[Owasp-Malaysia] [osdcmy-public] Protecting From DDOS

Harisfazillah Jamel linuxmalaysia at gmail.com
Sun Sep 12 10:59:27 EDT 2010


Thanks, this information keep me more want to dig in to know more....

I dont know how far our ISP willing to help website owner during MSDOS
- multi-source denial of service. (thanks Harish) I do hear ISP cancel
an account and ask the owner to find other ISP. I believe that to goal
of the attack. Making sure the ISP will cancel the owner account and
no where to host it...

On Sun, Sep 12, 2010 at 7:55 PM, Ihsan Junaidi Ibrahim
<ihsan.junaidi at gmail.com> wrote:
> Additionally there's a third method but this relies on your provider
> to manually drop every single suspected IPs attacking your resources.
> Sure this is effective for probably 10 attackers but in case of
> botnets, the attack is probably over by the time their done updating
> their ACLs.
> On 12 September 2010 19:53, Ihsan Junaidi Ibrahim
> <ihsan.junaidi at gmail.com> wrote:
>> Salam,
>> Stopping DDOS at the perimeter is not the solution in the case of DDOS
>> targeting resources/bandwidth saturation. The only solution is to get
>> your upstream provider to drop the malicious traffic in their network
>> before it enters your network. This can be done by BGP blackhole
>> (traditional way) or the more recent, flowspec. This is probably the
>> only effective way against botnet-initiated DDOS attacks. If they have
>> the resources, running their own BGP is always recommended.
>> Dropping traffic within your network only works if you have an obscene
>> amount of upstream bandwidth that can never, ever be saturated which
>> is of course, is not a reality here in Malaysia.
>> CDN works if the CDN provider have their own DDOS mitigation mechanism
>> but I believe they are using either one of the 2 methods above. The
>> first one is nasty, they'll blackhole all access to your designated
>> IPs and the latter is much more refined but unsupported by many
>> carriers.

More information about the Owasp-Malaysia mailing list