Educause Security Discussion mailing list archives
Distributed Denial of Service Mitigation and Contingency
From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 9 Jun 2006 16:20:22 -0400
Hi, In a contingency management planning meeting today we were discussing distributed denial of service attack scenarios, ways to minimize their effects, and response strategies. We were wondering how other institutions viewed the risk and what they were doing in this area. If you'd be willing to share your thoughts, experiences, and techniques, online or offline, in full or in part, I'll collect and summarize responses anonymously ( assuming I get any ). 1. What is the threat or probability of a distributed denial of service attack against your institution over the next three years? If the answer is "unknown" or "unknown but finite": a. What amount of one time and recurring expenditure would be justified to help preserve services during limited, low grade attacks where probability is unknown? Where would you spend it? b. What amount of one time and recurring expenditure would be justified to attempt to preserve services in face of overwhelming traffic where probability is unknown and success is doubtful? Where would you spend it? 2. Do you have a device that preserves services in the face of a TCP SYN type denial of service attack? If so, what kind. 3. Do you have a device that preserves services in the face of an ICMP flooding denial of service attack? If so, what kind. 4. Do you have a device that preserves services in the face of a UDP bandwidth flooding attack? If so, what kind? 5. Do you have a device that preserves DNS services in the face of a UDP DNS request flooding attack? If so, what kind and how does it differentiate good requests from bad? 6. Does your ISP provide mitigation of denial of service attacks? If so, what services do they offer? Traffic filtering? Source tracking? Rate limiting? Something else? 7. What type of contingency plans do you have for a large, sustained inbound denial of service attack that overwhelms available bandwidth for days or longer? 8. Have you been the victim of a distributed denial of service attack? If so, a. How many? b. What type? c. When? d. What level of traffic? e. What percentage of your bandwidth? f. How effective were your prevention techniques at preserving services? g. How effective were your response techniques at preserving services? h. How effective were your response techniques at tracing and stopping the attack? i. Anything you'd do differently? j. How long and in what ways were university services affected? k. Do you know what instigated the attack? Thanks for any and all responses. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Distributed Denial of Service Mitigation and Contingency Gary Flynn (Jun 09)