Security Basics
RE: Re: DDoS protection Jun 18 2014 03:10PM
Lance Lassetter (lancelassetter gmail com) (1 replies)
Re: Re: DDoS protection Jun 19 2014 04:50PM
Kellstr (kellstr gmail com) (2 replies)
Re: DDoS protection Jun 20 2014 02:47PM
Hartley, Christopher J. (hartley 87 osu edu) (1 replies)
RE: DDoS protection Jun 20 2014 04:56PM
Wagner, Brett (Brett Wagner bowheadsupport com) (2 replies)
RE: DDoS protection Jun 20 2014 06:49PM
Sardina, Dominick (Dominick Sardina pseg com) (2 replies)
RE: DDoS protection Jun 23 2014 04:02PM
Mikhail A. Utin (mutin commonwealthcare org) (1 replies)
RE: DDoS protection Jun 25 2014 10:56AM
Marios Stylianou (styllosmarios gmail com) (1 replies)
Re: DDoS protection Jun 25 2014 12:52PM
Comp Pycho (computer pycho gmail com) (1 replies)
RE: DDoS protection Jun 25 2014 01:36PM
Mikhail A. Utin (mutin commonwealthcare org)
RE: DDoS protection Jun 23 2014 02:47PM
Phillip Lofaso (Phillip Lofaso prihcs com)
Re: DDoS protection Jun 20 2014 05:46PM
Kellstr (kellstr gmail com)
We have seen some ridiculously large attacks against small customers.
These attacks are dirt cheap to use against anyone connected to the
Internet. If the amount of malicious traffic exceeds your circuit
bandwidth there is little you can do from your end. Flowspec would
only be useful if you had a very small pool of sources or could put a
very specific rule in place.

My favorite filter is a rate limiter that basically says if a single
src IP exceeds X Mbps/Y pps it's blackholed for some amount of time.
After than it gets re-evaluated. If the traffic from the IP obeys the
rules of behavior that IP can interact with the site. And that's
something that would be difficult to accomplish with sending out
FlowSpec rules. By creating filters that define proper behavior I
don't have to play whack-a-mole against the attacker blocking each new
src IP or vector they use. There will always be some tuning that needs
to be done, these guys will find new ways to attack. But if you can
enforce good behavior rules on visitors to a site you can really
reduce the attack vectors.

Ultimately, if you have resources on the Internet you need to evaluate
the risks involved. Can you take down time? If so, how long? Do you
need a full-blown DDoS Solution or would a CDN (like Akamai) provide
enough of a buffer? And don't forget to diversify the datacenters your
resources are located in. Maybe you never take an attack but your
neighbor in the next cage does. Doesn't matter, your still down.

Kelly

On Fri, Jun 20, 2014 at 12:56 PM, Wagner, Brett
<Brett.Wagner (at) bowheadsupport (dot) com [email concealed]> wrote:
> IMHO - I am not a fan of all the mumbo jumbo that goes along with the "Cloud" like it is a new invention. I worked at GTE/BBN in 1999 and we were selling all the same crap back then. With that said and having worked at EMC for a while you can have a "Cloud" on premises just means you have the hardware in one of your company locations. You can have private, shared, public or a combo.
>
> It is the same evolution as IT security circa 1970-80s (Rainbow Book Series days), then Information Security circa 1990s, then Information Assurance circa late 90s early 2000s and now Cyber Security. With each name change consultants and companies can charge more for the same ultimate goal with each name change.
>
> OK I will now get off my soapbox.
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Hartley, Christopher J.
> Sent: Friday, June 20, 2014 10:48 AM
> To: Kellstr
> Cc: security-basics (at) securityfocus (dot) com [email concealed]
> Subject: Re: DDoS protection
>
> This is a little confusing; â??cloudâ?, â??on-premiseâ? etcâ?¦ weird.
>
> By â??Cloud,â? it seem like we mean â??by providerâ? (makes sense).
>
> On-premise is the best way to detect an attack imo, since the victim network knows whatâ??s good and whatâ??s not (or shouldâ?¦.).
>
> So I think the best solution involves some kind of remote blackhole or ideally, perhaps flowspec.
>
> I donâ??t think itâ??s a problem that requires spending significant money.
>
> Chris
>
> On Jun 19, 2014, at 12:50 PM, Kellstr <kellstr (at) gmail (dot) com [email concealed]> wrote:
>
>> Disclaimer: I work for a company which offers a DDoS Protection Service.
>>
>> The advantage of a service "in the cloud" is that if an attack exceeds
>> your circuit bandwidth the provider will be able to drop the malicious
>> traffic. That cannot be done at your premise. Both Arbor and Radware
>> offer strong appliances that can clean up smaller attacks at your
>> premise and can send a signal to the provider if they support that
>> service. You can block traffic using IPS's but keep in mind they are
>> not designed for a volumetric attack and may be overwhelmed.
>>
>> On Wed, Jun 18, 2014 at 11:10 AM, Lance Lassetter
>> <lancelassetter (at) gmail (dot) com [email concealed]> wrote:
>>> What about Suricata or Snort IDS in IPS mode?
>>>
>>> On Jun 18, 2014 8:43 AM, "Mikhail A. Utin" <mutin (at) commonwealthcare (dot) org [email concealed]> wrote:
>>>>
>>>> As you indicated " Although we're small, We're an organization playing with ($,¥,�,£) exchanges" you are on client side rather than on server. If that is right, you do not need to bother with DDoS protection, which is against server side.
>>>> Mikhail
>>>>
>>>> -----Original Message-----
>>>> From: listbounce (at) securityfocus (dot) com [email concealed]
>>>> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of
>>>> kartik.netec (at) gmail (dot) com [email concealed]
>>>> Sent: Wednesday, June 18, 2014 12:49 AM
>>>> To: security-basics (at) securityfocus (dot) com [email concealed]
>>>> Subject: Re: Re: DDoS protection
>>>>
>>>> Hi,
>>>>
>>>> Thanks for your replies.
>>>>
>>>> Noted the points raised by Jacint and Kelly Keeton. I appreciate that.
>>>>
>>>> May I be kind to seek an opinion/ arguments suggesting if the In-house appliances are more "intelligent" thwarting the application level DOS/ DDoS attacks as compared to ISP provided DOS protection wherein it may even fail to detect them. or if there are other benefits owning an In-house product?
>>>>
>>>> As far as Cons are concerned, I feel that the appliance may add some latency which may create issues wherein a latency of milliseconds count.
>>>>
>>>> Although we're small, We're an organization playing with ($,¥,�,£) exchanges and heavily regulated by the Government.
>>>>
>>>> Thanks,
>>>> KT
>>>>
>>>> --------------------------------------------------------------------
>>>> ---- Securing Apache Web Server with thawte Digital Certificate In
>>>> this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>>>
>>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6b
>>>> e442f727d1
>>>> --------------------------------------------------------------------
>>>> ----
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE: This email communication and any attachments
>>>> may contain confidential and privileged information for the use of
>>>> the designated recipients named above. If you are not the intended
>>>> recipient, you are hereby notified that you have received this
>>>> communication in error and that any review, disclosure,
>>>> dissemination, distribution or copying of it or its contents is
>>>> prohibited. If you have received this communication in error, please
>>>> reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org.
>>>>
>>
>>
>>
>> --
>> Laws alone cannot secure freedom of expression; in order that every
>> man present his views without penalty there must be spirit of
>> tolerance in the entire population. - Albert Einstein
>>
>> ----------------------------------------------------------------------
>> -- Securing Apache Web Server with thawte Digital Certificate In this
>> guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
>> 42f727d1
>> ----------------------------------------------------------------------
>> --
>>
>>
>
>
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>
>

--
Laws alone cannot secure freedom of expression; in order that every
man present his views without penalty there must be spirit of
tolerance in the entire population. - Albert Einstein

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
RE: Re: DDoS protection Jun 20 2014 02:40PM
Mikhail A. Utin (mutin commonwealthcare org) (1 replies)
RE: Re: DDoS protection Jun 20 2014 06:47PM
Sardina, Dominick (Dominick Sardina pseg com) (1 replies)
RE: Re: DDoS protection Jun 23 2014 01:32AM
Jess Vermont (jvermont scottrade com)


 

Privacy Statement
Copyright 2010, SecurityFocus