TechTalk: Mitigating attacks against internet infrastructure through eBPF programs

Cloud Security

Mitigating attacks against internet infrastructure through eBPF programs

Universities are increasingly targeted by layer 7 DDoS attacks, specifically those aimed at their DNS authoritative nameservers, which can cripple critical services. Our project focused on developing a robust defense within the SURF network by leveraging Linux eBPF programs for real-time, in-kernel DNS traffic filtering. This approach allows us to inspect and filter packets at incredible speeds, crucial for mitigating the impact of these high-volume attacks directed at these essential servers.

To effectively cleanse the malicious traffic, we utilized BGP to dynamically route the DNS traffic to a dedicated eBPF ‘washer.’ This washer, equipped with our optimized eBPF filters and Bloom filter configurations, scrutinizes and cleanses the traffic before it reaches the targeted DNS authoritative nameservers. A key aspect of our research was optimizing these Bloom filter configurations, essential for quickly identifying malicious DNS queries. In this talk, I’ll delve into our eBPF filter design, the BGP routing to the washer, and the performance analysis of our chosen Bloom filters, highlighting the challenges and insights gained in our effort to strengthen academic network security.

Speaker

Ferran Tufan – Infrastructure, Cloud, and Linux Engineer at SUE
Ferran is an alumnus of the Master’s in Security and Network Engineering (OS3) and holds a Bachelor’s degree in Computer Science. With a background in information security at a university and a strong interest in open source, Ferran has combined academic and hands-on experience across both paid and volunteer roles. Passionate about building secure, resilient infrastructure, he applies site reliability engineering principles to design systems that prioritize integrity and confidentiality.

 

Register now and let’s talk cloud security on May 1 at the SUE office, De Ooyen 9, Geldermalsen! After the TechTalk, you are more than welcome to enjoy a nice diner and drinks together.

01

eBPF

02

DDoS

03

Linux

Contact Person
Robbie van Rooijen
Commercial Director

Questions about Cloud Security?
Let's talk!

Privacy Overview
This website uses cookies. We use cookies to ensure the proper functioning of our website and services, to analyze how visitors interact with us, and to improve our products and marketing strategies. For more information, please consult our privacy- en cookiebeleid.