DDoS Attacks and Countermeasures

11,202 views

Published on

DDoS Attacks and Countermeasures

Published in: Technology, News & Politics
1 Comment
3 Likes
Statistics
Notes
No Downloads
Views
Total views
11,202
On SlideShare
0
From Embeds
0
Number of Embeds
84
Actions
Shares
0
Downloads
370
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

DDoS Attacks and Countermeasures

  1. 1. DDoS Attacks & Countermeasures <ul><li>Duong Ngoc Thai </li></ul><ul><li><thaidn AT gmail DOT com> </li></ul>http://vnhacker.blogspot.com
  2. 2. Hello!
  3. 3. Overview <ul><li>DDoS Attacks </li></ul><ul><ul><li>What's new? </li></ul></ul><ul><li>DDoS Countermeasures </li></ul><ul><ul><li>What NOT to do? </li></ul></ul><ul><ul><li>What to do? </li></ul></ul><ul><li>Q & A </li></ul>
  4. 4. Part I <ul><li>DDoS Attacks – What's new? </li></ul><ul><ul><li>Botnet Attacks </li></ul></ul><ul><ul><ul><li>DRDoS </li></ul></ul></ul><ul><ul><ul><li>Distributed Reflected DNS Attacks </li></ul></ul></ul><ul><ul><li>xFlash Attacks </li></ul></ul><ul><ul><ul><li>HTTP-based applications </li></ul></ul></ul><ul><ul><ul><li>Welcome to the brave new world of Flash 9 Socket </li></ul></ul></ul>
  5. 5. What is botnet?
  6. 6. DDoS Attacks through Botnet <ul><li>Traditional DDoS Attacks </li></ul><ul><li>DRDoS </li></ul>
  7. 7. DDoS Attacks through Botnet <ul><li>Distributed Reflected DNS Attacks </li></ul>
  8. 8. Okay, botnet is scary . But wait, there's no botnet in VN, YET!
  9. 9. Bad news: building a botnet is easy! <ul><ul><li>bot source code is available for free! some even released under GPL ! </li></ul></ul>
  10. 10. Bad news: building a botnet is easy! <ul><ul><li>Gái đẹp online đây bà con ơi!!!! Remember </li></ul></ul><ul><ul><li>gaixinh or xRobot ? </li></ul></ul>
  11. 11. Bad news: building a botnet is easy! <ul><ul><li>I don't want to pay for software! </li></ul></ul><ul><ul><li>ever wonder what those keygen.exe or crack.exe </li></ul></ul><ul><ul><li>actually do? </li></ul></ul><ul><ul><li>no license --> no update --> hack me please! </li></ul></ul><ul><ul><li>(hint: use Linux ) </li></ul></ul>
  12. 12. Bad news: building a botnet is easy! <ul><ul><li>can't build yourself? buy one online! </li></ul></ul>
  13. 13. Vietnam Botnet Factbook
  14. 14. What's xFlash? <ul><ul><li>ActionScript in Flash can send HTTP requests to 3rd party sites through the browser which invoked it. </li></ul></ul>
  15. 15. What's xFlash? <ul><ul><li>The main DDoS attack mechanism used to attack many websites in VN: hvaonline.net, vietco.com, ddth.com , <insert your sites here>, etc... </li></ul></ul>
  16. 16. xFlash to attack HTTP-based applications <ul><li><insert x-flash source code here> </li></ul>
  17. 17. xFlash to attack HTTP-based applications <ul><li>forging HTTP request headers </li></ul><ul><li>var req:LoadVars=new LoadVars(); </li></ul><ul><li>req.addRequestHeader(&quot;Foo&quot;,&quot;Bar&quot;); </li></ul><ul><li>req.send(&quot;http://www.site.com/index.php&quot;,&quot;_blank&quot;,&quot; GET &quot;); </li></ul>
  18. 18. xFlash to attack HTTP-based applications <ul><li>forging HTTP request headers </li></ul><ul><li>var req:LoadVars=new LoadVars(); </li></ul><ul><li>req.addRequestHeader(&quot;Foo&quot;,&quot;Bar&quot;); </li></ul><ul><li>req.decode(&quot;a=b&c=d&quot;); </li></ul><ul><li>req.send(&quot;http://www.site.com/index.php&quot;,&quot;_blank&quot;,&quot; POST &quot;); </li></ul>
  19. 19. Welcome to The Brave New World of Flash 9 Socket <ul><li>Quote from Flash 9 documentation </li></ul><ul><li>“ The Socket class enables ActionScript code to make socket connections and to read and write raw binary data. The Socket class is useful for working with servers that use binary protocols.” </li></ul>
  20. 20. Welcome to The Brave New World of Flash 9 Socket <ul><li>Quote from Flash 9 documentation </li></ul><ul><li>“ The Socket class enables ActionScript code to make socket connections and to read and write raw binary data. The Socket class is useful for working with servers that use binary protocols.” </li></ul>Let's port nmap to ActionScript !
  21. 21. Welcome to The Brave New World of Flash 9 Socket <ul><li>Quote from Flash 9 documentation </li></ul><ul><li>“ The Socket class enables ActionScript code to make socket connections and to read and write raw binary data. The Socket class is useful for working with servers that use binary protocols.” </li></ul><ul><li>Let's port nmap to ActionScript ! </li></ul><ul><ul><li>Err wait, how about same origin policy ? </li></ul></ul>
  22. 22. Part II <ul><li>DDoS Countermeasures </li></ul><ul><ul><li>DON'T </li></ul></ul><ul><ul><ul><li>.htaccess </li></ul></ul></ul><ul><ul><ul><li>referer checking </li></ul></ul></ul><ul><ul><ul><li>PHP anti-DDoS script </li></ul></ul></ul><ul><ul><li>DOs </li></ul></ul><ul><ul><ul><li>performance tuning - killing the bottlenecks </li></ul></ul></ul><ul><ul><ul><li>start small, think big </li></ul></ul></ul><ul><ul><ul><li>defense in depth </li></ul></ul></ul>
  23. 23. First thing first: SHOW ME THE MONEY
  24. 24. Security is always a trade-off
  25. 25. The Art Of Performance Tuning <ul><li>What is performance? </li></ul>
  26. 26. The Art Of Performance Tuning <ul><li>What is performance? </li></ul><ul><li>rps = requests per second </li></ul><ul><li>cu = concurrent users </li></ul>
  27. 27. Howto Find The Bottlenecks <ul><li>code profiling – xdebug </li></ul><ul><li>system profiling – oprofile </li></ul><ul><li>database query profiling </li></ul>
  28. 28. Caching's Your Good Friend, Always <ul><li>opcode caching – APC, Zend Platform </li></ul><ul><li>object caching – memcached </li></ul><ul><li>http request caching - squid </li></ul>
  29. 29. Start Small Think BIG <ul><li>what is scalability? </li></ul>
  30. 30. Start Small Think BIG <ul><li>what is scalability? </li></ul><ul><li>readily enlarged </li></ul><ul><li>what is scalable system? </li></ul><ul><ul><li>able to accommodate increased usage </li></ul></ul><ul><ul><li>able to accommodate an increased dataset </li></ul></ul><ul><ul><li>maintainable </li></ul></ul>
  31. 31. Hello, world! Is Very Scalable <ul><li><?php </li></ul><ul><li>sleep(1); </li></ul><ul><ul><li>echo “Hello, world!”; </li></ul></ul><ul><li>?> </li></ul>
  32. 32. Verizontal vs Horizontal Scaling
  33. 33. Share Nothing Architecture
  34. 34. Scaling The Database With SNA
  35. 35. Scaling The Storage <ul><li>Amazon S3 anybody? </li></ul>
  36. 36. Wikipedia: a scalable system
  37. 37. The Blueprint of Defense In Depth
  38. 38. The case for the reverse proxy
  39. 39. Recommend Reading <ul><li>Building scalable web sites </li></ul><ul><li>Kí sự các vụ DDoS vào HVAOnline.net </li></ul>
  40. 40. DDoS Attacks & Countermeasures <ul><li>Thank you! </li></ul><ul><li>Questions/Comments? </li></ul>Duong Ngoc Thai

×