DDoS Attacks and Countermeasures

DDoS Attacks & Countermeasures
Duong Ngoc Thai
<thaidn AT gmail DOT com>
http://vnhacker.blogspot.com

Hello!

Overview
DDoS Attacks
What's new?
DDoS Countermeasures
What NOT to do?
What to do?
Q & A

Part I
DDoS Attacks – What's new?
Botnet Attacks
DRDoS
Distributed Reflected DNS Attacks
xFlash Attacks
HTTP-based applications
Welcome to the brave new world of Flash 9 Socket

What is botnet?

DDoS Attacks through Botnet
Traditional DDoS Attacks
DRDoS

DDoS Attacks through Botnet
Distributed Reflected DNS Attacks

Okay, botnet is scary . But wait, there's no botnet in VN, YET!

Bad news: building a botnet is easy!
bot source code is available for free! some even released under GPL !

Gái đẹp online đây bà con ơi!!!! Remember
gaixinh or xRobot ?

I don't want to pay for software!
ever wonder what those keygen.exe or crack.exe
actually do?
no license --> no update --> hack me please!
(hint: use Linux )

can't build yourself? buy one online!

Vietnam Botnet Factbook

What's xFlash?
ActionScript in Flash can send HTTP requests to 3rd party sites through the browser which invoked it.

What's xFlash?
The main DDoS attack mechanism used to attack many websites in VN: hvaonline.net, vietco.com, ddth.com , <insert your sites here>, etc...

xFlash to attack HTTP-based applications
<insert x-flash source code here>

forging HTTP request headers
var req:LoadVars=new LoadVars();
req.addRequestHeader("Foo","Bar");
req.send("http://www.site.com/index.php","_blank"," GET ");

forging HTTP request headers
var req:LoadVars=new LoadVars();
req.addRequestHeader("Foo","Bar");
req.decode("a=b&c=d");
req.send("http://www.site.com/index.php","_blank"," POST ");

Welcome to The Brave New World of Flash 9 Socket
Quote from Flash 9 documentation
“ The Socket class enables ActionScript code to make socket connections and to read and write raw binary data. The Socket class is useful for working with servers that use binary protocols.”

Let's port nmap to ActionScript !

Let's port nmap to ActionScript !
Err wait, how about same origin policy ?

Part II
DDoS Countermeasures
DON'T
.htaccess
referer checking
PHP anti-DDoS script
DOs
performance tuning - killing the bottlenecks
start small, think big
defense in depth

First thing first: SHOW ME THE MONEY

Security is always a trade-off

The Art Of Performance Tuning
What is performance?

The Art Of Performance Tuning
What is performance?
rps = requests per second
cu = concurrent users

Howto Find The Bottlenecks
code profiling – xdebug
system profiling – oprofile
database query profiling

Caching's Your Good Friend, Always
opcode caching – APC, Zend Platform
object caching – memcached
http request caching - squid

Start Small Think BIG
what is scalability?

Start Small Think BIG
what is scalability?
readily enlarged
what is scalable system?
able to accommodate increased usage
able to accommodate an increased dataset
maintainable

Hello, world! Is Very Scalable
<?php
sleep(1);
echo “Hello, world!”;
?>

Verizontal vs Horizontal Scaling

Share Nothing Architecture

Scaling The Database With SNA

Scaling The Storage
Amazon S3 anybody?

Wikipedia: a scalable system

The Blueprint of Defense In Depth

The case for the reverse proxy

Recommend Reading
Building scalable web sites
Kí sự các vụ DDoS vào HVAOnline.net

DDoS Attacks & Countermeasures
Thank you!
Questions/Comments?
Duong Ngoc Thai

http://vnhacker.blogspot.com	307
http://www.slideshare.net	19
http://www.linkedin.com	8
http://translate.googleusercontent.com	3
http://72.14.235.104	1
http://72.14.253.104	1

DDoS Attacks and Countermeasures

by thaidn

Accessibility

Categories

Upload Details

Usage Rights

6 Embeds 339

Statistics

DDoS Attacks and Countermeasures Presentation Transcript