SlideShare a Scribd company logo

Cyber-security

Qasim Zaidi
Qasim Zaidi

A Presentation in Tokopedia Tech A Break about some big DDos Attacks we saw

Engineering
1 of 38
Download to read offline
fighting the cyber threats Qasim Zaidi
Text We were DDos’ed we must be doing something right !
Text Denial of Service Legitimate users are denied service
Types Volumetric (UDP Floods) State Exhaustion (TCP Syn Attacks) Application Layer Attacks (HTTP, DNS query flood)
Application 15% State Exhaustion 20% Volumetric 65%
Reflection Attacks Do not directly attack the Target. Forge Reply to Address Send request to normal servers Trick them to reply to the Target Makes it distributed and harder to deal with.
Amplification A new class of reflection
Amplification attacks Because a small question can have a big answer. Why? How?
; <<>> DiG 9.8.3-P1 <<>> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64739 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;dig. IN ANY ;; AUTHORITY SECTION: . 73193 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016041601 1800 900 604800 86400 ;; Query time: 80 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Apr 17 10:19:42 2016 ;; MSG SIZE rcvd: 96 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39944 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 6, ADDITIONAL: 10 ;; QUESTION SECTION: ;yahoo.com. IN A ;; ANSWER SECTION: yahoo.com. 1762 IN A 98.139.183.24 yahoo.com. 1762 IN A 206.190.36.45 yahoo.com. 1762 IN A 98.138.253.109 ;; AUTHORITY SECTION: yahoo.com. 17439 IN NS ns3.yahoo.com. yahoo.com. 17439 IN NS ns5.yahoo.com. yahoo.com. 17439 IN NS ns2.yahoo.com. yahoo.com. 17439 IN NS ns1.yahoo.com. yahoo.com. 17439 IN NS ns6.yahoo.com. yahoo.com. 17439 IN NS ns4.yahoo.com. ;; ADDITIONAL SECTION: ns1.yahoo.com. 1197500 IN A 68.180.131.16 ns1.yahoo.com. 66008 IN AAAA 2001:4998:130::1001 ns2.yahoo.com. 1197500 IN A 68.142.255.16 ns2.yahoo.com. 85955 IN AAAA 2001:4998:140::1002 ns3.yahoo.com. 1197585 IN A 203.84.221.53 ns3.yahoo.com. 73296 IN AAAA 2406:8600:b8:fe03::1003 ns4.yahoo.com. 1198687 IN A 98.138.11.157 ns5.yahoo.com. 1197585 IN A 119.160.247.124 ns6.yahoo.com. 160785 IN A 121.101.144.139 ns6.yahoo.com. 1762 IN AAAA 2406:2000:108:4::1006 ;; Query time: 27 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Apr 17 10:19:42 2016 ;; MSG SIZE rcvd: 391 dig ANY yahoo.com @8.8.8.8 (64 bytes) A (391 bytes) 6x amplification
The D in DDos
SSDP Simple Service Discovery Protocol (UPnP) Example: Used to discover printers on your network SSDP Discovery - HTTP over UDP sent to a multicast address.
1. Recruiting Zombies
2. Flooding the victim
First Attack Happened at 6 PM on a Monday Website seemed slow SSH to servers even slower
public ips private ips
dmesg output UDP: bad checksum. From 182.215.214.137:1900 to 182.253.224.184:80 ulen 318 UDP: bad checksum. From 182.215.214.137:1900 to 182.253.224.184:80 ulen 318 UDP: bad checksum. From 190.129.30.190:1900 to 182.253.224.184:80 ulen 347 UDP: bad checksum. From 190.129.169.3:1900 to 182.253.224.184:80 ulen 291 UDP: bad checksum. From 190.129.169.3:1900 to 182.253.224.184:80 ulen 291 UDP: bad checksum. From 200.87.245.44:1900 to 182.253.224.184:80 ulen 311 UDP: bad checksum. From 190.129.81.203:1900 to 182.253.224.184:80 ulen 281 UDP: bad checksum. From 190.129.6.33:1900 to 182.253.224.184:80 ulen 301 UDP: bad checksum. From 73.201.211.248:1900 to 182.253.224.184:80 ulen 253 UDP: bad checksum. From 190.129.199.12:1900 to 182.253.224.184:80 ulen 347 UDP: bad checksum. From 200.87.155.100:1900 to 182.253.224.184:80 ulen 285 UDP: bad checksum. From 182.215.214.137:1900 to 182.253.224.184:80 ulen 300 UDP: bad checksum. From 190.129.182.57:1900 to 182.253.224.184:80 ulen 280 UDP: bad checksum. From 190.129.165.180:1900 to 182.253.224.184:80 ulen 237 UDP: bad checksum. From 182.215.214.137:1900 to 182.253.224.184:80 ulen 306 UDP: bad checksum. From 190.129.81.26:1900 to 182.253.224.184:80 ulen 283 UDP: bad checksum. From 182.215.214.137:1900 to 182.253.224.184:80 ulen 300 UDP: bad checksum. From 172.97.240.102:1900 to 182.253.224.184:80 ulen 343 UDP: bad checksum. From 190.129.195.29:1900 to 182.253.224.184:80 ulen 246 UDP: bad checksum. From 172.97.240.102:1900 to 182.253.224.184:80 ulen 237 UDP: bad checksum. From 190.129.165.171:1900 to 182.253.224.184:80 ulen 301 UDP: bad checksum. From 172.97.240.102:1900 to 182.253.224.184:80 ulen 237 UDP: bad checksum. From 182.215.214.137:1900 to 182.253.224.184:80 ulen 302 UDP: bad checksum. From 190.129.30.176:1900 to 182.253.224.184:80 ulen 289
First Response sudo iptables -A INPUT -p udp -sport 1900 -j DROP Drops all incoming packets with source Port 1900 saves some resources, but remember that packets still have to be processed by NIC card, and the pipe is still clogged. dmesg output goes away, but recovery isn’t complete.
GEO IP Lookup
But we knew we haven’t yet
During Q4 (2015), repeat DDoS attacks were the norm, with an average of 24 attacks per targeted customer in Q4. Three targets were subject to more than 100 attacks each and one customer suffered 188 attacks – an average of more than two per day. Source: Akamai Attacker’s persist, especially if they don’t get what they wanted.
Attack 2 The very next day, at 2 PM Same attack vector, but more distributed Lot’s of Indonesian IP addresses Attacked all of our public IP’s, not DNS based.
identify netstat dmesg iptraf netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg em1 1500 0 266063410705 0 327198 0 269121217381 0 2 em2 1500 0 19266620548 0 197 0 20700650229 0 0 0 lo 16436 0 79744956 0 0 0 79744956 0 0 0 LRU
iptables/netfilter/tuning kernel parameters tuning NIC TX/RX Buffer tuning sudo iptables -A INPUT -p udp --sport 1900 -j DROP netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n iptables -I INPUT -s <ipaddress> —j DROP tcpkill / cutter synproxy (against syn flood attacks) sudo ethtool -g em1 Ring parameters for em1: Pre-set maximums: RX: 2047 RX Mini: 0 RX Jumbo: 0 TX: 511 Current hardware settings: RX: 200 RX Mini: 0 RX Jumbo: 0 TX: 511
Know who to call @ ISP
tc / firehol Ensure you can ssh to the server when your network is congested Limit bandwidth class ssh commit 2Mbit server ssh client ssh class rsync commit 2Mbit max 10Mbit server rsync client rsync
private net Minimize Attack Surface
private net under attack normal whois tokopedia.com 1 2 2 Use a WAF / hide origin
–Johnny Appleseed “Type a quote here.”

Recommended

Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)btpsec
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDNVishal Vasudev
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNChao Chen
 
Layer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacksLayer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacksfangjiafu
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...ShortestPathFirst
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
Detection and analysis_of_syn_flood_ddos
Detection and analysis_of_syn_flood_ddosDetection and analysis_of_syn_flood_ddos
Detection and analysis_of_syn_flood_ddosOleh Stupak
 

Recommended

Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)btpsec
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDNVishal Vasudev
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNChao Chen
 
Layer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacksLayer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacksfangjiafu
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...ShortestPathFirst
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
Detection and analysis_of_syn_flood_ddos
Detection and analysis_of_syn_flood_ddosDetection and analysis_of_syn_flood_ddos
Detection and analysis_of_syn_flood_ddosOleh Stupak
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksAcquia
 
Make the internet safe with DNS Firewall
Make the internet safe with DNS FirewallMake the internet safe with DNS Firewall
Make the internet safe with DNS FirewallBangladesh Network Operators Group
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationJerod Brennen
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleHimani Singh
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
9534715
95347159534715
9534715Pavel Odintsov
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation TechniquesIntruGuard
 
Rdmap Security
Rdmap SecurityRdmap Security
Rdmap SecuritySanjeev Kumar Jaiswal
 
Time-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerTime-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerLippo Group Digital
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
BADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSBADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSSuzanne Aldrich
 
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricLet's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricBangladesh Network Operators Group
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Suzanne Aldrich
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleHow the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleSeungjoo Kim
 
CCNA 1 Chapter 11 v5.0 2014
CCNA 1 Chapter 11 v5.0 2014CCNA 1 Chapter 11 v5.0 2014
CCNA 1 Chapter 11 v5.0 2014Đồng Quốc Vương
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetDavid Sweigert
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Golang @ Tokopedia
Golang @ TokopediaGolang @ Tokopedia
Golang @ TokopediaQasim Zaidi
 
Presentasi Tokopedia di Bancakan 2.0 3rd meetup
Presentasi Tokopedia di Bancakan 2.0 3rd meetupPresentasi Tokopedia di Bancakan 2.0 3rd meetup
Presentasi Tokopedia di Bancakan 2.0 3rd meetupFachry Bafadal
 

More Related Content

What's hot

The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksAcquia
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationJerod Brennen
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleHimani Singh
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation TechniquesIntruGuard
 
Time-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerTime-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerLippo Group Digital
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
BADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSBADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSSuzanne Aldrich
 
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricLet's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricBangladesh Network Operators Group
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Suzanne Aldrich
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleHow the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleSeungjoo Kim
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetDavid Sweigert
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 

What's hot (20)

The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS Attacks
 
Make the internet safe with DNS Firewall
Make the internet safe with DNS FirewallMake the internet safe with DNS Firewall
Make the internet safe with DNS Firewall
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 example
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
9534715
95347159534715
9534715
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques
 
Rdmap Security
Rdmap SecurityRdmap Security
Rdmap Security
 
Time-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerTime-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN Controller
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
 
BADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSBADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoS
 
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricLet's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigation
 
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleHow the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development Lifecycle
 
CCNA 1 Chapter 11 v5.0 2014
CCNA 1 Chapter 11 v5.0 2014CCNA 1 Chapter 11 v5.0 2014
CCNA 1 Chapter 11 v5.0 2014
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigation
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheet
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 

Viewers also liked

Golang @ Tokopedia
Golang @ TokopediaGolang @ Tokopedia
Golang @ TokopediaQasim Zaidi
 
Presentasi Tokopedia di Bancakan 2.0 3rd meetup
Presentasi Tokopedia di Bancakan 2.0 3rd meetupPresentasi Tokopedia di Bancakan 2.0 3rd meetup
Presentasi Tokopedia di Bancakan 2.0 3rd meetupFachry Bafadal
 
Apple Computers to Apple Inc
Apple Computers to Apple IncApple Computers to Apple Inc
Apple Computers to Apple IncQasim Zaidi
 
Virgin Mobile India Strategy
Virgin Mobile India StrategyVirgin Mobile India Strategy
Virgin Mobile India StrategyQasim Zaidi
 
Tokopedia - How Tokopedia Became one of Indonesia’s Most Promising Startups
Tokopedia - How Tokopedia Became one of Indonesia’s Most Promising StartupsTokopedia - How Tokopedia Became one of Indonesia’s Most Promising Startups
Tokopedia - How Tokopedia Became one of Indonesia’s Most Promising Startupse27
 
Scaling tokopedia-past-present-future
Scaling tokopedia-past-present-futureScaling tokopedia-past-present-future
Scaling tokopedia-past-present-futureRein Mahatma
 

Viewers also liked (7)

Golang @ Tokopedia
Golang @ TokopediaGolang @ Tokopedia
Golang @ Tokopedia
 
Presentasi Tokopedia di Bancakan 2.0 3rd meetup
Presentasi Tokopedia di Bancakan 2.0 3rd meetupPresentasi Tokopedia di Bancakan 2.0 3rd meetup
Presentasi Tokopedia di Bancakan 2.0 3rd meetup
 
Apple Computers to Apple Inc
Apple Computers to Apple IncApple Computers to Apple Inc
Apple Computers to Apple Inc
 
Virgin Mobile India Strategy
Virgin Mobile India StrategyVirgin Mobile India Strategy
Virgin Mobile India Strategy
 
Tokopedia - How Tokopedia Became one of Indonesia’s Most Promising Startups
Tokopedia - How Tokopedia Became one of Indonesia’s Most Promising StartupsTokopedia - How Tokopedia Became one of Indonesia’s Most Promising Startups
Tokopedia - How Tokopedia Became one of Indonesia’s Most Promising Startups
 
Scaling tokopedia-past-present-future
Scaling tokopedia-past-present-futureScaling tokopedia-past-present-future
Scaling tokopedia-past-present-future
 
IP Valuation
IP ValuationIP Valuation
IP Valuation
 

Similar to Cyber-security

How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science HungWei Chiu
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)Igalia
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptxdawitTerefe5
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleGuardicore
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and RiskSukbum Hong
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threatSensePost
 
Tomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSTomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSDefconRussia
 
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...Amazon Web Services
 
Day 2 Dns Cert 4b Name Server Redirection
Day 2 Dns Cert 4b Name Server RedirectionDay 2 Dns Cert 4b Name Server Redirection
Day 2 Dns Cert 4b Name Server Redirectionvngundi
 
Firewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaFirewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaHanaysha
 
Analyzing RDP traffc with Bro
Analyzing RDP traffc with BroAnalyzing RDP traffc with Bro
Analyzing RDP traffc with BroJosh Liburdi
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hackingPranshu Pareek
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructureWP Engine
 

Similar to Cyber-security (20)

How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Cldap threat-advisory
Cldap threat-advisoryCldap threat-advisory
Cldap threat-advisory
 
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptx
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at Scale
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solution
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threat
 
Tomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSTomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNS
 
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
(SEC307) Building a DDoS-Resilient Architecture with Amazon Web Services | AW...
 
Day 2 Dns Cert 4b Name Server Redirection
Day 2 Dns Cert 4b Name Server RedirectionDay 2 Dns Cert 4b Name Server Redirection
Day 2 Dns Cert 4b Name Server Redirection
 
Firewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaFirewall arch by Tareq Hanaysha
Firewall arch by Tareq Hanaysha
 
Analyzing RDP traffc with Bro
Analyzing RDP traffc with BroAnalyzing RDP traffc with Bro
Analyzing RDP traffc with Bro
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hacking
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructure
 

Recently uploaded

complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxvipinkmenon1
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and usesDevarapalliHaritha
 

Recently uploaded (20)

complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and uses
 

Cyber-security

  • 1. fighting the cyber threats Qasim Zaidi
  • 2. Text We were DDos’ed we must be doing something right !
  • 3. Text Denial of Service Legitimate users are denied service
  • 4.
  • 5.
  • 6. Types Volumetric (UDP Floods) State Exhaustion (TCP Syn Attacks) Application Layer Attacks (HTTP, DNS query flood)
  • 8. Reflection Attacks Do not directly attack the Target. Forge Reply to Address Send request to normal servers Trick them to reply to the Target Makes it distributed and harder to deal with.
  • 9. Amplification A new class of reflection
  • 10. Amplification attacks Because a small question can have a big answer. Why? How?
  • 11. ; <<>> DiG 9.8.3-P1 <<>> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64739 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;dig. IN ANY ;; AUTHORITY SECTION: . 73193 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016041601 1800 900 604800 86400 ;; Query time: 80 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Apr 17 10:19:42 2016 ;; MSG SIZE rcvd: 96 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39944 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 6, ADDITIONAL: 10 ;; QUESTION SECTION: ;yahoo.com. IN A ;; ANSWER SECTION: yahoo.com. 1762 IN A 98.139.183.24 yahoo.com. 1762 IN A 206.190.36.45 yahoo.com. 1762 IN A 98.138.253.109 ;; AUTHORITY SECTION: yahoo.com. 17439 IN NS ns3.yahoo.com. yahoo.com. 17439 IN NS ns5.yahoo.com. yahoo.com. 17439 IN NS ns2.yahoo.com. yahoo.com. 17439 IN NS ns1.yahoo.com. yahoo.com. 17439 IN NS ns6.yahoo.com. yahoo.com. 17439 IN NS ns4.yahoo.com. ;; ADDITIONAL SECTION: ns1.yahoo.com. 1197500 IN A 68.180.131.16 ns1.yahoo.com. 66008 IN AAAA 2001:4998:130::1001 ns2.yahoo.com. 1197500 IN A 68.142.255.16 ns2.yahoo.com. 85955 IN AAAA 2001:4998:140::1002 ns3.yahoo.com. 1197585 IN A 203.84.221.53 ns3.yahoo.com. 73296 IN AAAA 2406:8600:b8:fe03::1003 ns4.yahoo.com. 1198687 IN A 98.138.11.157 ns5.yahoo.com. 1197585 IN A 119.160.247.124 ns6.yahoo.com. 160785 IN A 121.101.144.139 ns6.yahoo.com. 1762 IN AAAA 2406:2000:108:4::1006 ;; Query time: 27 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Apr 17 10:19:42 2016 ;; MSG SIZE rcvd: 391 dig ANY yahoo.com @8.8.8.8 (64 bytes) A (391 bytes) 6x amplification
  • 12. The D in DDos
  • 13.
  • 14. SSDP Simple Service Discovery Protocol (UPnP) Example: Used to discover printers on your network SSDP Discovery - HTTP over UDP sent to a multicast address.
  • 15.
  • 17. 2. Flooding the victim
  • 18.
  • 19.
  • 20. First Attack Happened at 6 PM on a Monday Website seemed slow SSH to servers even slower
  • 22. dmesg output UDP: bad checksum. From 182.215.214.137:1900 to 182.253.224.184:80 ulen 318 UDP: bad checksum. From 182.215.214.137:1900 to 182.253.224.184:80 ulen 318 UDP: bad checksum. From 190.129.30.190:1900 to 182.253.224.184:80 ulen 347 UDP: bad checksum. From 190.129.169.3:1900 to 182.253.224.184:80 ulen 291 UDP: bad checksum. From 190.129.169.3:1900 to 182.253.224.184:80 ulen 291 UDP: bad checksum. From 200.87.245.44:1900 to 182.253.224.184:80 ulen 311 UDP: bad checksum. From 190.129.81.203:1900 to 182.253.224.184:80 ulen 281 UDP: bad checksum. From 190.129.6.33:1900 to 182.253.224.184:80 ulen 301 UDP: bad checksum. From 73.201.211.248:1900 to 182.253.224.184:80 ulen 253 UDP: bad checksum. From 190.129.199.12:1900 to 182.253.224.184:80 ulen 347 UDP: bad checksum. From 200.87.155.100:1900 to 182.253.224.184:80 ulen 285 UDP: bad checksum. From 182.215.214.137:1900 to 182.253.224.184:80 ulen 300 UDP: bad checksum. From 190.129.182.57:1900 to 182.253.224.184:80 ulen 280 UDP: bad checksum. From 190.129.165.180:1900 to 182.253.224.184:80 ulen 237 UDP: bad checksum. From 182.215.214.137:1900 to 182.253.224.184:80 ulen 306 UDP: bad checksum. From 190.129.81.26:1900 to 182.253.224.184:80 ulen 283 UDP: bad checksum. From 182.215.214.137:1900 to 182.253.224.184:80 ulen 300 UDP: bad checksum. From 172.97.240.102:1900 to 182.253.224.184:80 ulen 343 UDP: bad checksum. From 190.129.195.29:1900 to 182.253.224.184:80 ulen 246 UDP: bad checksum. From 172.97.240.102:1900 to 182.253.224.184:80 ulen 237 UDP: bad checksum. From 190.129.165.171:1900 to 182.253.224.184:80 ulen 301 UDP: bad checksum. From 172.97.240.102:1900 to 182.253.224.184:80 ulen 237 UDP: bad checksum. From 182.215.214.137:1900 to 182.253.224.184:80 ulen 302 UDP: bad checksum. From 190.129.30.176:1900 to 182.253.224.184:80 ulen 289
  • 23. First Response sudo iptables -A INPUT -p udp -sport 1900 -j DROP Drops all incoming packets with source Port 1900 saves some resources, but remember that packets still have to be processed by NIC card, and the pipe is still clogged. dmesg output goes away, but recovery isn’t complete.
  • 25.
  • 26.
  • 27.
  • 28. But we knew we haven’t yet
  • 29. During Q4 (2015), repeat DDoS attacks were the norm, with an average of 24 attacks per targeted customer in Q4. Three targets were subject to more than 100 attacks each and one customer suffered 188 attacks – an average of more than two per day. Source: Akamai Attacker’s persist, especially if they don’t get what they wanted.
  • 30. Attack 2 The very next day, at 2 PM Same attack vector, but more distributed Lot’s of Indonesian IP addresses Attacked all of our public IP’s, not DNS based.
  • 31.
  • 32. identify netstat dmesg iptraf netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg em1 1500 0 266063410705 0 327198 0 269121217381 0 2 em2 1500 0 19266620548 0 197 0 20700650229 0 0 0 lo 16436 0 79744956 0 0 0 79744956 0 0 0 LRU
  • 33. iptables/netfilter/tuning kernel parameters tuning NIC TX/RX Buffer tuning sudo iptables -A INPUT -p udp --sport 1900 -j DROP netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n iptables -I INPUT -s <ipaddress> —j DROP tcpkill / cutter synproxy (against syn flood attacks) sudo ethtool -g em1 Ring parameters for em1: Pre-set maximums: RX: 2047 RX Mini: 0 RX Jumbo: 0 TX: 511 Current hardware settings: RX: 200 RX Mini: 0 RX Jumbo: 0 TX: 511
  • 34. Know who to call @ ISP
  • 35. tc / firehol Ensure you can ssh to the server when your network is congested Limit bandwidth class ssh commit 2Mbit server ssh client ssh class rsync commit 2Mbit max 10Mbit server rsync client rsync
  • 37. private net under attack normal whois tokopedia.com 1 2 2 Use a WAF / hide origin