Attacks Covered:

• Chernobyl packets • Christmas trees • Connection flooding • DNS exploits • DNS flooding • Fraggle • HTTP exploits (GET, POST, etc.) • HTTP flooding • ICMP • IGMP • Malformed/fragmentary packets • NTP exploits • NTP flooding • Ping flooding • Ping of Death • ReDOS • RUDY • Shrew • Slow Read • SlowDroid • Slowloris • Smurf • Spoofing • TCP exploits (ACK, ACK+PSH, FIN, LAND, RESET, SYN, SYN-ACK, etc.) • Teardrop • Twinge • UDP exploits • UDP flooding • XDoS/XMLDoS • XML Bombs • Combination attacks, e.g. Mixed SYN + UDP • Attacks against specific OS vulnerabilities • Attacks against specific server vulnerabilities • Attacks against specific app vulnerabilities

Whitepapers

• DDoS - https://www.reblaze.com/wp-content/uploads/2020/04/Reblaze-DDoS-Datasheet.pdf
• WAF - https://www.reblaze.com/wp-content/uploads/2020/04/Reblaze-WAF-Datasheet.pdf
• Bot Management - https://www.reblaze.com/wp-content/uploads/2020/04/Reblaze-Bot-Management.pdf
• API Security - https://info.reblaze.com/hubfs/Datasheets/Reblaze-API-Security.pdf

Features

DDoS Protection

• Reverse Proxy for all Networks
• Distributed Cluster Load Balancer (Anycast Diffusion).
• Protection against exploit vulnerabilities in a specific application or API.
• Dynamic thresholds according to traffic such as
  • Rate and throughput (of packets, requests, messages, HTTP requests, DNS queries per sec, etc.)
  • Ratios (per protocol for messages, packets, requests, and data types), and more
• Log Analysis: Advanced Attack Analysis - ML
• UI: displays of incoming traffic, geo location,source, disposition, targeted URLs, signatures
• Integrations: AWS, Azure, GCP

Next Gen WAF

• Application Whitelisting: Application rule-set that defines the allowed headers, HTTP methods, resources, content types, encoding - avoid code injection
• Blacklisting: Data store of all vulnerabilities
• Access Control Lists (ACLs)
  • Static: IPs that are allowed/unallowed - always set
  • Dynamic: Updates in interval (TOR - 30mins, Proxies - 24hrs)
• Behaviour Analysis
  • Anamolise incoming streams with previous requests (instance model)
  • User level anamoly detection in Web Apps. - events (mouse clicks, screen taps, zooms, scrolls, etc.)

Bot Management

• Goal: Exclude Hostile Bots From APIs and Web Applications

Step - 1

• Step - 1: Profiling ACLs - Requests can be filtered based on geolocation, network usage (VPN, proxy, TOR, etc)
• Step 1b: Profiling Browser Environments - Detecting HTTP Headers, env to filter Headless Browser

Step - 2

• Blacklisting, rate limiting, and signature detection - filter old bots with minimal workload.
• API inspection - enforce schema with JSON payload

Step - 3

• Identifiers: IP, headers, cookies, even POST body arguments
• Dynamic rate limiting. (too-frequent calls to a login URL)
• Network anomaly tracking (excessive per-request data consumption in a specified time)
• Layer 7 anomaly (no. of requests per MIME type per minute.)

Step - 4

• Events (mouse clicks, screen taps, zooms, scrolls, etc.) - Behaviour Analysis