• Save
10 Myths about DDoS attacks
Upcoming SlideShare
Loading in...5
×
 

10 Myths about DDoS attacks

on

  • 4,020 views

This presentation discusses 10 myths and realities related to Distributed Denial of Service (DDoS) attacks.

This presentation discusses 10 myths and realities related to Distributed Denial of Service (DDoS) attacks.

Statistics

Views

Total Views
4,020
Views on SlideShare
4,014
Embed Views
6

Actions

Likes
1
Downloads
0
Comments
0

1 Embed 6

http://www.slideshare.net 6

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

10 Myths about DDoS attacks 10 Myths about DDoS attacks Presentation Transcript

  • Hemant Jain’s 10 Myths about Distributed Denial of Service (DDoS) Attacks
    • IT Won’t Happen to Me
    • Most Network and Security Operations engineers only hear about DDoS attacks happening to others. They think that they don’t have enemies.
    • In reality: Their perceptions of risk factors and suscpetability is most often misplaced.
    • If you have a web presence, you can be attacked easily – sometimes even by mistake.
  • 2. Apache modules will help me
    • Most Network and Security Operations engineers think that they can custom compile kernel, set some options in Apache, install mod_dosevasive and all will be taken care.
    • In Reality: Most servers do not have the capacity to handle DDoS attacks.
    • Under most average sized DDoS attacks, your servers will be too overloaded to give Apache modules a chance.
  • 3. Iptables has modules for ddos
    • Most Network and Security Operations engineers think that simple iptables commands can block DDoS attacks.
    • In Reality: iptables can block very tiny attacks and tiny percentage of DDoS attacks.
    • Real DDoS attacks require specialized equipment because the CPU running iptables will be too busy handling attack packets.
  • 4. Web-hosts take care of it
    • Most Network and Security Operations engineers think that their webhost will take care of DDoS attacks
    • In Reality: Most webhosts are happy to just null-route an attacked IP domain unless they have specialized equipment.
    • Most webhosts do not have the skills to manually isolate issues.
    • Most Network and Security Operations engineers think that their ISPs, to whom their webhosting data center is connected to, cooperate under attack and they can find the source of the attack.
    • In Reality: Most ISPs are too busy. They have strict and bureaucratic processes to reach each other.
    • Typical response time for ISPs are in days if not in hours – whereas you want the solution NOW !!
    5. ISPS Cooperate
  • 6. I can report to law enforcement
    • Most Network and Security Operations engineers think that under attack, they can report to Law Enforcement to solve the problem.
    • In Reality: Most law enforcement departments will not bother about needle in hay-stack attacks – for them that’s what your attacks are.
    • Unless you are important and the attacks are in multiple 10s of Gigabits per second, don’t waste time – theirs and yours.
  • 7. I know the right acl to block it
    • Most Network and Security Operations engineers think that they can determine that ACLs on their routers and switches to block the attacks.
    • In Reality: Go figure !!
    • DDoS attacks are moving targets. The hackers are smart, their tools are smarter and techniques are sophisticated.
  • 8. DDoS Attacks Can FILL PIPES
    • Most people think that DDoS attacks can fill their pipes, and if so what’s the point in buying any specialized equipment.
    • In Reality: 90% of the attacks are sub-1Gbps today and if you have that much pipe.
    • You will be better off having a DDoS mitigation solution than not having one at all. Take the first step.
  • 9.DDoS Mitigation is a marketing MYTH
    • Some people think that DDoS mitigation is a dream.
    • In Reality: Pain from the most complex attacks can be reduced with specialized equipment.
    • Without the DDoS mitigation equipment, your servers will be thoroughly exposed to even the most ordinary attacks. Take the first step.
  • 10. DDoS mitigation is expensive
    • Some people think that DDoS mitigation is too expensive.
    • In Reality: DDoS mitigation costs are proportional to number of links, bandwidth, complexity of policies and type of attacks.
    • If you have a reasonable sized business, it should not cost you an arm and a leg. There are cost-effective solutions available that are effective.
  • For More Information
    • IntruGuard is a Leading DDoS Solution vendor. It is globally renowned for its Cost-effective and Effective Network Behavior Analysis equipment.
    • Contact: IntruGuard
    • [email_address]
    • +1 408 400 4222
    • www.intruguard.com