[Owasp-cincinnati] Attack Recovery

Marco M. Morana marco.m.morana at gmail.com
Wed Jun 24 22:13:48 EDT 2009


can you explain better what you mean for:  "they are all attacks usual smattering of language and framework probe urls" ..

is this a bandwitdth attack like iFrame DDoS? I would think IP filtering of that amount of IPs is possible but is not the only defense of DDoS (*), you need to apply defense in depth at both network and application layer. At the network layer you can routing traffic to other servers, use DPI/packet dropping, set routers defenses like Ciso IOS, set Intrusion Prevention Systems defenses etc.  On the application it depends on what you can do with the web pages on the site, can you overload the web server with mutliple requests to visit web pages, do these have large images etc...

Hope you have some DDoS security expert reply to this post, I am not, sorry...hope this is usueful




  ----- Original Message ----- 
  From: Edward Sumerfield 
  To: OWASP Cincinnati 
  Sent: Wednesday, June 24, 2009 8:49 AM
  Subject: [Owasp-cincinnati] Attack Recovery

  I have a customer that is being hit with over 3 millions requests a day and they have no customers yet :-) They are all attacks with the usual smattering of language and framework probe urls.

  My initial response was to try to firewall block the requesting IPs but there are 21,000 unique source IPs driving the attack.


  1) Is it reasonable to block 21K IPs?

  2) is there another solution that I should be looking for?

  3) Is there a security consultant that we could hire to address this issue?

  Ed Sumerfield
  Ed Sumerfield Consulting, LLC


  Owasp-cincinnati mailing list
  Owasp-cincinnati at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20090624/a07a24fa/attachment.html 

More information about the Owasp-cincinnati mailing list