SlideShare uma empresa Scribd logo

DDoS handlering

Sumedt Jitpukdebodin
Sumedt Jitpukdebodin

What is DoS? DDoS? And how to handle it.

Tecnologia
1 de 18
Baixar para ler offline
DDoS Handlering By Sumedt Jitpukdebodin
whoami • Name: Sumedt Jitpukdebodin • Website: www.r00tsec.com, www.techsuii.com • Jobs: Senior Security Researcher@I-SECURE, Writer of “Network Security - ก้าวแรกสู่นักทดสอบและป้องกันการเจาะระบบ” • Hobby: Hacking, Forensic, Linux, Android, Writing • Social Network & Another story of me: Please Google
CIA • Confidentiality • Integrity • Availability
DoS vs DDoS • Old day hacking - Modern day hacking • Vulnerability of system - Flood of traffic • one by one - one by many
Example of DoS • ICMP Attack • Ping of death • Smurf Attack • Ping Flood • SYN flood attack • Half Connection Attack • Unending knock knock • Application Layer • Low and slow attack • Etc.
DDoS • Simultaneous attack from multiple sources
New Era of DDoS • Amplification
Amplification • Response = 5-6 xRequest • NTP • DNS
Statistic of DDoS Source:: Verisign’s Distributed Denial of Service Trends Report 2014
DDoS as a Service Source:: Verisign’s Distributed Denial of Service Trends Report 2014
Show Time
Migration • IDS/IPS • Incident Response • SIEM • Log Management • Rate Limit • Firewall • Firewall @Company • Firewall @ISP • Firewall @your server • Web Application Firewall
Protect your server to be a tool of hacker • NTP • DNS
Web Server X DDoS • Apache (with mod_evasion) • DOSHashTableSize 2048 • DOSPageCount 20 # maximum number of requests for the same page • DOSSiteCount 300 # total number of requests for any object by the same client IP on the same listener • DOSPageInterval 1.0 # interval for the page count threshold • DOSSiteInterval 1.0 # interval for the site count threshold • DOSBlockingPeriod 10.0 # time that a client IP will be blocked for • DOSLogDir “/var/log/apache2/evasive” • DOSEmailNotify admin@domain.com
Web Server X DDoS(2) • Nginx • client_body_buffer_size 128k; • large_client_header_buffers 4 256k; • limit_req_zone $binary_remote_addr zone=name:16m rate=1r/s; • limit_req_zone $http_x_forwarded_for zone=name:16m rate=1r/s;
–Anonymous “Security can’t be 100% for sure.”
Thank you for watching
Reference • https://labs.opendns.com/2014/03/17/dns-amplification-attacks/ • https://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack/ • https://community.qualys.com/blogs/securitylabs/2014/01/21/how-qualysguard-detects-vulnerability- to-ntp-amplification-attacks • http://www.slideshare.net/JerodBrennenCISSP/ddos-attack-preparation-and-mitigation-27027980 • http://www.i-secure.co.th/2014/07/%E0%B8%A3%E0%B8%B0%E0%B8%9A%E0%B8%9A %E0%B8%82%E0%B8%AD %E0%B8%87%E0%B8%84%E0%B8%B8%E0%B8%93%E0%B9%80%E0%B8%95%E0%B8%A3%E0 %B8%B5%E0%B8%A2%E0%B8%A1-ddos/ • http://securityaffairs.co/wordpress/33916/cyber-crime/verisign-ddos-attacks-as-a-service.html • http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html • http://www.techrepublic.com/blog/smb-technologist/secure-your-apache-server-from-ddos-slowloris- and-dns-injection-attacks/ • http://www.helicontech.com/ape/doc/mod_evasive.htm

Recomendados

Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Xss attack
Xss attackXss attack
Xss attackAmbuj Kumar
 
"There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow""There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow"Christiaan Beek
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dossadhana21297
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
Denial of Service Attacks: The Complete Guide
Denial of Service Attacks: The Complete GuideDenial of Service Attacks: The Complete Guide
Denial of Service Attacks: The Complete GuideImperva
 

Recomendados

Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Xss attack
Xss attackXss attack
Xss attackAmbuj Kumar
 
"There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow""There's a pot of Bitcoins behind the ransomware rainbow"
"There's a pot of Bitcoins behind the ransomware rainbow"Christiaan Beek
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dossadhana21297
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
Denial of Service Attacks: The Complete Guide
Denial of Service Attacks: The Complete GuideDenial of Service Attacks: The Complete Guide
Denial of Service Attacks: The Complete GuideImperva
 
Cyber security and its defence (updated)
Cyber security and its defence (updated)Cyber security and its defence (updated)
Cyber security and its defence (updated)Parshu Ram
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksVitor Jesus
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016TierPoint
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS AttackRedZone Technologies
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.
 
Botconf ppt
Botconf pptBotconf ppt
Botconf pptCloudflare
 
Layer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosLayer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosfangjiafu
 
Layer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosLayer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosfangjiafu
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks Anuradha Moti T
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]Radware
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiProfessor Lili Saghafi
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
THE CYBER-DOME
THE CYBER-DOMETHE CYBER-DOME
THE CYBER-DOMEDina Beer
 
Adarsh-PPT-FCF-12-thm.ppt
Adarsh-PPT-FCF-12-thm.pptAdarsh-PPT-FCF-12-thm.ppt
Adarsh-PPT-FCF-12-thm.pptFridha2
 
Aleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksAleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksDipesh Karade
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 
How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environmentSumedt Jitpukdebodin
 
Phishing
PhishingPhishing
PhishingSumedt Jitpukdebodin
 

Mais conteúdo relacionado

Semelhante a DDoS handlering

Cyber security and its defence (updated)
Cyber security and its defence (updated)Cyber security and its defence (updated)
Cyber security and its defence (updated)Parshu Ram
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016TierPoint
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.
 
Layer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosLayer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosfangjiafu
 
Layer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosLayer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosfangjiafu
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]Radware
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiProfessor Lili Saghafi
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
THE CYBER-DOME
THE CYBER-DOMETHE CYBER-DOME
THE CYBER-DOMEDina Beer
 
Adarsh-PPT-FCF-12-thm.ppt
Adarsh-PPT-FCF-12-thm.pptAdarsh-PPT-FCF-12-thm.ppt
Adarsh-PPT-FCF-12-thm.pptFridha2
 
Aleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksAleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksDipesh Karade
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 

Semelhante a DDoS handlering (20)

Cyber security and its defence (updated)
Cyber security and its defence (updated)Cyber security and its defence (updated)
Cyber security and its defence (updated)
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAF
 
Botconf ppt
Botconf pptBotconf ppt
Botconf ppt
 
Layer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosLayer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dos
 
Layer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosLayer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dos
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
 
THE CYBER-DOME
THE CYBER-DOMETHE CYBER-DOME
THE CYBER-DOME
 
Adarsh-PPT-FCF-12-thm.ppt
Adarsh-PPT-FCF-12-thm.pptAdarsh-PPT-FCF-12-thm.ppt
Adarsh-PPT-FCF-12-thm.ppt
 
Aleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksAleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS Attacks
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
 

Mais de Sumedt Jitpukdebodin

How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environmentSumedt Jitpukdebodin
 
Web architecture mechanism and threats
Web architecture mechanism and threatsWeb architecture mechanism and threats
Web architecture mechanism and threatsSumedt Jitpukdebodin
 
Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breachSumedt Jitpukdebodin
 
What should I do when my website got hack?
What should I do when my website got hack?What should I do when my website got hack?
What should I do when my website got hack?Sumedt Jitpukdebodin
 
Web Architecture - Mechanism and Threats
Web Architecture - Mechanism and ThreatsWeb Architecture - Mechanism and Threats
Web Architecture - Mechanism and ThreatsSumedt Jitpukdebodin
 

Mais de Sumedt Jitpukdebodin (14)

How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environment
 
Phishing
PhishingPhishing
Phishing
 
Which side are you
Which side are youWhich side are you
Which side are you
 
Endpoint is not enough
Endpoint is not enoughEndpoint is not enough
Endpoint is not enough
 
Antivirus is hopeless
Antivirus is hopelessAntivirus is hopeless
Antivirus is hopeless
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
 
R u hacked
R u hackedR u hacked
R u hacked
 
Web architecture mechanism and threats
Web architecture mechanism and threatsWeb architecture mechanism and threats
Web architecture mechanism and threats
 
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysis
 
Security awareness training
Security awareness trainingSecurity awareness training
Security awareness training
 
Hacking with paper
Hacking with paperHacking with paper
Hacking with paper
 
Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breach
 
What should I do when my website got hack?
What should I do when my website got hack?What should I do when my website got hack?
What should I do when my website got hack?
 
Web Architecture - Mechanism and Threats
Web Architecture - Mechanism and ThreatsWeb Architecture - Mechanism and Threats
Web Architecture - Mechanism and Threats
 

Último

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 

Último (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 

DDoS handlering

  • 2. whoami • Name: Sumedt Jitpukdebodin • Website: www.r00tsec.com, www.techsuii.com • Jobs: Senior Security Researcher@I-SECURE, Writer of “Network Security - ก้าวแรกสู่นักทดสอบและป้องกันการเจาะระบบ” • Hobby: Hacking, Forensic, Linux, Android, Writing • Social Network & Another story of me: Please Google
  • 4. DoS vs DDoS • Old day hacking - Modern day hacking • Vulnerability of system - Flood of traffic • one by one - one by many
  • 5. Example of DoS • ICMP Attack • Ping of death • Smurf Attack • Ping Flood • SYN flood attack • Half Connection Attack • Unending knock knock • Application Layer • Low and slow attack • Etc.
  • 6. DDoS • Simultaneous attack from multiple sources
  • 7. New Era of DDoS • Amplification
  • 8. Amplification • Response = 5-6 xRequest • NTP • DNS
  • 9. Statistic of DDoS Source:: Verisign’s Distributed Denial of Service Trends Report 2014
  • 10. DDoS as a Service Source:: Verisign’s Distributed Denial of Service Trends Report 2014
  • 12. Migration • IDS/IPS • Incident Response • SIEM • Log Management • Rate Limit • Firewall • Firewall @Company • Firewall @ISP • Firewall @your server • Web Application Firewall
  • 13. Protect your server to be a tool of hacker • NTP • DNS
  • 14. Web Server X DDoS • Apache (with mod_evasion) • DOSHashTableSize 2048 • DOSPageCount 20 # maximum number of requests for the same page • DOSSiteCount 300 # total number of requests for any object by the same client IP on the same listener • DOSPageInterval 1.0 # interval for the page count threshold • DOSSiteInterval 1.0 # interval for the site count threshold • DOSBlockingPeriod 10.0 # time that a client IP will be blocked for • DOSLogDir “/var/log/apache2/evasive” • DOSEmailNotify admin@domain.com
  • 15. Web Server X DDoS(2) • Nginx • client_body_buffer_size 128k; • large_client_header_buffers 4 256k; • limit_req_zone $binary_remote_addr zone=name:16m rate=1r/s; • limit_req_zone $http_x_forwarded_for zone=name:16m rate=1r/s;
  • 18. Reference • https://labs.opendns.com/2014/03/17/dns-amplification-attacks/ • https://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack/ • https://community.qualys.com/blogs/securitylabs/2014/01/21/how-qualysguard-detects-vulnerability- to-ntp-amplification-attacks • http://www.slideshare.net/JerodBrennenCISSP/ddos-attack-preparation-and-mitigation-27027980 • http://www.i-secure.co.th/2014/07/%E0%B8%A3%E0%B8%B0%E0%B8%9A%E0%B8%9A %E0%B8%82%E0%B8%AD %E0%B8%87%E0%B8%84%E0%B8%B8%E0%B8%93%E0%B9%80%E0%B8%95%E0%B8%A3%E0 %B8%B5%E0%B8%A2%E0%B8%A1-ddos/ • http://securityaffairs.co/wordpress/33916/cyber-crime/verisign-ddos-attacks-as-a-service.html • http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html • http://www.techrepublic.com/blog/smb-technologist/secure-your-apache-server-from-ddos-slowloris- and-dns-injection-attacks/ • http://www.helicontech.com/ape/doc/mod_evasive.htm