The Emperor's New Cloud: An Analysis of the July 2009 RoK/USA DDoS Attacks

This talk will discuss the attack methodologies, observed impact, and lessons learned from the July 2009 RoK/USA DDoS attacks. Highlights include the following:

• Technical details of the attacking botnet.
• Technical details of the DDoS network traffic, including composition, rates, and scope.
• Observed attacker behaviors during the DDoS attacks, and inferences drawn from same.
• Why were the attacks successful in many cases?
• Why were the attacks unsuccessful in some cases?
• How those responsible for public-facing network infrastructure/servers/applications/services can harden and defend same against DDoS attacks, including a six-phased methodology for dealing with security incidents of all types.

The talk will include data on the attacks derived from a worldwide network of Internet traffic sensors, a recounting of first-hand experiences detecting/classifying/tracing back/mitigating the DDoS attacks in question, and discussion of the implications of this incident in the context of the industry-wide migration towards virtualization and cloud computing services.