4. DoS vs DDoS
• Old day hacking - Modern day hacking
• Vulnerability of system - Flood of traffic
• one by one - one by many
5. Example of DoS
• ICMP Attack
• Ping of death
• Smurf Attack
• Ping Flood
• SYN flood attack
• Half Connection Attack
• Unending knock knock
• Application Layer
• Low and slow attack
• Etc.
14. Web Server X DDoS
• Apache (with mod_evasion)
• DOSHashTableSize 2048
• DOSPageCount 20 # maximum number of requests for the same page
• DOSSiteCount 300 # total number of requests for any object by the same
client IP on the same listener
• DOSPageInterval 1.0 # interval for the page count threshold
• DOSSiteInterval 1.0 # interval for the site count threshold
• DOSBlockingPeriod 10.0 # time that a client IP will be blocked for
• DOSLogDir “/var/log/apache2/evasive”
• DOSEmailNotify admin@domain.com
15. Web Server X DDoS(2)
• Nginx
• client_body_buffer_size 128k;
• large_client_header_buffers 4 256k;
• limit_req_zone $binary_remote_addr
zone=name:16m rate=1r/s;
• limit_req_zone $http_x_forwarded_for
zone=name:16m rate=1r/s;