Security Basics mailing list archives
RE: mcafee DDOS solution
From: "Yannick Chanoine" <ychanoine () interdata fr>
Date: Wed, 4 Jul 2012 13:39:20 +0200
These tools are proposed to companies in order to give information on botnet propagation, outgoing spam or, as you say, outgoing DDoS Regarding DDos the only approach (IMHO) is to filter or shape on the ISP's backbones or peering points, where bandwidth is not a matter. If you filter suspicious traffic in places where bandwidth is not a problem, then you "solve" the problem. Back to your example, you can avoid the traffic jam by : - filtering the hooligans right out the stadium (outgoing DDoS filtered at the company or individual access point); --> financial and technical problems will seriously limit this option - filtering and shaping traffic on the highway (left lane for actual customers, middle lane for neighborhood, right lane for tourists, toll for hooligans...). Regards, Yannick -----Message d'origine----- De : pentester [mailto:pentester () surfhier nl] Envoyé : mercredi 4 juillet 2012 12:18 À : Yannick Chanoine Cc : security-basics () securityfocus com Objet : Re: mcafee DDOS solution I'm sorry to say, but a company or individual can not protect against DDos on layer 4. Not even with an Allot ServiceProtector. I'm sure the Allot ServiceProtector can detect a DDoS and drop packets after it is determined they are malicious, but it can't prevent the packets are delivered to the Allot ServiceProtector itself. And DoSsing the Allot ServiceProtector also means that all services protected by it are DoSsed as well. Imagine this: a security guard is protecting the entrance of a supermarket and only allow entrance to real customers (let's assume the guard can tell the difference between bad and good customers). Now a football/soccer/baseball stadium full of people approach the supermarket. The entrance is blocked, because the street can't handle that amount of simultaneous pedestrians. The security guard makes sure the bad traffic is dropped (exits through a facility that can handle this enormous load. Now the good traffic, all three of them, can't reach the entrance because 50.000 pieces of bad traffic is blocking it. The supermarket is DoSsed, no matter how good the security guard does it's job. The comparison is not completely valid. In real, a DoS in the internet world is even worse. Even if there is some magic that reduces the effect of the DDoS, the attacker can always decide to saturate the victim's access router, making even the Allot ServiceProtector inaccessible. The Allot ServiceProtector would probably help to prevent that you DoS something :-) Cor On Jul 4, 2012, at 11:30 AM, Yannick Chanoine wrote:
Hi, You can act on DDoS on Layer 4 and apply policies to shape traffic : http://www.allot.com/Service_Protector.html (previously Esphion) http://www.arbornetworks.com/arbor-pravail-availability-protection-sys tem.ht ml Regards, Yannick -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de alain.karioty () corero com Envoyé : mercredi 4 juillet 2012 10:52 À : security-basics () securityfocus com Objet : Re: Re: mcafee DDOS solution ISP can block volumetric DDoS attacks (layer 2/3). When the attack is build with tools like LOIC, SLOW LORIS, HULK, Hping,... the ISP cannot do anything. The ISP only count packets and look on traffic anomaly. All the tools used today for DDoS are working on layer 7 and have similar behaviour as a legitimate connection. The right strategy is ISP service for volumetric attacks and on premise DDoS Defense solution for Layer 7 attacks, reflective attacks (spoofing), specially crafted packets attacks and other kind of attacks which may be generated by internal hosts compromised. Regards, ---------------------------------------------------------------------- -- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4 42f727 d1 ---------------------------------------------------------------------- -- ---------------------------------------------------------------------- -- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4 42f727d1 ---------------------------------------------------------------------- --
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Re: mcafee DDOS solution alain . karioty (Jul 04)
- RE: Re: mcafee DDOS solution Yannick Chanoine (Jul 04)
- Re: mcafee DDOS solution pentester (Jul 04)
- RE: mcafee DDOS solution Yannick Chanoine (Jul 04)
- Re: mcafee DDOS solution pentester (Jul 04)
- RE: Re: mcafee DDOS solution Yannick Chanoine (Jul 04)