[OWASP-Malaysia] DDoS Defence Guide Released France CERT

Farhan Faisal farhanfaisal at gmail.com
Thu Jun 23 10:53:23 EDT 2011

Dos on dns level might happen, u can opt for 3rd party dns provider,yg ada
anycast routing,which might have geographically dispersed dns server. Lower
the risk of the dns server being taken down.

Issue of using 3rd party dns server is fine for me. U're outsourcing one
part of ur critical service enablement with them,yg mana mereka specialized
in that field. Some of them are ipv6 ready. Besides, u still have control
over the domain,to take that service out of the circle anytime u want,but
still kn consider dns propogation la

If someone would do a targeted attack to a site,the real ip is still
exposed, they can just directed the attack to the real ip. Cdn/cloudflare
might help to distribute the big bandwidth of the attack. If the attack goes
directly to the real ip,u still have to handle the bandwidth. Still,i do
think cdn is great for ur service delivery,and cloudflare have the
capability to filter common attack by default.

I think one approach is to monitor the ddos packet,and filter them
reactively, based on the characteristic and pattern. Packet
size,flag,pattern. so,do we have the device/software/tool that allow us to
do that? do we have any alerting mechanism that allow us to respond
accordingly,rather than plugout the cable?
Sure ada software/framework for this,anyone have any idea?
On Jun 23, 2011 10:14 AM, "Harisfazillah Jamel" <linuxmalaysia at gmail.com>
> Opps
> Just figure this out time bawa motor nak balik semalam.
> DDoS on the DNS itself. Setting 600 to may also a disadvantage if we
> dont have backup dns properly configure.
> http://en.wikipedia.org/wiki/Time_to_live
> Default 86400 seconds, which is 24 hours.
> My advice have a proper secondary DNS in place outsite the primary DNS
> Amir Haris, what do you think?
> On Wed, Jun 22, 2011 at 12:52 PM, Adnan Mohd Shukor
> <adnan.shukor at gmail.com> wrote:
>> Hash: SHA224
>> Yerp.. Cloudflare works as CDN and will monitor the traffic. It has the
>> capability to stop ddos as well..
>> hiding IP? hurm.. in MOST cases, MX or direct-connect.<some_host>.<tld>
>> is still pointing to the original IP :)
>> Thanks
> _______________________________________________
> OWASP-Malaysia mailing list
> OWASP-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> OWASP Malaysia Wiki
> http://www.owasp.my
> OWASP Malaysia Facebook
> http://www.facebook.com/OWASP.Malaysia
> OWASP Malaysia Twitter #owaspmy
> http://www.twitter.com/owaspmy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20110623/c06bdd75/attachment.html 

More information about the OWASP-Malaysia mailing list