SlideShare a Scribd company logo

Layer 7 denial of services attack mitigation

Ammar WK
Ammar WK

RISTEK - IT lesehan 12 nov 2011

TechnologyDesign
1 of 37
Download to read offline
Layer7 Denial Of Sevice Attack Mitigation IT LESEHAN - y3dips Saturday, November 12, 11
Agenda • Introduction • Denial Of Service • Layer 7 Denial Of Service • Case Stories • Demo • Discussion Saturday, November 12, 11
Introduction • Freelance IT Security Consultant • More than 9 years in IT Security • Founder of “ECHO” one of Indonesian Hacker Community, established 2003 • Founder of IDSECCONF - Indonesia Security Conference in Cooperation with DEPKOMINFO • More Info: • me@ammar.web.id • @y3dips Saturday, November 12, 11
Denial of Service Suatu jenis kegiatan yang bertujuan untuk menggagalkan kerja suatu sistem secara maksimal baik sebagian atau seluruhnya. Saturday, November 12, 11
DOS • Stupid Act • Exhausted also yours • Old story, • moby write ddos in 2003 * • I write apache dos in 2003** • Well handle by now *http://ezine.echo.or.id/ezine2/ddos%7EMoby.txt **http://ezine.echo.or.id/ezine2/dos_buat_apache%7Ey3dips.txt Saturday, November 12, 11
Type of Network DOS • Layer 4 • Attack layer 4 protocol • TCP • SYN, FIN, ACK • smurf, TRINOO, stacheldart, teardrop Saturday, November 12, 11
Type of Network DOS • Layer 7 • Attack Layer 7 Protocol • HTTP, FTP, DNS • HTTP-slow post, HTTP-GET Saturday, November 12, 11
Real Life Stories When this all begin Saturday, November 12, 11
DOS Terhadap ECHO • 7 - 8 November 2011 • Unknown Motives • Echo Web Access Down Saturday, November 12, 11
Attack Detection Saturday, November 12, 11
See TKP :) Saturday, November 12, 11
Check Validitas DOS • Only you? • Or for everyone :D • http://downforeveryoneorjustme.com/ Saturday, November 12, 11
Analyze :| Saturday, November 12, 11
Analyze • The Server Down? • Or onlye specific service Down Saturday, November 12, 11
In this Case 80 down Saturday, November 12, 11
Layer 7 DOS Lets Dig arround on 80! Saturday, November 12, 11
See Stats :) Saturday, November 12, 11
Ganti Periode Laporan: 201111 - Bulan Nov 2011 Go Statistik untuk: echo.or.id Terakhir diupdate: 08 Nov 2011 - 14:20 Periode Laporan: Bulan Nov 2011 Kapan: Monthly history Days of month Hari Jam (Waktu Server) Siapa: Countries Daftar Lengkap Host Daftar Lengkap Kunjungan Terakhir Alamat IP yang tidak teresolve Robot/Spider Daftar Lengkap Kunjungan Terakhir Navigasi: Lama kunjungan Jenis File Halaman yang Dilihat Daftar Lengkap Halaman masuk (entry page) Halaman keluar (exit page) Sistem Operasi Versi Tidak Diketahui Browser Versi Tidak Diketahui Referer: Asal Search engine referer Situs referer Pencarian Frase Pencarian Kata Kunci Pencarian Lainnya: Miscellaneous Kode error HTTP Halaman tidak ditemukan (not found) Ringkasan Periode Laporan Bulan Nov 2011 Kunjungan Pertama 01 Nov 2011 - 00:00 Kunjungan Terakhir 08 Nov 2011 - 11:35 Pengunjung Unik Jumlah Kunjungan Halaman Hit Bandwidth 10021 14357 102822 417078 1.45 GB Traffic viewed * (1.43 kunjungan/pengunjung) (7.16 Halaman/Kunjungan) (29.05 Hit/Kunjungan) (105.69 KB/Kunjungan) Traffic not viewed * 88111 145915 395.12 MB * Not viewed traffic includes traffic generated by robots, worms, or replies with special HTTP status codes. Monthly history Jan Feb Mar Apr Mei Jun Jul Agu Sep Okt Nov Des 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 Bulan Pengunjung Jumlah Halaman Hit Bandwidth Seems all Legit 11/9/11 Saturday, November 12, 11
7, 8 November? Saturday, November 12, 11
7, 8 November? Saturday, November 12, 11
Ask the Logs :) Saturday, November 12, 11
Logs • HTTP/S logs • http-access • http-error Saturday, November 12, 11
A Valid One Saturday, November 12, 11
A Valid One but also http-flood GET Saturday, November 12, 11
Conclusion • Its an HTTP-flood GET • Connection need to be Established • IP need to be valid? Saturday, November 12, 11
Learn from Code :) Saturday, November 12, 11
*Credit to Google for the code, just dig and found Saturday, November 12, 11
Attack Mitigation Saturday, November 12, 11
Mitigation • Always Have your backup • No privil8 access to server; LAPORKAN Saturday, November 12, 11
Mitigation • Had The Privileged • check netstat -n | grep 80 | wc -l • block : • iptables -A INPUT -s x. x. x. x -p tcp - j TARPIT • iptables -A INPUT -s x. x. x. x -p tcp - j DROP Saturday, November 12, 11
TARPITING Care to Send and double the packet :) ? http://www.secureworks.com/research/threats/ddos/ Saturday, November 12, 11
Hardening Apache • TimeOut=Default 300 detik atau 5 Menit, disarankan 10 detik • TimeOut akan melindungi server dari rikues dalam jumlah besar, dan tidak pernah di putus oleh Attacker, dengan adanya TimeOut, apabila tidak terjadi transaksi dalam waktu tersebut (10 detik), maka Apache akan memutus koneksi Saturday, November 12, 11
Hardening Apache • KeepAlive = On • KeepAlive akan mengijinkan Berbagai jenis HTTP rikues dilakukan dalam satu koneksi. • KeepAlive = 15 detik • Setting ini akan melindungi Server dari Rikues Keepalive tanpa transaksi Saturday, November 12, 11
Hardening Apache • AcceptFilter = http/https data • Melindungi dari jenis serangan, dimana attacker membuka koneksi via socket dan membiarkannya tanpa terjadinya transaksi data. Dengan mendefinisikan data pada http dan https akan meminimalisir jenis serangan ini. Saturday, November 12, 11
DeMo Saturday, November 12, 11
Saturday, November 12, 11
Layer7 Denial Of Sevice Attack Mitigation IT LESEHAN - y3dips Saturday, November 12, 11

Recommended

CSS Power Tools
CSS Power ToolsCSS Power Tools
CSS Power Tools
Nicole Sullivan
 
Deploying large payloads at scale
Deploying large payloads at scaleDeploying large payloads at scale
Deploying large payloads at scale
ramonvanalteren
 
Conquistando el Servidor con Node.JS
Conquistando el Servidor con Node.JSConquistando el Servidor con Node.JS
Conquistando el Servidor con Node.JSCaridy Patino
 
Distributed "Web Scale" Systems
Distributed "Web Scale" SystemsDistributed "Web Scale" Systems
Distributed "Web Scale" Systems
Ricardo Vice Santos
 
Spotify: behind the scenes
Spotify: behind the scenesSpotify: behind the scenes
Spotify: behind the scenes
Ricardo Vice Santos
 
WPS Shootout
WPS ShootoutWPS Shootout
WPS Shootout
Jody Garnett
 
Create a Professional Blog with WordPress: Chapter 2 Installing Wordpress
Create a Professional Blog with WordPress: Chapter 2 Installing WordpressCreate a Professional Blog with WordPress: Chapter 2 Installing Wordpress
Create a Professional Blog with WordPress: Chapter 2 Installing WordpressAtit Patumvan
 
Spotify: P2P music-on-demand streaming
Spotify: P2P music-on-demand streamingSpotify: P2P music-on-demand streaming
Spotify: P2P music-on-demand streaming
Ricardo Vice Santos
 

Recommended

CSS Power Tools
CSS Power ToolsCSS Power Tools
CSS Power Tools
Nicole Sullivan
 
Deploying large payloads at scale
Deploying large payloads at scaleDeploying large payloads at scale
Deploying large payloads at scale
ramonvanalteren
 
Conquistando el Servidor con Node.JS
Conquistando el Servidor con Node.JSConquistando el Servidor con Node.JS
Conquistando el Servidor con Node.JSCaridy Patino
 
Distributed "Web Scale" Systems
Distributed "Web Scale" SystemsDistributed "Web Scale" Systems
Distributed "Web Scale" Systems
Ricardo Vice Santos
 
Spotify: behind the scenes
Spotify: behind the scenesSpotify: behind the scenes
Spotify: behind the scenes
Ricardo Vice Santos
 
WPS Shootout
WPS ShootoutWPS Shootout
WPS Shootout
Jody Garnett
 
Create a Professional Blog with WordPress: Chapter 2 Installing Wordpress
Create a Professional Blog with WordPress: Chapter 2 Installing WordpressCreate a Professional Blog with WordPress: Chapter 2 Installing Wordpress
Create a Professional Blog with WordPress: Chapter 2 Installing WordpressAtit Patumvan
 
Spotify: P2P music-on-demand streaming
Spotify: P2P music-on-demand streamingSpotify: P2P music-on-demand streaming
Spotify: P2P music-on-demand streaming
Ricardo Vice Santos
 
password series
password seriespassword series
password seriesAmmar WK
 
backdooring workshop
backdooring workshopbackdooring workshop
backdooring workshopAmmar WK
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Ammar WK
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)
Ammar WK
 
bluetooth [in]security
bluetooth [in]securitybluetooth [in]security
bluetooth [in]securityAmmar WK
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
Hammad Ahmed Khawaja
 
Had sec mikrotik administrator
Had sec mikrotik administratorHad sec mikrotik administrator
Had sec mikrotik administrator
muhammad pailus
 
Penetrasi Jaringan
Penetrasi JaringanPenetrasi Jaringan
Penetrasi Jaringan
Digital Echidna
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Khairi Aiman
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit Research
Dan H
 
Workshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemWorkshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment system
Dan H
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentest
Dan H
 
Backtrack 5 - web pentest
Backtrack 5 - web pentestBacktrack 5 - web pentest
Backtrack 5 - web pentest
Dan H
 
Seminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisSeminar Hacking & Security Analysis
Seminar Hacking & Security Analysis
Dan H
 
Clouds against the Floods (RubyConfBR2011)
Clouds against the Floods (RubyConfBR2011) Clouds against the Floods (RubyConfBR2011)
Clouds against the Floods (RubyConfBR2011) Leonardo Borges
 
Caridy patino - node-js
Caridy patino - node-jsCaridy patino - node-js
Caridy patino - node-jsStarTech Conference
 
Image and Music: Processing plus Pure Data with libpd library
Image and Music: Processing plus Pure Data with libpd libraryImage and Music: Processing plus Pure Data with libpd library
Image and Music: Processing plus Pure Data with libpd library
PETER KIRN
 
Technical Debt
Technical DebtTechnical Debt
Technical Debt
Kmanthei
 
Mobile? WT... F?
Mobile? WT... F?Mobile? WT... F?
Mobile? WT... F?
Vicker Leung
 
Content focused web design
Content focused web designContent focused web design
Content focused web designEddie Monge
 
HTML5 and Sencha Touch
HTML5 and Sencha TouchHTML5 and Sencha Touch
HTML5 and Sencha TouchPatrick Sheridan
 
Iwmn architecture
Iwmn architectureIwmn architecture
Iwmn architecture
Lenz Gschwendtner
 

More Related Content

Viewers also liked

password series
password seriespassword series
password seriesAmmar WK
 
backdooring workshop
backdooring workshopbackdooring workshop
backdooring workshopAmmar WK
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Ammar WK
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)
Ammar WK
 
bluetooth [in]security
bluetooth [in]securitybluetooth [in]security
bluetooth [in]securityAmmar WK
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
Hammad Ahmed Khawaja
 
Had sec mikrotik administrator
Had sec mikrotik administratorHad sec mikrotik administrator
Had sec mikrotik administrator
muhammad pailus
 
Penetrasi Jaringan
Penetrasi JaringanPenetrasi Jaringan
Penetrasi Jaringan
Digital Echidna
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Khairi Aiman
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit Research
Dan H
 
Workshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemWorkshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment system
Dan H
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentest
Dan H
 
Backtrack 5 - web pentest
Backtrack 5 - web pentestBacktrack 5 - web pentest
Backtrack 5 - web pentest
Dan H
 
Seminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisSeminar Hacking & Security Analysis
Seminar Hacking & Security Analysis
Dan H
 

Viewers also liked (14)

password series
password seriespassword series
password series
 
backdooring workshop
backdooring workshopbackdooring workshop
backdooring workshop
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)
 
bluetooth [in]security
bluetooth [in]securitybluetooth [in]security
bluetooth [in]security
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
 
Had sec mikrotik administrator
Had sec mikrotik administratorHad sec mikrotik administrator
Had sec mikrotik administrator
 
Penetrasi Jaringan
Penetrasi JaringanPenetrasi Jaringan
Penetrasi Jaringan
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit Research
 
Workshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemWorkshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment system
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentest
 
Backtrack 5 - web pentest
Backtrack 5 - web pentestBacktrack 5 - web pentest
Backtrack 5 - web pentest
 
Seminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisSeminar Hacking & Security Analysis
Seminar Hacking & Security Analysis
 

Similar to Layer 7 denial of services attack mitigation

Clouds against the Floods (RubyConfBR2011)
Clouds against the Floods (RubyConfBR2011) Clouds against the Floods (RubyConfBR2011)
Clouds against the Floods (RubyConfBR2011) Leonardo Borges
 
Image and Music: Processing plus Pure Data with libpd library
Image and Music: Processing plus Pure Data with libpd libraryImage and Music: Processing plus Pure Data with libpd library
Image and Music: Processing plus Pure Data with libpd library
PETER KIRN
 
Technical Debt
Technical DebtTechnical Debt
Technical Debt
Kmanthei
 
Mobile? WT... F?
Mobile? WT... F?Mobile? WT... F?
Mobile? WT... F?
Vicker Leung
 
Content focused web design
Content focused web designContent focused web design
Content focused web designEddie Monge
 
Iwmn architecture
Iwmn architectureIwmn architecture
Iwmn architecture
Lenz Gschwendtner
 
Play concurrency
Play concurrencyPlay concurrency
Play concurrencyJustin Long
 
Modern HTML & CSS Coding: Speed, Semantics & Structure
Modern HTML & CSS Coding: Speed, Semantics & StructureModern HTML & CSS Coding: Speed, Semantics & Structure
Modern HTML & CSS Coding: Speed, Semantics & Structure
Raven Tools
 
JS-Everywhere - SSE Hands-on
JS-Everywhere - SSE Hands-onJS-Everywhere - SSE Hands-on
JS-Everywhere - SSE Hands-on
Brice Argenson
 
Fast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browserFast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browser
Andreas Bovens
 
Rails ORM De-mystifying Active Record has_many
Rails ORM De-mystifying Active Record has_manyRails ORM De-mystifying Active Record has_many
Rails ORM De-mystifying Active Record has_many
Blazing Cloud
 
Pocket Knife JS
Pocket Knife JSPocket Knife JS
Pocket Knife JS
Diogo Antunes
 
Scaling Pinterest
Scaling PinterestScaling Pinterest
Scaling Pinterest
C4Media
 
iOS Prototyping with Xcode Storyboards
iOS Prototyping with Xcode StoryboardsiOS Prototyping with Xcode Storyboards
iOS Prototyping with Xcode Storyboards
Kyle Oba
 
soft-shake.ch - Data grids and Data Caching
soft-shake.ch - Data grids and Data Cachingsoft-shake.ch - Data grids and Data Caching
soft-shake.ch - Data grids and Data Caching
soft-shake.ch
 
Multiplatform, Promises and HTML5
Multiplatform, Promises and HTML5Multiplatform, Promises and HTML5
Multiplatform, Promises and HTML5
C4Media
 
DruplCampNYC 10 - Energy.gov Case Study
DruplCampNYC 10 - Energy.gov Case StudyDruplCampNYC 10 - Energy.gov Case Study
DruplCampNYC 10 - Energy.gov Case Study
zroger
 
I Love Techno - the site
I Love Techno - the siteI Love Techno - the site
I Love Techno - the site
Peter Arato
 

Similar to Layer 7 denial of services attack mitigation (20)

Clouds against the Floods (RubyConfBR2011)
Clouds against the Floods (RubyConfBR2011) Clouds against the Floods (RubyConfBR2011)
Clouds against the Floods (RubyConfBR2011)
 
Caridy patino - node-js
Caridy patino - node-jsCaridy patino - node-js
Caridy patino - node-js
 
Image and Music: Processing plus Pure Data with libpd library
Image and Music: Processing plus Pure Data with libpd libraryImage and Music: Processing plus Pure Data with libpd library
Image and Music: Processing plus Pure Data with libpd library
 
Technical Debt
Technical DebtTechnical Debt
Technical Debt
 
Mobile? WT... F?
Mobile? WT... F?Mobile? WT... F?
Mobile? WT... F?
 
Content focused web design
Content focused web designContent focused web design
Content focused web design
 
HTML5 and Sencha Touch
HTML5 and Sencha TouchHTML5 and Sencha Touch
HTML5 and Sencha Touch
 
Iwmn architecture
Iwmn architectureIwmn architecture
Iwmn architecture
 
Play concurrency
Play concurrencyPlay concurrency
Play concurrency
 
Modern HTML & CSS Coding: Speed, Semantics & Structure
Modern HTML & CSS Coding: Speed, Semantics & StructureModern HTML & CSS Coding: Speed, Semantics & Structure
Modern HTML & CSS Coding: Speed, Semantics & Structure
 
JS-Everywhere - SSE Hands-on
JS-Everywhere - SSE Hands-onJS-Everywhere - SSE Hands-on
JS-Everywhere - SSE Hands-on
 
Fast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browserFast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browser
 
Rails ORM De-mystifying Active Record has_many
Rails ORM De-mystifying Active Record has_manyRails ORM De-mystifying Active Record has_many
Rails ORM De-mystifying Active Record has_many
 
Pocket Knife JS
Pocket Knife JSPocket Knife JS
Pocket Knife JS
 
Scaling Pinterest
Scaling PinterestScaling Pinterest
Scaling Pinterest
 
iOS Prototyping with Xcode Storyboards
iOS Prototyping with Xcode StoryboardsiOS Prototyping with Xcode Storyboards
iOS Prototyping with Xcode Storyboards
 
soft-shake.ch - Data grids and Data Caching
soft-shake.ch - Data grids and Data Cachingsoft-shake.ch - Data grids and Data Caching
soft-shake.ch - Data grids and Data Caching
 
Multiplatform, Promises and HTML5
Multiplatform, Promises and HTML5Multiplatform, Promises and HTML5
Multiplatform, Promises and HTML5
 
DruplCampNYC 10 - Energy.gov Case Study
DruplCampNYC 10 - Energy.gov Case StudyDruplCampNYC 10 - Energy.gov Case Study
DruplCampNYC 10 - Energy.gov Case Study
 
I Love Techno - the site
I Love Techno - the siteI Love Techno - the site
I Love Techno - the site
 

More from Ammar WK

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssn
Ammar WK
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?
Ammar WK
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
Ammar WK
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
Ammar WK
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industry
Ammar WK
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0day
Ammar WK
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
Ammar WK
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
Ammar WK
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or White
Ammar WK
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration Testing
Ammar WK
 
Burp suite
Burp suiteBurp suite
Burp suite
Ammar WK
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet AnalysisAmmar WK
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
Network security
Network securityNetwork security
Network security
Ammar WK
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security Professional
Ammar WK
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dips
Ammar WK
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A Hacker
Ammar WK
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
Ammar WK
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 network
Ammar WK
 

More from Ammar WK (20)

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssn
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industry
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0day
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or White
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration Testing
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet Analysis
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)
 
Network security
Network securityNetwork security
Network security
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security Professional
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dips
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A Hacker
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 network
 

Recently uploaded

Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 

Recently uploaded (20)

Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 

Layer 7 denial of services attack mitigation

  • 1. Layer7 Denial Of Sevice Attack Mitigation IT LESEHAN - y3dips Saturday, November 12, 11
  • 2. Agenda • Introduction • Denial Of Service • Layer 7 Denial Of Service • Case Stories • Demo • Discussion Saturday, November 12, 11
  • 3. Introduction • Freelance IT Security Consultant • More than 9 years in IT Security • Founder of “ECHO” one of Indonesian Hacker Community, established 2003 • Founder of IDSECCONF - Indonesia Security Conference in Cooperation with DEPKOMINFO • More Info: • me@ammar.web.id • @y3dips Saturday, November 12, 11
  • 4. Denial of Service Suatu jenis kegiatan yang bertujuan untuk menggagalkan kerja suatu sistem secara maksimal baik sebagian atau seluruhnya. Saturday, November 12, 11
  • 5. DOS • Stupid Act • Exhausted also yours • Old story, • moby write ddos in 2003 * • I write apache dos in 2003** • Well handle by now *http://ezine.echo.or.id/ezine2/ddos%7EMoby.txt **http://ezine.echo.or.id/ezine2/dos_buat_apache%7Ey3dips.txt Saturday, November 12, 11
  • 6. Type of Network DOS • Layer 4 • Attack layer 4 protocol • TCP • SYN, FIN, ACK • smurf, TRINOO, stacheldart, teardrop Saturday, November 12, 11
  • 7. Type of Network DOS • Layer 7 • Attack Layer 7 Protocol • HTTP, FTP, DNS • HTTP-slow post, HTTP-GET Saturday, November 12, 11
  • 8. Real Life Stories When this all begin Saturday, November 12, 11
  • 9. DOS Terhadap ECHO • 7 - 8 November 2011 • Unknown Motives • Echo Web Access Down Saturday, November 12, 11
  • 11. See TKP :) Saturday, November 12, 11
  • 12. Check Validitas DOS • Only you? • Or for everyone :D • http://downforeveryoneorjustme.com/ Saturday, November 12, 11
  • 14. Analyze • The Server Down? • Or onlye specific service Down Saturday, November 12, 11
  • 15. In this Case 80 down Saturday, November 12, 11
  • 16. Layer 7 DOS Lets Dig arround on 80! Saturday, November 12, 11
  • 17. See Stats :) Saturday, November 12, 11
  • 18. Ganti Periode Laporan: 201111 - Bulan Nov 2011 Go Statistik untuk: echo.or.id Terakhir diupdate: 08 Nov 2011 - 14:20 Periode Laporan: Bulan Nov 2011 Kapan: Monthly history Days of month Hari Jam (Waktu Server) Siapa: Countries Daftar Lengkap Host Daftar Lengkap Kunjungan Terakhir Alamat IP yang tidak teresolve Robot/Spider Daftar Lengkap Kunjungan Terakhir Navigasi: Lama kunjungan Jenis File Halaman yang Dilihat Daftar Lengkap Halaman masuk (entry page) Halaman keluar (exit page) Sistem Operasi Versi Tidak Diketahui Browser Versi Tidak Diketahui Referer: Asal Search engine referer Situs referer Pencarian Frase Pencarian Kata Kunci Pencarian Lainnya: Miscellaneous Kode error HTTP Halaman tidak ditemukan (not found) Ringkasan Periode Laporan Bulan Nov 2011 Kunjungan Pertama 01 Nov 2011 - 00:00 Kunjungan Terakhir 08 Nov 2011 - 11:35 Pengunjung Unik Jumlah Kunjungan Halaman Hit Bandwidth 10021 14357 102822 417078 1.45 GB Traffic viewed * (1.43 kunjungan/pengunjung) (7.16 Halaman/Kunjungan) (29.05 Hit/Kunjungan) (105.69 KB/Kunjungan) Traffic not viewed * 88111 145915 395.12 MB * Not viewed traffic includes traffic generated by robots, worms, or replies with special HTTP status codes. Monthly history Jan Feb Mar Apr Mei Jun Jul Agu Sep Okt Nov Des 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 Bulan Pengunjung Jumlah Halaman Hit Bandwidth Seems all Legit 11/9/11 Saturday, November 12, 11
  • 19. 7, 8 November? Saturday, November 12, 11
  • 20. 7, 8 November? Saturday, November 12, 11
  • 21. Ask the Logs :) Saturday, November 12, 11
  • 22. Logs • HTTP/S logs • http-access • http-error Saturday, November 12, 11
  • 23. A Valid One Saturday, November 12, 11
  • 24. A Valid One but also http-flood GET Saturday, November 12, 11
  • 25. Conclusion • Its an HTTP-flood GET • Connection need to be Established • IP need to be valid? Saturday, November 12, 11
  • 26. Learn from Code :) Saturday, November 12, 11
  • 27. *Credit to Google for the code, just dig and found Saturday, November 12, 11
  • 29. Mitigation • Always Have your backup • No privil8 access to server; LAPORKAN Saturday, November 12, 11
  • 30. Mitigation • Had The Privileged • check netstat -n | grep 80 | wc -l • block : • iptables -A INPUT -s x. x. x. x -p tcp - j TARPIT • iptables -A INPUT -s x. x. x. x -p tcp - j DROP Saturday, November 12, 11
  • 31. TARPITING Care to Send and double the packet :) ? http://www.secureworks.com/research/threats/ddos/ Saturday, November 12, 11
  • 32. Hardening Apache • TimeOut=Default 300 detik atau 5 Menit, disarankan 10 detik • TimeOut akan melindungi server dari rikues dalam jumlah besar, dan tidak pernah di putus oleh Attacker, dengan adanya TimeOut, apabila tidak terjadi transaksi dalam waktu tersebut (10 detik), maka Apache akan memutus koneksi Saturday, November 12, 11
  • 33. Hardening Apache • KeepAlive = On • KeepAlive akan mengijinkan Berbagai jenis HTTP rikues dilakukan dalam satu koneksi. • KeepAlive = 15 detik • Setting ini akan melindungi Server dari Rikues Keepalive tanpa transaksi Saturday, November 12, 11
  • 34. Hardening Apache • AcceptFilter = http/https data • Melindungi dari jenis serangan, dimana attacker membuka koneksi via socket dan membiarkannya tanpa terjadinya transaksi data. Dengan mendefinisikan data pada http dan https akan meminimalisir jenis serangan ini. Saturday, November 12, 11
  • 37. Layer7 Denial Of Sevice Attack Mitigation IT LESEHAN - y3dips Saturday, November 12, 11