewpoints provided a “narrow point of view” of the attack plane, i.e. – One sensor reported heavy attack while– Another sensor reported very little attacks
SENSOR 1 SENSOR 2
![Page 17: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/17.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Agenda
• Motivation• The LOBSTER Infrastructure
– Number of sensors - deployment – Attacks captured
• Lessons Learned • Policy Implications
![Page 18: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/18.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
What needs to be done?
• The knowledge of large scale attacks may be fragmented today – Individual organizations know their status but do not know the
status of other organizations/networks
• Very few people/organizations have a global view of the attack landscape
• Even fewer publish this information on the public domain• We need to work towards a “broad viewpoint” by sharing
of data • Large-scale attack monitoring needs “broadened points
of view”
![Page 19: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/19.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
What has been done
• ENISA has started work in this area: – Examining the feasibility of a data collection
framework• Unit A3 of ICT promotes the “Learning from
Large-Scale Attacks on the Internet”• Individual projects/organizations in Europe
provide some form of data/information (NoAH, WOMBAT, Arakis, Leurre.com, etc.)
• BUT• We need to share more information/data
![Page 20: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/20.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
What needs to be done?
• Facilitate sharing of knowledge – facilitate sharing of data – Encourage Organizations to share attack-related
data• Universities are usually willing to provide information but
– they may need technical and legal advice before doing so
– Help organizations exchange attack-related data• Create repositories for all data provided by individual
organizations
• Provide a legal framework for data sharing – Who can access the data, when and for which
purposes
![Page 21: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/21.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Summary
• Lots of attacks out there • Vulnerabilities are increasing
– They are being traded in the black market
• One out of four computers is compromised • Existing projects/initiatives/organizations provide attack-
related information-data but – Most of them provide narrow viewpoints
• We need to find a formula to broaden our point of view – And to share data and information
• Large-scale attacks need large-scale viewpoints
![Page 22: Lobster Lessons Learned Presentation](https://reader034.vdocument.in/reader034/viewer/2022042702/6265e93038e1bf67cc27ed72/html5/thumbnails/22.jpg)
An IST Project http://www.ist-lobster.org/
Learning from Large Scale Attacks on the InternetPolicy Implications [email protected]
Large Scale Attacks on the InternetLessons learned from the LOBSTER project
Evangelos MarkatosInstitute of Computer Science (ICS)
Foundation for Research and Technology – Hellas (FORTH)
Crete, Greece
The LOBSTER project