Jerod Brennen, profile picture
Uploaded byJerod Brennen
PDF, PPTX3,023 views

DDoS Attack Preparation and Mitigation

The document provides a comprehensive overview of DDoS attack preparation and mitigation strategies presented by Jerod Brennen, a security consultant. It discusses the nature and motives behind these attacks, various types of DDoS attacks, and outlines preparation and mitigation techniques for network and application layers. The document also includes resources for further reading and tools for DDoS defense.

Technology
Related topics:
Information Security

Embed presentation

Download as PDF, PPTX
DDoS Attack Preparation and Mitigation Presented by Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis
Overview • What is a DDoS attack? • Why are these attacks launched? • How do we prepare? • How do we respond? • Resources
In the News… http://money.cnn.com/2012/09/27/technology/bank-cyberattacks/
DoS Attacks • Denial of Service o Network resources o Host resources o Application resources • Types o ICMP Flood • Smurf attack • Ping flood • Ping of death o SYN Flood • SYN – SYN/ACK… Wait. Where’s my ACK? • Unending knock-knock joke o Teardrop Attack o Low and Slow
DDoS Attacks • Distributed Denial of Service o Simultaneous attacks from multiple sources o Traditional countermeasures don’t work • Examples o Botnet downloads entire site, repeats ad nauseum o Abuse SSL negotiation phase
Why Launch a DDoS Attack? • Motive o Extortion o Revenge o Hacktivism o Unintentional (@feliciaday) • Means o Botnet • Infected machines • Voluntary (mobile devices?) o Availability of tools • Low Orbit Ion Cannon (LOIC) – TCP/UDP • slowhttptest – HTTP • Slowloris – HTTP • Opportunity o We’re talking about the INTERNET…
Preparation • Technical: Defense-in-Depth o Network o Operating System o Web/Application Server o Application • Procedural: Security Incident Response o Policy o Procedures o Tabletop Exercises
Preparation – Network Architecture • Align with Cisco SAFE security reference architecture o Redundancy • Deploy and tune tools o Intrusion Prevention System (IPS) o Security Information Event Management (SIEM) o Bandwidth Monitoring and Management o Anti-DDoS Hardware (*) • Cisco Guard / PrevenTier (Rackspace) • DOSarrest • RioRey • Evaluate IPv6 configurations
Preparation – Network Router • Enable Reverse Path Forwarding o ip verify unicast reverse path • Filter all RFC-1918 address spaces o 10.0.0.0 - 10.255.255.255 (10/8 prefix) o 169.254.0 – 169.254.255.255 (169.254/16 prefix) o 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) o 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) • Network Ingress Filtering, per RFC-2827 o Drop forged packets • Enforce rate limiting for ICMP and SYN packets
Preparation – Network Firewall • Deny private, illegal, and routable source IP’s o 0.0.0.0 o 10.0.0.0-10.255.255.255 o 127.0.0.0 o 172.16.0.0-172.31.255.255 o 192.168.0.0-192.168.255.255 o 240.0.0.0 o 255.255.255.255
Preparation - Operating System • Harden the Host o Center for Internet Security o DISA STIG’s • Defense Information Systems Agency Security Technical Implementation Guides o Vendor guides • Patch o Automate the process o Trust, but verify • Host Vulnerability Scans o DoS vulnerabilities
Preparation – Apache on Linux • Advanced Policy Firewall (APF) o iptables (netfilter) • (D)DoS Deflate o netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort –n o Automatically block attacking IP’s o Automatically unblock IP’s after x seconds • Apache modules o mod_evasive o mod_security
Preparation – IIS on Windows • UrlScan o Integrate with IIS o Mitigate SQL injection attacks o Restrict potentially malicious HTTP requests (web app firewall function) • Dynamic IP Restrictions o Requests over time o Deny action o Logging
Preparation - Application • Third Party Services o Akamai – Web Application Acceleration o Prolexic – Pipe Cleaner • Web App Firewall o Hosted o Cloud • Load Balancers o Take advantage of virtualization • Baseline Your Performance o Thresholds (Load Testing) o Source IP reports • Web Application Vulnerability Scan o DoS vulnerabilities o Vulnerable forms (CAPTCHA)
Mitigation - Network • Log analysis o Understand the attack o netstat, awk, grep • Contact your ISP o Drop attacking traffic before it hits any of your resources • Null route attackers o Example: ip route 192.168.0.0 255.255.0.0 Null0 • Implement yourgeographic IP rules o Deny all traffic from non-customer IP blocks • Enable third party services/solutions o Temporary o Cost
Mitigation – Host and App • Add additional servers o Temporary (co$t) o Again, take advantage of virtualization • Tighten web app firewall rules o Based on attack pattern
Contact Law Enforcement? • Pros o Prevent future attacks against your org o Prevent future attacks against other orgs • Cons o Attack becomes public record o Additional resources = time + money • Decide in writing what action you will take before an incident occurs.
Resources • Denial of Service Attacks Explained o CERT • http://www.cert.org/tech_tips/denial_of_service.html o Wikipedia • http://en.wikipedia.org/wiki/Denial-of-service_attack • RFC’s o RFC-1918 – Address Allocation for Private Internets • http://tools.ietf.org/html/rfc1918 o RFC-2827 – Network Ingress Filtering • http://www.ietf.org/rfc/rfc2827.txt • HardeningInformation o Center for Internet Security • http://www.cisecurity.org/ o Cisco SAFE • http://www.cisco.com/en/US/netsol/ns954/index.html o Country IP Blocks • http://www.countryipblocks.net/ o DISA STIG’s • http://iase.disa.mil/stigs/ o How to Protect Against Slow HTTP Attacks (via @Qualys) • https://community.qualys.com/blogs/securitylabs/2011/11/02/how-to-protect-against-slow-http- attacks
Resources (cont’d) • Tools o Low Orbit Ion Cannon • http://sourceforge.net/projects/loic/ • Installed on your iPhone: http://www.youtube.com/watch?v=9VxA_DSflG0 o slowhttptest • http://code.google.com/p/slowhttptest/ o Slowloris • http://ha.ckers.org/slowloris/ o Advanced Policy Firewall (APF) • http://www.rfxn.com/projects/advanced-policy-firewall/ o (D)DoS Deflate • http://deflate.medialayer.com/ o UrlScan • http://technet.microsoft.com/en-us/security/cc242650 o Dynamic IP Restrictions • http://www.iis.net/download/DynamicIPRestrictions • Apache Modules o Mod_evasive • http://www.topwebhosts.org/articles/mod_evasive.php o Mod_security • http://www.topwebhosts.org/articles/mod_security.php
Questions / Contact Info Jerod Brennen, CISSP http://www.linkedin.com/in/slandail http://twitter.com/#!/slandail http://www.jacadis.com/ contact@jacadis.com

More Related Content

PDF
Raft presentation
byPatroclos Christou
 
PDF
DDoS Mitigation Tools and Techniques
byBabak Farrokhi
 
PPTX
5G End to-end network slicing Demo
byITU
 
PPTX
Ddos and mitigation methods.pptx (1)
bybtpsec
 
PDF
Google File System
byJunyoung Jung
 
PDF
Implementing BGP Flowspec at IP transit network
byPavel Odintsov
 
PDF
gRPC Design and Implementation
byVarun Talwar
 
PPTX
FastNetMon Advanced DDoS detection tool
byPavel Odintsov
 
Raft presentation
byPatroclos Christou
 
DDoS Mitigation Tools and Techniques
byBabak Farrokhi
 
5G End to-end network slicing Demo
byITU
 
Ddos and mitigation methods.pptx (1)
bybtpsec
 
Google File System
byJunyoung Jung
 
Implementing BGP Flowspec at IP transit network
byPavel Odintsov
 
gRPC Design and Implementation
byVarun Talwar
 
FastNetMon Advanced DDoS detection tool
byPavel Odintsov
 

What's hot

PPTX
Firewall
bySaurabh Chauhan
 
PDF
SINIFLANDIRMA TEMELLİ KORELASYON YAKLAŞIMI
byErtugrul Akbas
 
PPTX
Introduction to sandvine dpi
byMohammed Abdallah
 
PDF
DDoS Attack Detection & Mitigation in SDN
byChao Chen
 
PPTX
DNS Security Presentation ISSA
bySrikrupa Srivatsan
 
PDF
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
byCisco Russia
 
PPT
9534715
byPavel Odintsov
 
PPTX
HTTP2 and gRPC
byGuo Jing
 
PDF
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
byNetgate
 
PDF
DNS Hizmetine Yönetlik DoS/DDoS Saldırıları
byBGA Cyber Security
 
PDF
Database Firewall with Snort
byNarudom Roongsiriwong, CISSP
 
PDF
17 palo alto threat prevention concept
byMostafa El Lathy
 
PDF
Metasploit Framework Eğitimi
byBGA Cyber Security
 
PDF
Arp protokolu ve guvenlik zafiyeti
byBGA Cyber Security
 
PDF
Introduction to Snort Rule Writing
byCisco DevNet
 
PPTX
Palo alto NGfw2023.pptx
byahmad661583
 
DOCX
GÜVENLİK SİSTEMLERİNİ ATLATMA
byBGA Cyber Security
 
PDF
Multi-Region Cassandra Clusters
byInstaclustr
 
PDF
SDN Fundamentals - short presentation
byAzhar Khuwaja
 
PPTX
Intrusion Detection Systems (IDS)
byHachmdhmdzad
 
Firewall
bySaurabh Chauhan
 
SINIFLANDIRMA TEMELLİ KORELASYON YAKLAŞIMI
byErtugrul Akbas
 
Introduction to sandvine dpi
byMohammed Abdallah
 
DDoS Attack Detection & Mitigation in SDN
byChao Chen
 
DNS Security Presentation ISSA
bySrikrupa Srivatsan
 
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
byCisco Russia
 
9534715
byPavel Odintsov
 
HTTP2 and gRPC
byGuo Jing
 
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
byNetgate
 
DNS Hizmetine Yönetlik DoS/DDoS Saldırıları
byBGA Cyber Security
 
Database Firewall with Snort
byNarudom Roongsiriwong, CISSP
 
17 palo alto threat prevention concept
byMostafa El Lathy
 
Metasploit Framework Eğitimi
byBGA Cyber Security
 
Arp protokolu ve guvenlik zafiyeti
byBGA Cyber Security
 
Introduction to Snort Rule Writing
byCisco DevNet
 
Palo alto NGfw2023.pptx
byahmad661583
 
GÜVENLİK SİSTEMLERİNİ ATLATMA
byBGA Cyber Security
 
Multi-Region Cassandra Clusters
byInstaclustr
 
SDN Fundamentals - short presentation
byAzhar Khuwaja
 
Intrusion Detection Systems (IDS)
byHachmdhmdzad
 

Viewers also liked

PDF
DDoS Attack illustration
byMarcelo Silva
 
PDF
Immune Attack
byJose Avila De Tomas
 
PPTX
An introduction to denial of service attacks
byRollingsherman
 
PPTX
Denial of service attack
byKaustubh Padwad
 
PPTX
Basics of Denial of Service Attacks
byHansa Nidushan
 
PPTX
DoS or DDoS attack
bystollen_fusion
 
PPTX
Denial of service attack
byAhmed Ghazey
 
PPT
DDoS Attacks
byJignesh Patel
 
PDF
Denial of Service Attacks
byPascal Flöschel
 
DDoS Attack illustration
byMarcelo Silva
 
Immune Attack
byJose Avila De Tomas
 
An introduction to denial of service attacks
byRollingsherman
 
Denial of service attack
byKaustubh Padwad
 
Basics of Denial of Service Attacks
byHansa Nidushan
 
DoS or DDoS attack
bystollen_fusion
 
Denial of service attack
byAhmed Ghazey
 
DDoS Attacks
byJignesh Patel
 
Denial of Service Attacks
byPascal Flöschel
 

Similar to DDoS Attack Preparation and Mitigation

PPT
Denial of services : limiting the threat
bySensePost
 
PPT
Protecting your business from ddos attacks
bySaptha Wanniarachchi
 
PDF
DDoS mitigation in the real world
byMichael Renner
 
PDF
A10 issa d do s 5-2014
byRaleigh ISSA
 
PPTX
Denial Of Service Attacks (1)
byWaheb Samaraie
 
PDF
Network DDoS Incident Response Cheat Sheet (by SANS)
byMartin Cabrera
 
PPTX
Study of System Attacks- DoS.pptx
byvasep68958
 
PPTX
Session for InfoSecGirls - New age threat management vol 1
byInfoSec Girls
 
PDF
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
byallanjude
 
PDF
KHNOG 3: DDoS Attack Prevention
byAPNIC
 
PDF
Irm 4-ddos
byKasper de Waard
 
PDF
Fortinet_FortiDDoS_Introduction
byswang2010
 
PPTX
DoS/DDoS
byVihari Piratla
 
ODP
DDoS - unstoppable menace
byAravind Anbazhagan
 
ODP
DDoS - unstoppable menace
byAravind Anbazhagan
 
PPTX
DoS Attack - Incident Handling
byMarcelo Silva
 
PPT
Network Security R U Secure???
bytrendy updates
 
PDF
ECE560 Denial of Service Attacks Fall2020.pdf
byTuulTriyason
 
PPT
Network seurity
byNaqash Rasheed
 
PDF
denialofservice.pdfdos attacck basic details with interactive design
byperfetbyedshareen
 
Denial of services : limiting the threat
bySensePost
 
Protecting your business from ddos attacks
bySaptha Wanniarachchi
 
DDoS mitigation in the real world
byMichael Renner
 
A10 issa d do s 5-2014
byRaleigh ISSA
 
Denial Of Service Attacks (1)
byWaheb Samaraie
 
Network DDoS Incident Response Cheat Sheet (by SANS)
byMartin Cabrera
 
Study of System Attacks- DoS.pptx
byvasep68958
 
Session for InfoSecGirls - New age threat management vol 1
byInfoSec Girls
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
byallanjude
 
KHNOG 3: DDoS Attack Prevention
byAPNIC
 
Irm 4-ddos
byKasper de Waard
 
Fortinet_FortiDDoS_Introduction
byswang2010
 
DoS/DDoS
byVihari Piratla
 
DDoS - unstoppable menace
byAravind Anbazhagan
 
DDoS - unstoppable menace
byAravind Anbazhagan
 
DoS Attack - Incident Handling
byMarcelo Silva
 
Network Security R U Secure???
bytrendy updates
 
ECE560 Denial of Service Attacks Fall2020.pdf
byTuulTriyason
 
Network seurity
byNaqash Rasheed
 
denialofservice.pdfdos attacck basic details with interactive design
byperfetbyedshareen
 

More from Jerod Brennen

PDF
Embedding Security in the SDLC
byJerod Brennen
 
PPTX
The Path to IAM Maturity
byJerod Brennen
 
PDF
Hacking identity: A Pen Tester's Guide to IAM
byJerod Brennen
 
PDF
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
byJerod Brennen
 
PDF
Automating Security Testing with the OWTF
byJerod Brennen
 
PPTX
Assess all the things
byJerod Brennen
 
PDF
What you need to know about OSINT
byJerod Brennen
 
PDF
Running Your Apps Through the "Gauntlt"
byJerod Brennen
 
PPTX
Common Sense Security Framework
byJerod Brennen
 
PPTX
Please, Please, PLEASE Defend Your Mobile Apps!
byJerod Brennen
 
PPTX
Integrating security into the application development process
byJerod Brennen
 
PDF
Bridging the Social Media Implementation/Audit Gap
byJerod Brennen
 
PDF
Attacking and Defending Mobile Applications
byJerod Brennen
 
PDF
Identity and Access Management 101
byJerod Brennen
 
PDF
Information Security Management 101
byJerod Brennen
 
Embedding Security in the SDLC
byJerod Brennen
 
The Path to IAM Maturity
byJerod Brennen
 
Hacking identity: A Pen Tester's Guide to IAM
byJerod Brennen
 
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
byJerod Brennen
 
Automating Security Testing with the OWTF
byJerod Brennen
 
Assess all the things
byJerod Brennen
 
What you need to know about OSINT
byJerod Brennen
 
Running Your Apps Through the "Gauntlt"
byJerod Brennen
 
Common Sense Security Framework
byJerod Brennen
 
Please, Please, PLEASE Defend Your Mobile Apps!
byJerod Brennen
 
Integrating security into the application development process
byJerod Brennen
 
Bridging the Social Media Implementation/Audit Gap
byJerod Brennen
 
Attacking and Defending Mobile Applications
byJerod Brennen
 
Identity and Access Management 101
byJerod Brennen
 
Information Security Management 101
byJerod Brennen
 

Recently uploaded

PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 

DDoS Attack Preparation and Mitigation

  • 1.
    DDoS Attack Preparation andMitigation Presented by Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis
  • 2.
    Overview • What isa DDoS attack? • Why are these attacks launched? • How do we prepare? • How do we respond? • Resources
  • 3.
  • 4.
    DoS Attacks • Denialof Service o Network resources o Host resources o Application resources • Types o ICMP Flood • Smurf attack • Ping flood • Ping of death o SYN Flood • SYN – SYN/ACK… Wait. Where’s my ACK? • Unending knock-knock joke o Teardrop Attack o Low and Slow
  • 5.
    DDoS Attacks • DistributedDenial of Service o Simultaneous attacks from multiple sources o Traditional countermeasures don’t work • Examples o Botnet downloads entire site, repeats ad nauseum o Abuse SSL negotiation phase
  • 6.
    Why Launch aDDoS Attack? • Motive o Extortion o Revenge o Hacktivism o Unintentional (@feliciaday) • Means o Botnet • Infected machines • Voluntary (mobile devices?) o Availability of tools • Low Orbit Ion Cannon (LOIC) – TCP/UDP • slowhttptest – HTTP • Slowloris – HTTP • Opportunity o We’re talking about the INTERNET…
  • 7.
    Preparation • Technical: Defense-in-Depth oNetwork o Operating System o Web/Application Server o Application • Procedural: Security Incident Response o Policy o Procedures o Tabletop Exercises
  • 8.
    Preparation – Network Architecture •Align with Cisco SAFE security reference architecture o Redundancy • Deploy and tune tools o Intrusion Prevention System (IPS) o Security Information Event Management (SIEM) o Bandwidth Monitoring and Management o Anti-DDoS Hardware (*) • Cisco Guard / PrevenTier (Rackspace) • DOSarrest • RioRey • Evaluate IPv6 configurations
  • 9.
    Preparation – Network Router •Enable Reverse Path Forwarding o ip verify unicast reverse path • Filter all RFC-1918 address spaces o 10.0.0.0 - 10.255.255.255 (10/8 prefix) o 169.254.0 – 169.254.255.255 (169.254/16 prefix) o 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) o 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) • Network Ingress Filtering, per RFC-2827 o Drop forged packets • Enforce rate limiting for ICMP and SYN packets
  • 10.
    Preparation – Network Firewall •Deny private, illegal, and routable source IP’s o 0.0.0.0 o 10.0.0.0-10.255.255.255 o 127.0.0.0 o 172.16.0.0-172.31.255.255 o 192.168.0.0-192.168.255.255 o 240.0.0.0 o 255.255.255.255
  • 11.
    Preparation - Operating System •Harden the Host o Center for Internet Security o DISA STIG’s • Defense Information Systems Agency Security Technical Implementation Guides o Vendor guides • Patch o Automate the process o Trust, but verify • Host Vulnerability Scans o DoS vulnerabilities
  • 12.
    Preparation – Apacheon Linux • Advanced Policy Firewall (APF) o iptables (netfilter) • (D)DoS Deflate o netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort –n o Automatically block attacking IP’s o Automatically unblock IP’s after x seconds • Apache modules o mod_evasive o mod_security
  • 13.
    Preparation – IISon Windows • UrlScan o Integrate with IIS o Mitigate SQL injection attacks o Restrict potentially malicious HTTP requests (web app firewall function) • Dynamic IP Restrictions o Requests over time o Deny action o Logging
  • 14.
    Preparation - Application •Third Party Services o Akamai – Web Application Acceleration o Prolexic – Pipe Cleaner • Web App Firewall o Hosted o Cloud • Load Balancers o Take advantage of virtualization • Baseline Your Performance o Thresholds (Load Testing) o Source IP reports • Web Application Vulnerability Scan o DoS vulnerabilities o Vulnerable forms (CAPTCHA)
  • 15.
    Mitigation - Network •Log analysis o Understand the attack o netstat, awk, grep • Contact your ISP o Drop attacking traffic before it hits any of your resources • Null route attackers o Example: ip route 192.168.0.0 255.255.0.0 Null0 • Implement yourgeographic IP rules o Deny all traffic from non-customer IP blocks • Enable third party services/solutions o Temporary o Cost
  • 16.
    Mitigation – Hostand App • Add additional servers o Temporary (co$t) o Again, take advantage of virtualization • Tighten web app firewall rules o Based on attack pattern
  • 17.
    Contact Law Enforcement? •Pros o Prevent future attacks against your org o Prevent future attacks against other orgs • Cons o Attack becomes public record o Additional resources = time + money • Decide in writing what action you will take before an incident occurs.
  • 18.
    Resources • Denial ofService Attacks Explained o CERT • http://www.cert.org/tech_tips/denial_of_service.html o Wikipedia • http://en.wikipedia.org/wiki/Denial-of-service_attack • RFC’s o RFC-1918 – Address Allocation for Private Internets • http://tools.ietf.org/html/rfc1918 o RFC-2827 – Network Ingress Filtering • http://www.ietf.org/rfc/rfc2827.txt • HardeningInformation o Center for Internet Security • http://www.cisecurity.org/ o Cisco SAFE • http://www.cisco.com/en/US/netsol/ns954/index.html o Country IP Blocks • http://www.countryipblocks.net/ o DISA STIG’s • http://iase.disa.mil/stigs/ o How to Protect Against Slow HTTP Attacks (via @Qualys) • https://community.qualys.com/blogs/securitylabs/2011/11/02/how-to-protect-against-slow-http- attacks
  • 19.
    Resources (cont’d) • Tools oLow Orbit Ion Cannon • http://sourceforge.net/projects/loic/ • Installed on your iPhone: http://www.youtube.com/watch?v=9VxA_DSflG0 o slowhttptest • http://code.google.com/p/slowhttptest/ o Slowloris • http://ha.ckers.org/slowloris/ o Advanced Policy Firewall (APF) • http://www.rfxn.com/projects/advanced-policy-firewall/ o (D)DoS Deflate • http://deflate.medialayer.com/ o UrlScan • http://technet.microsoft.com/en-us/security/cc242650 o Dynamic IP Restrictions • http://www.iis.net/download/DynamicIPRestrictions • Apache Modules o Mod_evasive • http://www.topwebhosts.org/articles/mod_evasive.php o Mod_security • http://www.topwebhosts.org/articles/mod_security.php
  • 20.
    Questions / ContactInfo Jerod Brennen, CISSP http://www.linkedin.com/in/slandail http://twitter.com/#!/slandail http://www.jacadis.com/ contact@jacadis.com