SlideShare a Scribd company logo
1 of 30
Download to read offline
Mitigate DDoS attack
with effective cost
Nguyễn Chấn Việt
Đơn vị tổ chức:

Đơn vị tài trợ:
The Growth of DDoS Attacks
• Malware
• Exploit

10/29/2013 11:16 AM

www.securitybootcamp.vn
Classification
•

Volume Based Attacks –The attacker tries to saturate the bandwidth of the target’s
website by flooding it with a huge quantity of data. This category includes ICMP floods,
UDP floods and other spoofed-packet floods. The magnitude of Volume Based Attacks
is measured in bits per second (Bps).

•

Protocol Attacks –The attacker’s goal is to saturate the target’s server resources or
those of intermediate communication equipment (e.g., Load balancers) by exploiting
network protocol flaws. This category includes SYN floods, Ping of Death, fragmented
packet attacks, Smurf DDoS and more. The magnitude of Protocol Attacks is
measured in Packets per second.

•

Application Layer (Layer 7) Attacks – Designed to exhaust the resource limits of Web
services, application layer attacks target specific web applications, flooding them with
a huge quantity of HTTP requests that saturate a target’s resources. Examples of
application layer DDoS attacks include Slowloris, as well as DDoS attacks that target
Apache, Windows, or OpenBSD vulnerabilities. The magnitude of application layer
attacks is measured in Requests per second.

10/29/2013 11:16 AM

www.securitybootcamp.vn
What we care ?
• Exhausting resources like:
– CPU
– Memory/Buffers
– I/O operations
– Disk space
– Network bandwidth

10/29/2013 11:16 AM

www.securitybootcamp.vn
Where to start ?
• Go through all devices on network, from
L2 switches to backend servers and
identify possible leaks, bottlenecks,
attack vectors, applicable DoS attacks,
vulnerabilities ... and mitigate or
(rate)limit them

10/29/2013 11:16 AM

www.securitybootcamp.vn
Infrastructure
• Hosting and VM is not good idea

10/29/2013 11:16 AM

www.securitybootcamp.vn
[1]

10/29/2013 11:16 AM

www.securitybootcamp.vn
Architecture
• Rule: Defence in depth (multi-layer)

10/29/2013 11:16 AM

www.securitybootcamp.vn
OS Tuning
• *nix is good choice
• Rule : If not used, turn off

10/29/2013 11:16 AM

www.securitybootcamp.vn
/etc/sysctl.conf tuning
• net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 2
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 1048576
net.ipv4.tcp_wmem = 4096 16384 1048576
net.ipv4.tcp_max_orphans = 2048

10/29/2013 11:16 AM

www.securitybootcamp.vn
Layer 3-4
• Stateful Firewall
– Iptables
– Tuning connections tracking

• Rule : Deny all, allow selective

10/29/2013 11:16 AM

www.securitybootcamp.vn
Layer 7
• WAF : to filter what firewall missed at IP
layer
– Mod_security

• Why not snort ?

10/29/2013 11:16 AM

www.securitybootcamp.vn
Layer 7
• Choosing webserver
– Nginx is the best

• Tuning webserver
– Improve Apache with mod_reqtimeout

• Caching is very important
– Static cache
– memcached
10/29/2013 11:16 AM

www.securitybootcamp.vn
Patching
• Keep Your System Up-to-date
• Example :
– Slowloris : based on missing CRLF
– Slow Read attack : based on TCP persist
timer exploit
– Apache Range Header attack

10/29/2013 11:16 AM

www.securitybootcamp.vn
Proactive with NSM
• Logs is very important
• My suggestion : Syslog-ng + Splunk

10/29/2013 11:16 AM

www.securitybootcamp.vn
Proactive with NSM

10/29/2013 11:16 AM

www.securitybootcamp.vn
Proactive with NSM

10/29/2013 11:16 AM

www.securitybootcamp.vn
Proactive with NSM
• Alternative :

Logstash is a free tool for
managing events and logs. It
has three primary
components, an Input
module for collecting logs
from various sources

10/29/2013 11:16 AM

ElasticSearch is this
awesome distributable,
RESTful, free Lucene
powered search
engine/server. Unlike
SOLR, ES is very simple
to use and maintain and
similar to SOLR, indexing
is near realtime.
www.securitybootcamp.vn

Kibana is a presentation layer
that sits on top of Elasticsearch to
analyze and make sense of logs
that logstash throws into Elastic
search; Kibana is a highly
scalable interface for Logstash
and ElasticSearch that allows you
to efficiently search, graph,
analyze and otherwise make
sense of a mountain of logs.
Proactive with NSM

10/29/2013 11:16 AM

www.securitybootcamp.vn
[2] Case Study

10/29/2013 11:16 AM

www.securitybootcamp.vn
Our suggestion
• Diagram

10/29/2013 11:16 AM

www.securitybootcamp.vn
Our suggestion
• Router with high throughput
• reverse proxy servers :
– 32Gb RAM, 10Gb NIC, Quad Core I7, SSD
disk (for internal I/O better)
– Linux OS, running IPTables + apache
(worker MPM) + mod_security
10/29/2013 11:16 AM

www.securitybootcamp.vn
Our suggestion
• cache servers :
– Using SSD Disk
– Application cache (ex : xcache/APC for
PHP, …)
– Generic cache : Apache Traffic Server

10/29/2013 11:16 AM

www.securitybootcamp.vn
Cloud-based Solutions
• For large DDoS attack (e.g Spamhaus
was DDoS by 300Gb/s of traffic), we
need a third-party :
– Incapsula
– CloudFlare

10/29/2013 11:16 AM

www.securitybootcamp.vn
Cloud-based Solutions

10/29/2013 11:16 AM

www.securitybootcamp.vn
Simple but effective
• If you can determine C&C servers, just
null route them

10/29/2013 11:16 AM

www.securitybootcamp.vn
Testing
• Test your network and devices by
simulating real DoS attack (LOIC/HOIC,
hping, slowhttptest, thc-ssl-dos, pktgen,
... )

10/29/2013 11:16 AM

www.securitybootcamp.vn
Conclusion
• This approach is not “silver bullet” for
preventing DDoS attacks
• There isn’t “a technique” for mitigrating
DDoS
– DDoS Mitigation = Hardened System +
Money

10/29/2013 11:16 AM

www.securitybootcamp.vn
Thank you !

10/29/2013 11:16 AM

www.securitybootcamp.vn

More Related Content

What's hot

Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...Igor Korkin
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSecurity Bootcamp
 
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue AgainKernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue AgainIgor Korkin
 
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing BlueHat Security Conference
 
Linux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningLinux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningMender.io
 
Egress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data ExfiltrationEgress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data ExfiltrationCTruncer
 
Password cracking
Password crackingPassword cracking
Password crackingIlan Mindel
 
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...Igor Korkin
 
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ -  Automated Malware AnalysisIstSec'14 - İbrahim BALİÇ -  Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware AnalysisBGA Cyber Security
 
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...RootedCON
 
Cloud Service Provider (Csp) internal threats
Cloud Service Provider (Csp) internal threats Cloud Service Provider (Csp) internal threats
Cloud Service Provider (Csp) internal threats Ahmed EL-KOSAIRY
 
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...OWASP Russia
 
Fosdem10
Fosdem10Fosdem10
Fosdem10wremes
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Securitywremes
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...CODE BLUE
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer	OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGiUsers
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CorePositive Hack Days
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat Security Conference
 

What's hot (20)

Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
 
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng Dương
 
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue AgainKernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
 
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
 
Linux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningLinux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardening
 
Catching fileless attacks
Catching fileless attacksCatching fileless attacks
Catching fileless attacks
 
Egress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data ExfiltrationEgress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data Exfiltration
 
Password cracking
Password crackingPassword cracking
Password cracking
 
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
 
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ -  Automated Malware AnalysisIstSec'14 - İbrahim BALİÇ -  Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
 
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
 
Cloud Service Provider (Csp) internal threats
Cloud Service Provider (Csp) internal threats Cloud Service Provider (Csp) internal threats
Cloud Service Provider (Csp) internal threats
 
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
 
Fosdem10
Fosdem10Fosdem10
Fosdem10
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer	OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
 

Viewers also liked

Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013Security Bootcamp
 
Basic Security Training day 2
Basic Security Training day 2Basic Security Training day 2
Basic Security Training day 2Tu Khiem
 
Lương Trung Thành - Cloud Control Matrix
Lương Trung Thành - Cloud Control MatrixLương Trung Thành - Cloud Control Matrix
Lương Trung Thành - Cloud Control MatrixSecurity Bootcamp
 
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12Giang Văn
 
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)Security Bootcamp
 
Bài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPT
Bài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPTBài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPT
Bài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPTMasterCode.vn
 
Chương 6 Bảo mật - Giáo trình FPT
Chương 6 Bảo mật - Giáo trình FPTChương 6 Bảo mật - Giáo trình FPT
Chương 6 Bảo mật - Giáo trình FPTMasterCode.vn
 
Lập trình sáng tạo creative computing textbook mastercode.vn
Lập trình sáng tạo creative computing textbook mastercode.vnLập trình sáng tạo creative computing textbook mastercode.vn
Lập trình sáng tạo creative computing textbook mastercode.vnMasterCode.vn
 

Viewers also liked (12)

Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013
 
Basic Security Training day 2
Basic Security Training day 2Basic Security Training day 2
Basic Security Training day 2
 
Slide 06
Slide 06Slide 06
Slide 06
 
Ch16
Ch16Ch16
Ch16
 
Isas semina
Isas seminaIsas semina
Isas semina
 
Slide 00 gioi thieu
Slide 00   gioi thieuSlide 00   gioi thieu
Slide 00 gioi thieu
 
Lương Trung Thành - Cloud Control Matrix
Lương Trung Thành - Cloud Control MatrixLương Trung Thành - Cloud Control Matrix
Lương Trung Thành - Cloud Control Matrix
 
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
 
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
 
Bài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPT
Bài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPTBài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPT
Bài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPT
 
Chương 6 Bảo mật - Giáo trình FPT
Chương 6 Bảo mật - Giáo trình FPTChương 6 Bảo mật - Giáo trình FPT
Chương 6 Bảo mật - Giáo trình FPT
 
Lập trình sáng tạo creative computing textbook mastercode.vn
Lập trình sáng tạo creative computing textbook mastercode.vnLập trình sáng tạo creative computing textbook mastercode.vn
Lập trình sáng tạo creative computing textbook mastercode.vn
 

Similar to Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt

Security Bootcamp 2013 mitigate d do-s attack with effective cost
Security Bootcamp 2013   mitigate d do-s attack with effective costSecurity Bootcamp 2013   mitigate d do-s attack with effective cost
Security Bootcamp 2013 mitigate d do-s attack with effective costSecurity Bootcamp
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7allanjude
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...Imperva Incapsula
 
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)NAIM Networks, Inc.
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Fwdays
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platformsBen Tullis
 
DDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxDDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxShaimKibria
 
PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. yeung2000
 
Deploy secure, scalable, and highly available web apps with Azure Front Door ...
Deploy secure, scalable, and highly available web apps with Azure Front Door ...Deploy secure, scalable, and highly available web apps with Azure Front Door ...
Deploy secure, scalable, and highly available web apps with Azure Front Door ...Stamo Petkov
 
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...Ian Choi
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
QA: Базовое тестирование защищенности веб-приложений в рамках QA
QA: Базовое тестирование защищенности веб-приложений в рамках QAQA: Базовое тестирование защищенности веб-приложений в рамках QA
QA: Базовое тестирование защищенности веб-приложений в рамках QACodeFest
 
Run MongoDB with Confidence: Backing up and Monitoring with MMS
Run MongoDB with Confidence: Backing up and Monitoring with MMSRun MongoDB with Confidence: Backing up and Monitoring with MMS
Run MongoDB with Confidence: Backing up and Monitoring with MMSMongoDB
 
D108636GC10_les01.pptx
D108636GC10_les01.pptxD108636GC10_les01.pptx
D108636GC10_les01.pptxSuresh569521
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposPriyanka Aash
 

Similar to Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt (20)

Security Bootcamp 2013 mitigate d do-s attack with effective cost
Security Bootcamp 2013   mitigate d do-s attack with effective costSecurity Bootcamp 2013   mitigate d do-s attack with effective cost
Security Bootcamp 2013 mitigate d do-s attack with effective cost
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
 
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
 
IJCSE Paper
IJCSE PaperIJCSE Paper
IJCSE Paper
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platforms
 
DDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxDDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptx
 
PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services.
 
Deploy secure, scalable, and highly available web apps with Azure Front Door ...
Deploy secure, scalable, and highly available web apps with Azure Front Door ...Deploy secure, scalable, and highly available web apps with Azure Front Door ...
Deploy secure, scalable, and highly available web apps with Azure Front Door ...
 
Codefest2015
Codefest2015Codefest2015
Codefest2015
 
2013 april-screen
2013 april-screen2013 april-screen
2013 april-screen
 
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
QA: Базовое тестирование защищенности веб-приложений в рамках QA
QA: Базовое тестирование защищенности веб-приложений в рамках QAQA: Базовое тестирование защищенности веб-приложений в рамках QA
QA: Базовое тестирование защищенности веб-приложений в рамках QA
 
Run MongoDB with Confidence: Backing up and Monitoring with MMS
Run MongoDB with Confidence: Backing up and Monitoring with MMSRun MongoDB with Confidence: Backing up and Monitoring with MMS
Run MongoDB with Confidence: Backing up and Monitoring with MMS
 
D108636GC10_les01.pptx
D108636GC10_les01.pptxD108636GC10_les01.pptx
D108636GC10_les01.pptx
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
 

More from Security Bootcamp

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfSecurity Bootcamp
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecuritySecurity Bootcamp
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewSecurity Bootcamp
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSecurity Bootcamp
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrSecurity Bootcamp
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-wantSecurity Bootcamp
 
Macro malware common techniques - public
Macro malware   common techniques - publicMacro malware   common techniques - public
Macro malware common techniques - publicSecurity Bootcamp
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuSecurity Bootcamp
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 costSecurity Bootcamp
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET -  Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET -  Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectorySecurity Bootcamp
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018Security Bootcamp
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksSecurity Bootcamp
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Security Bootcamp
 

More from Security Bootcamp (20)

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
 
Deception change-the-game
Deception change-the-gameDeception change-the-game
Deception change-the-game
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdr
 
Sbc2019 luong-cyber startup
Sbc2019 luong-cyber startupSbc2019 luong-cyber startup
Sbc2019 luong-cyber startup
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
 
Macro malware common techniques - public
Macro malware   common techniques - publicMacro malware   common techniques - public
Macro malware common techniques - public
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cu
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 cost
 
Build SOC
Build SOC Build SOC
Build SOC
 
AD red vs blue
AD red vs blueAD red vs blue
AD red vs blue
 
Securitybox
SecurityboxSecuritybox
Securitybox
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET -  Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET -  Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
 
Api security-present
Api security-presentApi security-present
Api security-present
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018
 

Recently uploaded

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Recently uploaded (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 

Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt

  • 1. Mitigate DDoS attack with effective cost Nguyễn Chấn Việt
  • 2. Đơn vị tổ chức: Đơn vị tài trợ:
  • 3. The Growth of DDoS Attacks • Malware • Exploit 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 4. Classification • Volume Based Attacks –The attacker tries to saturate the bandwidth of the target’s website by flooding it with a huge quantity of data. This category includes ICMP floods, UDP floods and other spoofed-packet floods. The magnitude of Volume Based Attacks is measured in bits per second (Bps). • Protocol Attacks –The attacker’s goal is to saturate the target’s server resources or those of intermediate communication equipment (e.g., Load balancers) by exploiting network protocol flaws. This category includes SYN floods, Ping of Death, fragmented packet attacks, Smurf DDoS and more. The magnitude of Protocol Attacks is measured in Packets per second. • Application Layer (Layer 7) Attacks – Designed to exhaust the resource limits of Web services, application layer attacks target specific web applications, flooding them with a huge quantity of HTTP requests that saturate a target’s resources. Examples of application layer DDoS attacks include Slowloris, as well as DDoS attacks that target Apache, Windows, or OpenBSD vulnerabilities. The magnitude of application layer attacks is measured in Requests per second. 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 5. What we care ? • Exhausting resources like: – CPU – Memory/Buffers – I/O operations – Disk space – Network bandwidth 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 6. Where to start ? • Go through all devices on network, from L2 switches to backend servers and identify possible leaks, bottlenecks, attack vectors, applicable DoS attacks, vulnerabilities ... and mitigate or (rate)limit them 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 7. Infrastructure • Hosting and VM is not good idea 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 9. Architecture • Rule: Defence in depth (multi-layer) 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 10. OS Tuning • *nix is good choice • Rule : If not used, turn off 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 11. /etc/sysctl.conf tuning • net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 2 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.tcp_rmem = 4096 87380 1048576 net.ipv4.tcp_wmem = 4096 16384 1048576 net.ipv4.tcp_max_orphans = 2048 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 12. Layer 3-4 • Stateful Firewall – Iptables – Tuning connections tracking • Rule : Deny all, allow selective 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 13. Layer 7 • WAF : to filter what firewall missed at IP layer – Mod_security • Why not snort ? 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 14. Layer 7 • Choosing webserver – Nginx is the best • Tuning webserver – Improve Apache with mod_reqtimeout • Caching is very important – Static cache – memcached 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 15. Patching • Keep Your System Up-to-date • Example : – Slowloris : based on missing CRLF – Slow Read attack : based on TCP persist timer exploit – Apache Range Header attack 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 16. Proactive with NSM • Logs is very important • My suggestion : Syslog-ng + Splunk 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 17. Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 18. Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 19. Proactive with NSM • Alternative : Logstash is a free tool for managing events and logs. It has three primary components, an Input module for collecting logs from various sources 10/29/2013 11:16 AM ElasticSearch is this awesome distributable, RESTful, free Lucene powered search engine/server. Unlike SOLR, ES is very simple to use and maintain and similar to SOLR, indexing is near realtime. www.securitybootcamp.vn Kibana is a presentation layer that sits on top of Elasticsearch to analyze and make sense of logs that logstash throws into Elastic search; Kibana is a highly scalable interface for Logstash and ElasticSearch that allows you to efficiently search, graph, analyze and otherwise make sense of a mountain of logs.
  • 20. Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 21. [2] Case Study 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 22. Our suggestion • Diagram 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 23. Our suggestion • Router with high throughput • reverse proxy servers : – 32Gb RAM, 10Gb NIC, Quad Core I7, SSD disk (for internal I/O better) – Linux OS, running IPTables + apache (worker MPM) + mod_security 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 24. Our suggestion • cache servers : – Using SSD Disk – Application cache (ex : xcache/APC for PHP, …) – Generic cache : Apache Traffic Server 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 25. Cloud-based Solutions • For large DDoS attack (e.g Spamhaus was DDoS by 300Gb/s of traffic), we need a third-party : – Incapsula – CloudFlare 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 26. Cloud-based Solutions 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 27. Simple but effective • If you can determine C&C servers, just null route them 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 28. Testing • Test your network and devices by simulating real DoS attack (LOIC/HOIC, hping, slowhttptest, thc-ssl-dos, pktgen, ... ) 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 29. Conclusion • This approach is not “silver bullet” for preventing DDoS attacks • There isn’t “a technique” for mitigrating DDoS – DDoS Mitigation = Hardened System + Money 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 30. Thank you ! 10/29/2013 11:16 AM www.securitybootcamp.vn