SlideShare uma empresa Scribd logo

Fighting DDOS attack with mikrotik

Achmad Mardiansyah
Achmad Mardiansyah

In this webinar, we were discussing about Distributed Denial Of Service (DDOS) attack, and how to deal with it. we discussed several features on mikrotik RouterOS that can be used as intrusion detection, firewall, and blackhole route. the recording is available on youtube (GLC NETWORKS CHANNEL): https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg

Internet
1 de 25
Baixar para ler offline
www.glcnetworks.com Fighting DDOS attack with GLC webinar, 6 april 2017 Achmad Mardiansyah achmad@glcnetworks.com GLC Networks, Indonesia 1
www.glcnetworks.com Agenda ● Introduction ● DDOS attack ● Mitigation ● Demo ● Q & A 2
www.glcnetworks.com What is GLC? ● Garda Lintas Cakrawala (www.glcnetworks.com) ● An Indonesian company ● Located in Bandung ● Areas: Training, IT Consulting ● Mikrotik Certified Training Partner ● Mikrotik Certified Consultant ● Mikrotik distributor 3
www.glcnetworks.com About GLC webinar? ● First webinar: january 1, 2010 (title: tahun baru bersama solaris - new year with solaris OS) ● As a sharing event with various topics: linux, networking, wireless, database, programming, etc ● Regular schedule: every 2 weeks ● Irregular schedule: as needed ● Checking schedule: http://www.glcnetworks.com/main/sc hedule ● You are invited to be a presenter ○ No need to be an expert ○ This is a forum for sharing: knowledge, experiences, information 4
www.glcnetworks.com Trainer Introduction ● Name: Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user since 1999 ● Mikrotik user since 2007 ● Certified Trainer (MTCNA/RE/WE/UME/INE/TCE) ● Mikrotik Certified Consultant ● Work: Telco engineer, Sysadmin, PHP programmer, and Lecturer ● Personal website: http://achmadjournal.com ● More info: http://au.linkedin.com/in/achmadmardiansyah 5
www.glcnetworks.com Please introduce yourself ● Your name ● Your company/university? ● Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? 6
www.glcnetworks.com What is Mikrotik? ● Name of a company ● A brand ● A program (e.g. mikrotik academy) ● Headquarter: Riga, Latvia 7
www.glcnetworks.com What are mikrotik products? ● Router OS ○ The OS. Specialized for networking ○ Website: www.mikrotik.com/download ● RouterBoard ○ The hardware ○ RouterOS installed ○ Website: www.routerboard.com 8
www.glcnetworks.com What Router OS can do? ● Go to www.mikrotik.com ○ Download: what_is_routeros.pdf ○ Download: product catalog ○ Download: newsletter 9
www.glcnetworks.com What are Mikrotik training & certifications? 10 Certificate validity is 3 years
www.glcnetworks.com DOS (Denial Of Service) 11
www.glcnetworks.com What is DOS (Denial Of Service)? ● DOS is a condition where a server cannot provide its service ● Some reasons: ○ Too many incoming request (very common reason) -> server busy -> server reject incoming request (denial) ○ Wrong configuration on server ● Common target server ○ Web server ○ FTP server ○ DNS server ○ Remote access (telnet, ssh) ● What if the request is real? ○ Popular website vs DOS? 12
www.glcnetworks.com How do a DOS happen? ● An update is relased -> normal ● Sudden event (news site effect) -> normal ● Rush hour -> normal ● When its close to a deadline -> normal ● Attacker setup a computer that generates lots of request to a target and keep doing it until server is very busy -> this is not normal 13
www.glcnetworks.com Why do people do DOS? ● Business competition ● Show off ● For fun ● Attract attention ● Hiding other facts ● Diversion of public attention ● Etc… you name it 14
www.glcnetworks.com What is DDOS (Distributed DOS)? ● DDOS means the DOS attack that is distributed to many computers ● Many (compromised) computers doing DOS, attacking same target ● The DDOS traffic can go more than hundreds mbps 15
www.glcnetworks.com How do i know its a DDOS? ● From your monitoring system (very common) ● Server log ● Report from users ● etc.. 16
www.glcnetworks.com Mitigation 17
www.glcnetworks.com DDOS mitigation 18 ● Passive ○ Setup intrusion detection in front of servers to detect an attack ○ Setup firewall in front of the servers which can suppress incoming traffic ○ Applying blackhole on router ● Active ○ Do coordination with CERT (Cyber Emergency Response Team) ○ Inform the origin ISP that one of its IP address is doing attack
www.glcnetworks.com What mikrotik can do? Mikrotik can be used for: ● Intrusion detection. Using firewall features: connection limit ● Firewall: recommended to use RAW table. See Firewall RAW presentation on MUM London 2016 ● Blackhole: using blackhole feature on router 19
www.glcnetworks.com Mikrotik for Intrusion detection (mangle) ● Connection limit ● Limit (match when limit is not exceeded) ● Destination limit ( match when given rate is exceeded) ● PSD (port scan detection) ● Use address list feature to list the IP address of attacker 20
www.glcnetworks.com Mikrotik for firewall ● Use RAW table with prerouting chain ● RAW table can save your CPU ● 21
www.glcnetworks.com Mikrotik for blackhole ● Using blackhole feature in routing table 22
www.glcnetworks.com QA 23
www.glcnetworks.com Interested? Just come to our training... Special price for webinar attendees… http://www.glcnetworks.c om/main/schedule 24
www.glcnetworks.com End of slides ● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback ● Like our facebook page: “GLC networks” ● Slide: http://www.slideshare.net/r41nbuw ● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg ● Stay tune with our schedule 25

Recomendados

01 introduction to mpls
01 introduction to mpls 01 introduction to mpls
01 introduction to mpls Achmad Mardiansyah
 
Solaris 10 Container
Solaris 10 ContainerSolaris 10 Container
Solaris 10 ContainerAchmad Mardiansyah
 
Backup & Restore (BR) in Solaris OS
Backup & Restore (BR) in Solaris OSBackup & Restore (BR) in Solaris OS
Backup & Restore (BR) in Solaris OSAchmad Mardiansyah
 
Mikrotik User Meeting Manila: bgp vs ospf
Mikrotik User Meeting Manila: bgp vs ospfMikrotik User Meeting Manila: bgp vs ospf
Mikrotik User Meeting Manila: bgp vs ospfAchmad Mardiansyah
 
PHPID online Learning #6 Migration from procedural to OOP
PHPID online Learning #6 Migration from procedural to OOPPHPID online Learning #6 Migration from procedural to OOP
PHPID online Learning #6 Migration from procedural to OOPAchmad Mardiansyah
 
Troubleshooting load balancing
Troubleshooting load balancingTroubleshooting load balancing
Troubleshooting load balancingAchmad Mardiansyah
 
ISP load balancing with mikrotik nth
ISP load balancing with mikrotik nthISP load balancing with mikrotik nth
ISP load balancing with mikrotik nthAchmad Mardiansyah
 
Mikrotik firewall mangle
Mikrotik firewall mangleMikrotik firewall mangle
Mikrotik firewall mangleAchmad Mardiansyah
 

Recomendados

01 introduction to mpls
01 introduction to mpls 01 introduction to mpls
01 introduction to mpls Achmad Mardiansyah
 
Solaris 10 Container
Solaris 10 ContainerSolaris 10 Container
Solaris 10 ContainerAchmad Mardiansyah
 
Backup & Restore (BR) in Solaris OS
Backup & Restore (BR) in Solaris OSBackup & Restore (BR) in Solaris OS
Backup & Restore (BR) in Solaris OSAchmad Mardiansyah
 
Mikrotik User Meeting Manila: bgp vs ospf
Mikrotik User Meeting Manila: bgp vs ospfMikrotik User Meeting Manila: bgp vs ospf
Mikrotik User Meeting Manila: bgp vs ospfAchmad Mardiansyah
 
PHPID online Learning #6 Migration from procedural to OOP
PHPID online Learning #6 Migration from procedural to OOPPHPID online Learning #6 Migration from procedural to OOP
PHPID online Learning #6 Migration from procedural to OOPAchmad Mardiansyah
 
Troubleshooting load balancing
Troubleshooting load balancingTroubleshooting load balancing
Troubleshooting load balancingAchmad Mardiansyah
 
ISP load balancing with mikrotik nth
ISP load balancing with mikrotik nthISP load balancing with mikrotik nth
ISP load balancing with mikrotik nthAchmad Mardiansyah
 
Mikrotik firewall mangle
Mikrotik firewall mangleMikrotik firewall mangle
Mikrotik firewall mangleAchmad Mardiansyah
 
Wireless CSMA with mikrotik
Wireless CSMA with mikrotikWireless CSMA with mikrotik
Wireless CSMA with mikrotikAchmad Mardiansyah
 
SSL certificate with mikrotik
SSL certificate with mikrotikSSL certificate with mikrotik
SSL certificate with mikrotikAchmad Mardiansyah
 
BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotikAchmad Mardiansyah
 
Mikrotik VRRP
Mikrotik VRRPMikrotik VRRP
Mikrotik VRRPAchmad Mardiansyah
 
Mikrotik fasttrack
Mikrotik fasttrackMikrotik fasttrack
Mikrotik fasttrackAchmad Mardiansyah
 
Mikrotik fastpath
Mikrotik fastpathMikrotik fastpath
Mikrotik fastpathAchmad Mardiansyah
 
Jumpstart your router with mikrotik quickset
Jumpstart your router with mikrotik quicksetJumpstart your router with mikrotik quickset
Jumpstart your router with mikrotik quicksetAchmad Mardiansyah
 
Mikrotik firewall NAT
Mikrotik firewall NATMikrotik firewall NAT
Mikrotik firewall NATAchmad Mardiansyah
 
Using protocol analyzer on mikrotik
Using protocol analyzer on mikrotikUsing protocol analyzer on mikrotik
Using protocol analyzer on mikrotikAchmad Mardiansyah
 
Routing Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikRouting Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikAchmad Mardiansyah
 
IPv6 on Mikrotik
IPv6 on MikrotikIPv6 on Mikrotik
IPv6 on MikrotikAchmad Mardiansyah
 
Mikrotik metarouter
Mikrotik metarouterMikrotik metarouter
Mikrotik metarouterAchmad Mardiansyah
 
Mikrotik firewall filter
Mikrotik firewall filterMikrotik firewall filter
Mikrotik firewall filterAchmad Mardiansyah
 
Mikrotik the dude
Mikrotik the dudeMikrotik the dude
Mikrotik the dudeAchmad Mardiansyah
 
Mikrotik API
Mikrotik APIMikrotik API
Mikrotik APIAchmad Mardiansyah
 
Using mikrotik with radius
Using mikrotik with radiusUsing mikrotik with radius
Using mikrotik with radiusAchmad Mardiansyah
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotikAchmad Mardiansyah
 
Mikrotik firewall raw table
Mikrotik firewall raw tableMikrotik firewall raw table
Mikrotik firewall raw tableAchmad Mardiansyah
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]Achmad Mardiansyah
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 

Mais conteúdo relacionado

Mais de Achmad Mardiansyah

Jumpstart your router with mikrotik quickset
Jumpstart your router with mikrotik quicksetJumpstart your router with mikrotik quickset
Jumpstart your router with mikrotik quicksetAchmad Mardiansyah
 
Using protocol analyzer on mikrotik
Using protocol analyzer on mikrotikUsing protocol analyzer on mikrotik
Using protocol analyzer on mikrotikAchmad Mardiansyah
 
Routing Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikRouting Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikAchmad Mardiansyah
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotikAchmad Mardiansyah
 
Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]Achmad Mardiansyah
 

Mais de Achmad Mardiansyah (20)

Wireless CSMA with mikrotik
Wireless CSMA with mikrotikWireless CSMA with mikrotik
Wireless CSMA with mikrotik
 
SSL certificate with mikrotik
SSL certificate with mikrotikSSL certificate with mikrotik
SSL certificate with mikrotik
 
BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotik
 
Mikrotik VRRP
Mikrotik VRRPMikrotik VRRP
Mikrotik VRRP
 
Mikrotik fasttrack
Mikrotik fasttrackMikrotik fasttrack
Mikrotik fasttrack
 
Mikrotik fastpath
Mikrotik fastpathMikrotik fastpath
Mikrotik fastpath
 
Jumpstart your router with mikrotik quickset
Jumpstart your router with mikrotik quicksetJumpstart your router with mikrotik quickset
Jumpstart your router with mikrotik quickset
 
Mikrotik firewall NAT
Mikrotik firewall NATMikrotik firewall NAT
Mikrotik firewall NAT
 
Using protocol analyzer on mikrotik
Using protocol analyzer on mikrotikUsing protocol analyzer on mikrotik
Using protocol analyzer on mikrotik
 
Routing Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikRouting Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on Mikrotik
 
IPv6 on Mikrotik
IPv6 on MikrotikIPv6 on Mikrotik
IPv6 on Mikrotik
 
Mikrotik metarouter
Mikrotik metarouterMikrotik metarouter
Mikrotik metarouter
 
Mikrotik firewall filter
Mikrotik firewall filterMikrotik firewall filter
Mikrotik firewall filter
 
Mikrotik the dude
Mikrotik the dudeMikrotik the dude
Mikrotik the dude
 
Mikrotik API
Mikrotik APIMikrotik API
Mikrotik API
 
Using mikrotik with radius
Using mikrotik with radiusUsing mikrotik with radius
Using mikrotik with radius
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotik
 
Mikrotik firewall raw table
Mikrotik firewall raw tableMikrotik firewall raw table
Mikrotik firewall raw table
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
 
Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]
 

Último

Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Internet of Things Presentation (IoT).pptx
Internet of Things Presentation (IoT).pptxInternet of Things Presentation (IoT).pptx
Internet of Things Presentation (IoT).pptxErYashwantJagtap
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 

Último (17)

Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Internet of Things Presentation (IoT).pptx
Internet of Things Presentation (IoT).pptxInternet of Things Presentation (IoT).pptx
Internet of Things Presentation (IoT).pptx
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 

Fighting DDOS attack with mikrotik

  • 1. www.glcnetworks.com Fighting DDOS attack with GLC webinar, 6 april 2017 Achmad Mardiansyah achmad@glcnetworks.com GLC Networks, Indonesia 1
  • 2. www.glcnetworks.com Agenda ● Introduction ● DDOS attack ● Mitigation ● Demo ● Q & A 2
  • 3. www.glcnetworks.com What is GLC? ● Garda Lintas Cakrawala (www.glcnetworks.com) ● An Indonesian company ● Located in Bandung ● Areas: Training, IT Consulting ● Mikrotik Certified Training Partner ● Mikrotik Certified Consultant ● Mikrotik distributor 3
  • 4. www.glcnetworks.com About GLC webinar? ● First webinar: january 1, 2010 (title: tahun baru bersama solaris - new year with solaris OS) ● As a sharing event with various topics: linux, networking, wireless, database, programming, etc ● Regular schedule: every 2 weeks ● Irregular schedule: as needed ● Checking schedule: http://www.glcnetworks.com/main/sc hedule ● You are invited to be a presenter ○ No need to be an expert ○ This is a forum for sharing: knowledge, experiences, information 4
  • 5. www.glcnetworks.com Trainer Introduction ● Name: Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user since 1999 ● Mikrotik user since 2007 ● Certified Trainer (MTCNA/RE/WE/UME/INE/TCE) ● Mikrotik Certified Consultant ● Work: Telco engineer, Sysadmin, PHP programmer, and Lecturer ● Personal website: http://achmadjournal.com ● More info: http://au.linkedin.com/in/achmadmardiansyah 5
  • 6. www.glcnetworks.com Please introduce yourself ● Your name ● Your company/university? ● Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? 6
  • 7. www.glcnetworks.com What is Mikrotik? ● Name of a company ● A brand ● A program (e.g. mikrotik academy) ● Headquarter: Riga, Latvia 7
  • 8. www.glcnetworks.com What are mikrotik products? ● Router OS ○ The OS. Specialized for networking ○ Website: www.mikrotik.com/download ● RouterBoard ○ The hardware ○ RouterOS installed ○ Website: www.routerboard.com 8
  • 9. www.glcnetworks.com What Router OS can do? ● Go to www.mikrotik.com ○ Download: what_is_routeros.pdf ○ Download: product catalog ○ Download: newsletter 9
  • 10. www.glcnetworks.com What are Mikrotik training & certifications? 10 Certificate validity is 3 years
  • 12. www.glcnetworks.com What is DOS (Denial Of Service)? ● DOS is a condition where a server cannot provide its service ● Some reasons: ○ Too many incoming request (very common reason) -> server busy -> server reject incoming request (denial) ○ Wrong configuration on server ● Common target server ○ Web server ○ FTP server ○ DNS server ○ Remote access (telnet, ssh) ● What if the request is real? ○ Popular website vs DOS? 12
  • 13. www.glcnetworks.com How do a DOS happen? ● An update is relased -> normal ● Sudden event (news site effect) -> normal ● Rush hour -> normal ● When its close to a deadline -> normal ● Attacker setup a computer that generates lots of request to a target and keep doing it until server is very busy -> this is not normal 13
  • 14. www.glcnetworks.com Why do people do DOS? ● Business competition ● Show off ● For fun ● Attract attention ● Hiding other facts ● Diversion of public attention ● Etc… you name it 14
  • 15. www.glcnetworks.com What is DDOS (Distributed DOS)? ● DDOS means the DOS attack that is distributed to many computers ● Many (compromised) computers doing DOS, attacking same target ● The DDOS traffic can go more than hundreds mbps 15
  • 16. www.glcnetworks.com How do i know its a DDOS? ● From your monitoring system (very common) ● Server log ● Report from users ● etc.. 16
  • 18. www.glcnetworks.com DDOS mitigation 18 ● Passive ○ Setup intrusion detection in front of servers to detect an attack ○ Setup firewall in front of the servers which can suppress incoming traffic ○ Applying blackhole on router ● Active ○ Do coordination with CERT (Cyber Emergency Response Team) ○ Inform the origin ISP that one of its IP address is doing attack
  • 19. www.glcnetworks.com What mikrotik can do? Mikrotik can be used for: ● Intrusion detection. Using firewall features: connection limit ● Firewall: recommended to use RAW table. See Firewall RAW presentation on MUM London 2016 ● Blackhole: using blackhole feature on router 19
  • 20. www.glcnetworks.com Mikrotik for Intrusion detection (mangle) ● Connection limit ● Limit (match when limit is not exceeded) ● Destination limit ( match when given rate is exceeded) ● PSD (port scan detection) ● Use address list feature to list the IP address of attacker 20
  • 21. www.glcnetworks.com Mikrotik for firewall ● Use RAW table with prerouting chain ● RAW table can save your CPU ● 21
  • 22. www.glcnetworks.com Mikrotik for blackhole ● Using blackhole feature in routing table 22
  • 24. www.glcnetworks.com Interested? Just come to our training... Special price for webinar attendees… http://www.glcnetworks.c om/main/schedule 24
  • 25. www.glcnetworks.com End of slides ● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback ● Like our facebook page: “GLC networks” ● Slide: http://www.slideshare.net/r41nbuw ● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg ● Stay tune with our schedule 25