DDos attacks are easy to fend off when you know the protocol semantics: you can parse content, build filters, track flows and detect and block malicious attacks. But the bad guys are adapting as well not only in the traffic and content patterns but also in the volume of traffic. As an example the average attack volumes in 2021 on the G-Core Labs would peak at 300Gbps but in 2022 it is up in the 700Gbps range ;->

Ivan Koveshnikov and Sergey Nizovtsev describe the tooling at G-Core Labs to fend around DDoS and how they are adapting to increased volumes of attack by building a distributed defense.

To deal with bad guys shifting pulse and protocol approaches they feel that it is necessary to use regular expressions to deliver coarse packet filtering peeking into the payload content. And in this talk they will share with the community how they implemented regular expressions on top of XDP. They evaluate the performance characteristics and discuss challenges involved in getting regular expressions working with XDP.

https://netdevconf.info/0x16/session.html?When-regular-expressions-meet-XDP

cheers, jamal

PS: Registration is now open. Reel cheep until October 2.