SlideShare une entreprise Scribd logo

DDoS Attack Preparation and Mitigation

Jerod Brennen
Jerod Brennen

Layered controls to help you prepare for and defend yourself from a distributed denial of service (DDoS) attack.

Technologie
1  sur  20
Télécharger pour lire hors ligne
DDoS Attack Preparation and Mitigation Presented by Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis
Overview • What is a DDoS attack? • Why are these attacks launched? • How do we prepare? • How do we respond? • Resources
In the News… http://money.cnn.com/2012/09/27/technology/bank-cyberattacks/
DoS Attacks • Denial of Service o Network resources o Host resources o Application resources • Types o ICMP Flood • Smurf attack • Ping flood • Ping of death o SYN Flood • SYN – SYN/ACK… Wait. Where’s my ACK? • Unending knock-knock joke o Teardrop Attack o Low and Slow
DDoS Attacks • Distributed Denial of Service o Simultaneous attacks from multiple sources o Traditional countermeasures don’t work • Examples o Botnet downloads entire site, repeats ad nauseum o Abuse SSL negotiation phase
Why Launch a DDoS Attack? • Motive o Extortion o Revenge o Hacktivism o Unintentional (@feliciaday) • Means o Botnet • Infected machines • Voluntary (mobile devices?) o Availability of tools • Low Orbit Ion Cannon (LOIC) – TCP/UDP • slowhttptest – HTTP • Slowloris – HTTP • Opportunity o We’re talking about the INTERNET…
Preparation • Technical: Defense-in-Depth o Network o Operating System o Web/Application Server o Application • Procedural: Security Incident Response o Policy o Procedures o Tabletop Exercises
Preparation – Network Architecture • Align with Cisco SAFE security reference architecture o Redundancy • Deploy and tune tools o Intrusion Prevention System (IPS) o Security Information Event Management (SIEM) o Bandwidth Monitoring and Management o Anti-DDoS Hardware (*) • Cisco Guard / PrevenTier (Rackspace) • DOSarrest • RioRey • Evaluate IPv6 configurations
Preparation – Network Router • Enable Reverse Path Forwarding o ip verify unicast reverse path • Filter all RFC-1918 address spaces o 10.0.0.0 - 10.255.255.255 (10/8 prefix) o 169.254.0 – 169.254.255.255 (169.254/16 prefix) o 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) o 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) • Network Ingress Filtering, per RFC-2827 o Drop forged packets • Enforce rate limiting for ICMP and SYN packets
Preparation – Network Firewall • Deny private, illegal, and routable source IP’s o 0.0.0.0 o 10.0.0.0-10.255.255.255 o 127.0.0.0 o 172.16.0.0-172.31.255.255 o 192.168.0.0-192.168.255.255 o 240.0.0.0 o 255.255.255.255
Preparation - Operating System • Harden the Host o Center for Internet Security o DISA STIG’s • Defense Information Systems Agency Security Technical Implementation Guides o Vendor guides • Patch o Automate the process o Trust, but verify • Host Vulnerability Scans o DoS vulnerabilities
Preparation – Apache on Linux • Advanced Policy Firewall (APF) o iptables (netfilter) • (D)DoS Deflate o netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort –n o Automatically block attacking IP’s o Automatically unblock IP’s after x seconds • Apache modules o mod_evasive o mod_security
Preparation – IIS on Windows • UrlScan o Integrate with IIS o Mitigate SQL injection attacks o Restrict potentially malicious HTTP requests (web app firewall function) • Dynamic IP Restrictions o Requests over time o Deny action o Logging
Preparation - Application • Third Party Services o Akamai – Web Application Acceleration o Prolexic – Pipe Cleaner • Web App Firewall o Hosted o Cloud • Load Balancers o Take advantage of virtualization • Baseline Your Performance o Thresholds (Load Testing) o Source IP reports • Web Application Vulnerability Scan o DoS vulnerabilities o Vulnerable forms (CAPTCHA)
Mitigation - Network • Log analysis o Understand the attack o netstat, awk, grep • Contact your ISP o Drop attacking traffic before it hits any of your resources • Null route attackers o Example: ip route 192.168.0.0 255.255.0.0 Null0 • Implement yourgeographic IP rules o Deny all traffic from non-customer IP blocks • Enable third party services/solutions o Temporary o Cost
Mitigation – Host and App • Add additional servers o Temporary (co$t) o Again, take advantage of virtualization • Tighten web app firewall rules o Based on attack pattern
Contact Law Enforcement? • Pros o Prevent future attacks against your org o Prevent future attacks against other orgs • Cons o Attack becomes public record o Additional resources = time + money • Decide in writing what action you will take before an incident occurs.
Resources • Denial of Service Attacks Explained o CERT • http://www.cert.org/tech_tips/denial_of_service.html o Wikipedia • http://en.wikipedia.org/wiki/Denial-of-service_attack • RFC’s o RFC-1918 – Address Allocation for Private Internets • http://tools.ietf.org/html/rfc1918 o RFC-2827 – Network Ingress Filtering • http://www.ietf.org/rfc/rfc2827.txt • HardeningInformation o Center for Internet Security • http://www.cisecurity.org/ o Cisco SAFE • http://www.cisco.com/en/US/netsol/ns954/index.html o Country IP Blocks • http://www.countryipblocks.net/ o DISA STIG’s • http://iase.disa.mil/stigs/ o How to Protect Against Slow HTTP Attacks (via @Qualys) • https://community.qualys.com/blogs/securitylabs/2011/11/02/how-to-protect-against-slow-http- attacks
Resources (cont’d) • Tools o Low Orbit Ion Cannon • http://sourceforge.net/projects/loic/ • Installed on your iPhone: http://www.youtube.com/watch?v=9VxA_DSflG0 o slowhttptest • http://code.google.com/p/slowhttptest/ o Slowloris • http://ha.ckers.org/slowloris/ o Advanced Policy Firewall (APF) • http://www.rfxn.com/projects/advanced-policy-firewall/ o (D)DoS Deflate • http://deflate.medialayer.com/ o UrlScan • http://technet.microsoft.com/en-us/security/cc242650 o Dynamic IP Restrictions • http://www.iis.net/download/DynamicIPRestrictions • Apache Modules o Mod_evasive • http://www.topwebhosts.org/articles/mod_evasive.php o Mod_security • http://www.topwebhosts.org/articles/mod_security.php
Questions / Contact Info Jerod Brennen, CISSP http://www.linkedin.com/in/slandail http://twitter.com/#!/slandail http://www.jacadis.com/ contact@jacadis.com

Recommandé

SDN Fundamentals - short presentation
SDN Fundamentals - short presentationSDN Fundamentals - short presentation
SDN Fundamentals - short presentationAzhar Khuwaja
 
9534715
95347159534715
9534715Pavel Odintsov
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)btpsec
 
Threat hunting on the wire
Threat hunting on the wireThreat hunting on the wire
Threat hunting on the wireInfoSec Addicts
 
NMAP
NMAPNMAP
NMAPClub Scientifique de l'ESI - CSE
 
Taking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryTaking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryJoe Desimone
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatzBenjamin Delpy
 
Automating Network Infrastructure : Ansible
Automating Network Infrastructure : AnsibleAutomating Network Infrastructure : Ansible
Automating Network Infrastructure : AnsibleBangladesh Network Operators Group
 

Recommandé

SDN Fundamentals - short presentation
SDN Fundamentals - short presentationSDN Fundamentals - short presentation
SDN Fundamentals - short presentationAzhar Khuwaja
 
9534715
95347159534715
9534715Pavel Odintsov
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)btpsec
 
Threat hunting on the wire
Threat hunting on the wireThreat hunting on the wire
Threat hunting on the wireInfoSec Addicts
 
NMAP
NMAPNMAP
NMAPClub Scientifique de l'ESI - CSE
 
Taking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryTaking Hunting to the Next Level: Hunting in Memory
Taking Hunting to the Next Level: Hunting in MemoryJoe Desimone
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatzBenjamin Delpy
 
Automating Network Infrastructure : Ansible
Automating Network Infrastructure : AnsibleAutomating Network Infrastructure : Ansible
Automating Network Infrastructure : AnsibleBangladesh Network Operators Group
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentationSimon Vass
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNChao Chen
 
Iptables the Linux Firewall
Iptables the Linux Firewall Iptables the Linux Firewall
Iptables the Linux Firewall Syed fawad Gillani
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Cloud computing
Cloud computingCloud computing
Cloud computingmourad50
 
Introduction to OpenFlow
Introduction to OpenFlowIntroduction to OpenFlow
Introduction to OpenFlowJoel W. King
 
Introduction to WebSockets Presentation
Introduction to WebSockets PresentationIntroduction to WebSockets Presentation
Introduction to WebSockets PresentationJulien LaPointe
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Fluentd with MySQL
Fluentd with MySQLFluentd with MySQL
Fluentd with MySQLI Goo Lee
 
Alphorm.com Support Formation Hacking & Sécurité Expert Vulnérabilités Web
Alphorm.com Support Formation Hacking & Sécurité Expert Vulnérabilités WebAlphorm.com Support Formation Hacking & Sécurité Expert Vulnérabilités Web
Alphorm.com Support Formation Hacking & Sécurité Expert Vulnérabilités WebAlphorm
 
Security Onion
Security OnionSecurity Onion
Security Onionjohndegruyter
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
A Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxA Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxAndy Lee
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)Nadim Kadiwala
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with SnortNarudom Roongsiriwong, CISSP
 
Felicia Pillay CV
Felicia Pillay CVFelicia Pillay CV
Felicia Pillay CVFelicia Pillay
 
DDoS Attack illustration
DDoS Attack illustrationDDoS Attack illustration
DDoS Attack illustrationMarcelo Silva
 

Contenu connexe

Tendances

Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentationSimon Vass
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNChao Chen
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Cloud computing
Cloud computingCloud computing
Cloud computingmourad50
 
Introduction to OpenFlow
Introduction to OpenFlowIntroduction to OpenFlow
Introduction to OpenFlowJoel W. King
 
Introduction to WebSockets Presentation
Introduction to WebSockets PresentationIntroduction to WebSockets Presentation
Introduction to WebSockets PresentationJulien LaPointe
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Fluentd with MySQL
Fluentd with MySQLFluentd with MySQL
Fluentd with MySQLI Goo Lee
 
Alphorm.com Support Formation Hacking & Sécurité Expert Vulnérabilités Web
Alphorm.com Support Formation Hacking & Sécurité Expert Vulnérabilités WebAlphorm.com Support Formation Hacking & Sécurité Expert Vulnérabilités Web
Alphorm.com Support Formation Hacking & Sécurité Expert Vulnérabilités WebAlphorm
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
A Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxA Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxAndy Lee
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)Nadim Kadiwala
 

Tendances (20)

Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentation
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDN
 
Iptables the Linux Firewall
Iptables the Linux Firewall Iptables the Linux Firewall
Iptables the Linux Firewall
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Introduction to OpenFlow
Introduction to OpenFlowIntroduction to OpenFlow
Introduction to OpenFlow
 
Introduction to WebSockets Presentation
Introduction to WebSockets PresentationIntroduction to WebSockets Presentation
Introduction to WebSockets Presentation
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Fluentd with MySQL
Fluentd with MySQLFluentd with MySQL
Fluentd with MySQL
 
Alphorm.com Support Formation Hacking & Sécurité Expert Vulnérabilités Web
Alphorm.com Support Formation Hacking & Sécurité Expert Vulnérabilités WebAlphorm.com Support Formation Hacking & Sécurité Expert Vulnérabilités Web
Alphorm.com Support Formation Hacking & Sécurité Expert Vulnérabilités Web
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
 
A Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxA Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo Sandbox
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 

En vedette

DDoS Attack illustration
DDoS Attack illustrationDDoS Attack illustration
DDoS Attack illustrationMarcelo Silva
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 

En vedette (10)

Felicia Pillay CV
Felicia Pillay CVFelicia Pillay CV
Felicia Pillay CV
 
DDoS Attack illustration
DDoS Attack illustrationDDoS Attack illustration
DDoS Attack illustration
 
Immune Attack
Immune AttackImmune Attack
Immune Attack
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 

Similaire à DDoS Attack Preparation and Mitigation

DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
Combating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and AutomationCombating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and AutomationSagi Brody
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
DDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring ProjectDDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring ProjectAPNIC
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupmichaelxin2015
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationWilson Rogerio Lopes
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Eradicate the Bots in the Belfry - Information Security Summit - Eric Vanderburg
Eradicate the Bots in the Belfry - Information Security Summit - Eric VanderburgEradicate the Bots in the Belfry - Information Security Summit - Eric Vanderburg
Eradicate the Bots in the Belfry - Information Security Summit - Eric VanderburgEric Vanderburg
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talkkieranjacobsen
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
Network security basics
Network security basicsNetwork security basics
Network security basicsSkillspire LLC
 
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019kieranjacobsen
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasuresdkaya
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDebra Baker, CISSP CSSP
 
Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 PolandCloudflare
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 

Similaire à DDoS Attack Preparation and Mitigation (20)

DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
Combating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and AutomationCombating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and Automation
 
DDoS - unstoppable menace
DDoS - unstoppable menaceDDoS - unstoppable menace
DDoS - unstoppable menace
 
DDoS - unstoppable menace
DDoS - unstoppable menaceDDoS - unstoppable menace
DDoS - unstoppable menace
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
DDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring ProjectDDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring Project
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
Eradicate the Bots in the Belfry - Information Security Summit - Eric Vanderburg
Eradicate the Bots in the Belfry - Information Security Summit - Eric VanderburgEradicate the Bots in the Belfry - Information Security Summit - Eric Vanderburg
Eradicate the Bots in the Belfry - Information Security Summit - Eric Vanderburg
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talk
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
Network security basics
Network security basicsNetwork security basics
Network security basics
 
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
 
Security attacks
Security attacksSecurity attacks
Security attacks
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasures
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 Poland
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
 

Plus de Jerod Brennen

Embedding Security in the SDLC
Embedding Security in the SDLCEmbedding Security in the SDLC
Embedding Security in the SDLCJerod Brennen
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM MaturityJerod Brennen
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMJerod Brennen
 
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)Jerod Brennen
 
Automating Security Testing with the OWTF
Automating Security Testing with the OWTFAutomating Security Testing with the OWTF
Automating Security Testing with the OWTFJerod Brennen
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the thingsJerod Brennen
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
Running Your Apps Through the "Gauntlt"
Running Your Apps Through the "Gauntlt"Running Your Apps Through the "Gauntlt"
Running Your Apps Through the "Gauntlt"Jerod Brennen
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
 
Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development processJerod Brennen
 
Bridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapBridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapJerod Brennen
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsJerod Brennen
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 

Plus de Jerod Brennen (15)

Embedding Security in the SDLC
Embedding Security in the SDLCEmbedding Security in the SDLC
Embedding Security in the SDLC
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM Maturity
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAM
 
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
 
Automating Security Testing with the OWTF
Automating Security Testing with the OWTFAutomating Security Testing with the OWTF
Automating Security Testing with the OWTF
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the things
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
 
Running Your Apps Through the "Gauntlt"
Running Your Apps Through the "Gauntlt"Running Your Apps Through the "Gauntlt"
Running Your Apps Through the "Gauntlt"
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security Framework
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!
 
Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development process
 
Bridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapBridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit Gap
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile Applications
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
 

Dernier

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Dernier (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

DDoS Attack Preparation and Mitigation

  • 1. DDoS Attack Preparation and Mitigation Presented by Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis
  • 2. Overview • What is a DDoS attack? • Why are these attacks launched? • How do we prepare? • How do we respond? • Resources
  • 4. DoS Attacks • Denial of Service o Network resources o Host resources o Application resources • Types o ICMP Flood • Smurf attack • Ping flood • Ping of death o SYN Flood • SYN – SYN/ACK… Wait. Where’s my ACK? • Unending knock-knock joke o Teardrop Attack o Low and Slow
  • 5. DDoS Attacks • Distributed Denial of Service o Simultaneous attacks from multiple sources o Traditional countermeasures don’t work • Examples o Botnet downloads entire site, repeats ad nauseum o Abuse SSL negotiation phase
  • 6. Why Launch a DDoS Attack? • Motive o Extortion o Revenge o Hacktivism o Unintentional (@feliciaday) • Means o Botnet • Infected machines • Voluntary (mobile devices?) o Availability of tools • Low Orbit Ion Cannon (LOIC) – TCP/UDP • slowhttptest – HTTP • Slowloris – HTTP • Opportunity o We’re talking about the INTERNET…
  • 7. Preparation • Technical: Defense-in-Depth o Network o Operating System o Web/Application Server o Application • Procedural: Security Incident Response o Policy o Procedures o Tabletop Exercises
  • 8. Preparation – Network Architecture • Align with Cisco SAFE security reference architecture o Redundancy • Deploy and tune tools o Intrusion Prevention System (IPS) o Security Information Event Management (SIEM) o Bandwidth Monitoring and Management o Anti-DDoS Hardware (*) • Cisco Guard / PrevenTier (Rackspace) • DOSarrest • RioRey • Evaluate IPv6 configurations
  • 9. Preparation – Network Router • Enable Reverse Path Forwarding o ip verify unicast reverse path • Filter all RFC-1918 address spaces o 10.0.0.0 - 10.255.255.255 (10/8 prefix) o 169.254.0 – 169.254.255.255 (169.254/16 prefix) o 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) o 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) • Network Ingress Filtering, per RFC-2827 o Drop forged packets • Enforce rate limiting for ICMP and SYN packets
  • 10. Preparation – Network Firewall • Deny private, illegal, and routable source IP’s o 0.0.0.0 o 10.0.0.0-10.255.255.255 o 127.0.0.0 o 172.16.0.0-172.31.255.255 o 192.168.0.0-192.168.255.255 o 240.0.0.0 o 255.255.255.255
  • 11. Preparation - Operating System • Harden the Host o Center for Internet Security o DISA STIG’s • Defense Information Systems Agency Security Technical Implementation Guides o Vendor guides • Patch o Automate the process o Trust, but verify • Host Vulnerability Scans o DoS vulnerabilities
  • 12. Preparation – Apache on Linux • Advanced Policy Firewall (APF) o iptables (netfilter) • (D)DoS Deflate o netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort –n o Automatically block attacking IP’s o Automatically unblock IP’s after x seconds • Apache modules o mod_evasive o mod_security
  • 13. Preparation – IIS on Windows • UrlScan o Integrate with IIS o Mitigate SQL injection attacks o Restrict potentially malicious HTTP requests (web app firewall function) • Dynamic IP Restrictions o Requests over time o Deny action o Logging
  • 14. Preparation - Application • Third Party Services o Akamai – Web Application Acceleration o Prolexic – Pipe Cleaner • Web App Firewall o Hosted o Cloud • Load Balancers o Take advantage of virtualization • Baseline Your Performance o Thresholds (Load Testing) o Source IP reports • Web Application Vulnerability Scan o DoS vulnerabilities o Vulnerable forms (CAPTCHA)
  • 15. Mitigation - Network • Log analysis o Understand the attack o netstat, awk, grep • Contact your ISP o Drop attacking traffic before it hits any of your resources • Null route attackers o Example: ip route 192.168.0.0 255.255.0.0 Null0 • Implement yourgeographic IP rules o Deny all traffic from non-customer IP blocks • Enable third party services/solutions o Temporary o Cost
  • 16. Mitigation – Host and App • Add additional servers o Temporary (co$t) o Again, take advantage of virtualization • Tighten web app firewall rules o Based on attack pattern
  • 17. Contact Law Enforcement? • Pros o Prevent future attacks against your org o Prevent future attacks against other orgs • Cons o Attack becomes public record o Additional resources = time + money • Decide in writing what action you will take before an incident occurs.
  • 18. Resources • Denial of Service Attacks Explained o CERT • http://www.cert.org/tech_tips/denial_of_service.html o Wikipedia • http://en.wikipedia.org/wiki/Denial-of-service_attack • RFC’s o RFC-1918 – Address Allocation for Private Internets • http://tools.ietf.org/html/rfc1918 o RFC-2827 – Network Ingress Filtering • http://www.ietf.org/rfc/rfc2827.txt • HardeningInformation o Center for Internet Security • http://www.cisecurity.org/ o Cisco SAFE • http://www.cisco.com/en/US/netsol/ns954/index.html o Country IP Blocks • http://www.countryipblocks.net/ o DISA STIG’s • http://iase.disa.mil/stigs/ o How to Protect Against Slow HTTP Attacks (via @Qualys) • https://community.qualys.com/blogs/securitylabs/2011/11/02/how-to-protect-against-slow-http- attacks
  • 19. Resources (cont’d) • Tools o Low Orbit Ion Cannon • http://sourceforge.net/projects/loic/ • Installed on your iPhone: http://www.youtube.com/watch?v=9VxA_DSflG0 o slowhttptest • http://code.google.com/p/slowhttptest/ o Slowloris • http://ha.ckers.org/slowloris/ o Advanced Policy Firewall (APF) • http://www.rfxn.com/projects/advanced-policy-firewall/ o (D)DoS Deflate • http://deflate.medialayer.com/ o UrlScan • http://technet.microsoft.com/en-us/security/cc242650 o Dynamic IP Restrictions • http://www.iis.net/download/DynamicIPRestrictions • Apache Modules o Mod_evasive • http://www.topwebhosts.org/articles/mod_evasive.php o Mod_security • http://www.topwebhosts.org/articles/mod_security.php
  • 20. Questions / Contact Info Jerod Brennen, CISSP http://www.linkedin.com/in/slandail http://twitter.com/#!/slandail http://www.jacadis.com/ contact@jacadis.com