ECE 8930 Lab 7 DDoS Mitigation
The Dynamic DDoS Mitigation (DDM) system extends a standard Content Delivery Network (CDN) network with the ability to scale up and down upon the system status.
For this lab, you will first build a standard CDN and then add the scaling capability to it. By the end of chapter "DNS Server", you should have a working CDN network with 3 HTTP reverse proxy servers with caching enabled. The reverse proxies will take the load and not redirect duplicated queries to the victim. The DNS server distributes the load to all caching nodes with round robin. The DDM controller adds more reverse proxies to the system under heavy load and reduces the number of proxies nodes under light load.
This system needs several machines to run. We have limited number of machines, so the students on each campus need to work as a team.
The code used in lab is a simplified version based on Ilker's research. Here is a link to Ilker's original implementation: https://www.dropbox.com/s/bdxo0fau8nr0073/MitigationSystemInstructions.pdf?dl=0
Available Hosts: 192.168.10.8~11, 13
Available Hosts: 192.168.10.9~12, 16, 18~22
DoS Bot Virtual Machines:
DDM Mitigation System Example Setup:
- Host Machine x 5
- DDM DNS Server (CentOS) x 1
- HTTP Reverse Proxy Server (CentOS) x 3
- Victim HTTP Server (Metasploitable2) x 1
The following IPs and domains are used in this guide.
Please replace them with your settings while implementing.
DDM DNS Server VM IP: 192.168.10.130 DDM DNS Server Host IP: 192.168.10.10 HTTP Reverse Proxy Server1 VM IP: 192.168.10.131 HTTP Reverse Proxy Server1 Host IP: 192.168.10.11 HTTP Reverse Proxy Server2 VM IP: 192.168.10.132 HTTP Reverse Proxy Server2 Host IP: 192.168.10.12 HTTP Reverse Proxy Server3 VM IP: 192.168.10.133 HTTP Reverse Proxy Server3 Host IP: 192.168.10.15 Victim HTTP Server VM IP: 192.168.10.88 Victim VM Host IP: 192.168.10.8 HTTP Reverse Proxy Server domain: edge.ddm.lan Victim HTTP Server domain: www.victim.lan
VM Images for Mitigation System:
CentOS7.ova in VMs/ folder
Credential: root root
Victim website VM:
Metasploitable2.ova in VMs/ folder
Credential: msfadmin msfadmin
Kali_DDoS_CnC.ova in VMs/ folder
Credential: root private123
The DDM DNS Server holds a list of available hosts. It checks the availability of the HTTP Reverse Proxy Server. If less than two HTTP Reverse Proxy Server is accessible, the DDM DNS Server send commands to the available hosts, start more HTTP Reverse Proxy Servers and update DNS records and vise versa.
Each team need to:
Step 1. Setup a standard CDN
Import the Metasploitable2.ova and create a victim website.
Import the CentOS7.ova on four of the assigned hosts.
Configure three HTTP Reverse Proxy Servers to cache victim's website.
Configure the DDM DNS server as a regular DNS server with two domains. One for the victim, one for the reverse proxy servers.
Step 2. Implement the DDM with CDN
Setup password-less ssh login from the DDM DNS server to the hosts that will run the HTTP reverse proxy server. (This will be used to start reverse proxy server VM)
Setup password-less ssh login from the DDM DNS server to the HTTP reverse proxy servers. (This will be used to shut down the VMs.)
Setup and test pssh command to start and stop VMs in a batch from the DDM DNS server.
Modify and execute the ddm.py scripts.
Add the DDM DNS server's IP to the bots' /etc/resolve.conf file.
DDoS the reverse proxy servers' domain.