Speaker
Description
We present our approach to protecting against denial-of-service attacks, implemented in Knot Resolver. It consists of two parts: rate-limiting and prioritization.
Rate-limiting counts requests originating from the same host and/or network and restricts those that are over the set limits; it serves primarily to mitigate amplification attacks.
Prioritization reorders waiting requests based on the cpu consumption of the past requests from the same origin so that the requests from the more demanding clients will be deferred and possibly dropped in case of overloading.
We will first focus on the basic limiting of individual hosts to show how the counters of the same-origin queries work, incl. their exponential decay and how to set the desired limits -- so called instant limit and rate limit parameters are used to control the behaviour. Then, we will extend it to the whole networks by using the same approach for multiple address prefixes to handle even partially distributed attacks and mention different methods of restriction based on the counters' value. Finally, we will move on to query prioritization.
The presentation will roughly follow this article:
https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/
| Talk duration | 20 Minutes (+5 for Q&A) |
|---|
