[OWASP-Malaysia] DDoS Defence Guide Released France CERT

Harisfazillah Jamel linuxmalaysia at gmail.com
Wed Jun 29 12:02:26 EDT 2011

Thanks Najmi for the link


On Thu, Jun 23, 2011 at 10:53 PM, Farhan Faisal <farhanfaisal at gmail.com> wrote:
> Dos on dns level might happen, u can opt for 3rd party dns provider,yg ada
> anycast routing,which might have geographically dispersed dns server. Lower
> the risk of the dns server being taken down.
> Issue of using 3rd party dns server is fine for me. U're outsourcing one
> part of ur critical service enablement with them,yg mana mereka specialized
> in that field. Some of them are ipv6 ready. Besides, u still have control
> over the domain,to take that service out of the circle anytime u want,but
> still kn consider dns propogation la
> If someone would do a targeted attack to a site,the real ip is still
> exposed, they can just directed the attack to the real ip. Cdn/cloudflare
> might help to distribute the big bandwidth of the attack. If the attack goes
> directly to the real ip,u still have to handle the bandwidth. Still,i do
> think cdn is great for ur service delivery,and cloudflare have the
> capability to filter common attack by default.
> I think one approach is to monitor the ddos packet,and filter them
> reactively, based on the characteristic and pattern. Packet
> size,flag,pattern. so,do we have the device/software/tool that allow us to
> do that? do we have any alerting mechanism that allow us to respond
> accordingly,rather than plugout the cable?
> Sure ada software/framework for this,anyone have any idea?
> On Jun 23, 2011 10:14 AM, "Harisfazillah Jamel" <linuxmalaysia at gmail.com>
> wrote:
>> Opps
>> Just figure this out time bawa motor nak balik semalam.
>> DDoS on the DNS itself. Setting 600 to may also a disadvantage if we
>> dont have backup dns properly configure.
>> http://en.wikipedia.org/wiki/Time_to_live
>> Default 86400 seconds, which is 24 hours.
>> My advice have a proper secondary DNS in place outsite the primary DNS
>> network.
>> Amir Haris, what do you think?
>> On Wed, Jun 22, 2011 at 12:52 PM, Adnan Mohd Shukor
>> <adnan.shukor at gmail.com> wrote:
>>> Hash: SHA224
>>> Yerp.. Cloudflare works as CDN and will monitor the traffic. It has the
>>> capability to stop ddos as well..
>>> hiding IP? hurm.. in MOST cases, MX or direct-connect.<some_host>.<tld>
>>> is still pointing to the original IP :)
>>> Thanks
>> _______________________________________________

More information about the OWASP-Malaysia mailing list