Security Basics mailing list archives

Re: Diff ways to prevent DoS and DDoS

From: Todd Haverkos <infosec () haverkos com>
Date: Tue, 03 Apr 2012 08:09:58 -0500

"sneha.anand.26 () gmail com" <sneha.anand.26 () gmail com> writes:

What are the different ways to prevent DoS and DDoS other than checking the frequency or having a CAPTCHA??

...Unfortunately, neither of which work for DDOS, and will lose you
eyeballs.

Imagine your company has, a 10Mbps link to the internet.
Someone wielding a botnet that has a few Gbps of bandwidth at its
disposal is going to win.

This didn't happen, but the attacks using UDP are more than
enough to take hosted dns servers down. Slowloris can take lots of
web servers down, etc.
http://www.tomsguide.com/us/Anonymous-LulzSec-DDoS-DNS-AntiSec,news-14631.html

Mitigation will involve having an ISP that can be relatively
nimble in screening ddos traffic from you (you'd be surprised how
inflexible some are), and/or pushing your critical services out into
the cloud at a provider that is equipped to respond to such. A
financial ddos is possible though... if you're paying for bw, a ddos
can sure ring up a lot of traffic.

Here's aw hite paper that talks about Arbor Networks goodies and the
like.
http://www.arbornetworks.com/clean-pipes-2-0-a-complete-ddos-detection-solution.html

Here's one from Cisco
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5879/ps6264/ps5888/prod_white_paper0900aecd8011e927.html

--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Diff ways to prevent DoS and DDoS sneha.anand.26 () gmail com (Apr 03)
- Re: Diff ways to prevent DoS and DDoS Thugzclub (Apr 03)
  - Re: Diff ways to prevent DoS and DDoS Littlefield, Tyler (Apr 03)
    - RE: Diff ways to prevent DoS and DDoS David Gillett (Apr 03)
- Re: Diff ways to prevent DoS and DDoS Todd Haverkos (Apr 03)
- Re: Diff ways to prevent DoS and DDoS Don Thomas (Apr 24)
  - RE: Diff ways to prevent DoS and DDoS David Gillett (Apr 24)
    - Re: Diff ways to prevent DoS and DDoS _ (Apr 26)
    - Re: Diff ways to prevent DoS and DDoS Don Thomas (Apr 26)