Security Basics mailing list archives
Re: mcafee DDOS solution
From: pentester <pentester () surfhier nl>
Date: Wed, 4 Jul 2012 12:17:53 +0200
I'm sorry to say, but a company or individual can not protect against DDos on layer 4. Not even with an Allot ServiceProtector. I'm sure the Allot ServiceProtector can detect a DDoS and drop packets after it is determined they are malicious, but it can't prevent the packets are delivered to the Allot ServiceProtector itself. And DoSsing the Allot ServiceProtector also means that all services protected by it are DoSsed as well. Imagine this: a security guard is protecting the entrance of a supermarket and only allow entrance to real customers (let's assume the guard can tell the difference between bad and good customers). Now a football/soccer/baseball stadium full of people approach the supermarket. The entrance is blocked, because the street can't handle that amount of simultaneous pedestrians. The security guard makes sure the bad traffic is dropped (exits through a facility that can handle this enormous load. Now the good traffic, all three of them, can't reach the entrance because 50.000 pieces of bad traffic is blocking it. The supermarket is DoSsed, no matter how good the security guard does it's job. The comparison is not completely valid. In real, a DoS in the internet world is even worse. Even if there is some magic that reduces the effect of the DDoS, the attacker can always decide to saturate the victim's access router, making even the Allot ServiceProtector inaccessible. The Allot ServiceProtector would probably help to prevent that you DoS something :-) Cor On Jul 4, 2012, at 11:30 AM, Yannick Chanoine wrote:
Hi, You can act on DDoS on Layer 4 and apply policies to shape traffic : http://www.allot.com/Service_Protector.html (previously Esphion) http://www.arbornetworks.com/arbor-pravail-availability-protection-system.ht ml Regards, Yannick -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de alain.karioty () corero com Envoyé : mercredi 4 juillet 2012 10:52 À : security-basics () securityfocus com Objet : Re: Re: mcafee DDOS solution ISP can block volumetric DDoS attacks (layer 2/3). When the attack is build with tools like LOIC, SLOW LORIS, HULK, Hping,... the ISP cannot do anything. The ISP only count packets and look on traffic anomaly. All the tools used today for DDoS are working on layer 7 and have similar behaviour as a legitimate connection. The right strategy is ISP service for volumetric attacks and on premise DDoS Defense solution for Layer 7 attacks, reflective attacks (spoofing), specially crafted packets attacks and other kind of attacks which may be generated by internal hosts compromised. Regards, ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Re: mcafee DDOS solution alain . karioty (Jul 04)
- RE: Re: mcafee DDOS solution Yannick Chanoine (Jul 04)
- Re: mcafee DDOS solution pentester (Jul 04)
- RE: mcafee DDOS solution Yannick Chanoine (Jul 04)
- Re: mcafee DDOS solution pentester (Jul 04)
- RE: Re: mcafee DDOS solution Yannick Chanoine (Jul 04)