Dos on dns level might happen, u can opt for 3rd party dns provider,yg ada anycast routing,which might have geographically dispersed dns server. Lower the risk of the dns server being taken down.
Issue of using 3rd party dns server is fine for me. U're outsourcing one part of ur critical service enablement with them,yg mana mereka specialized in that field. Some of them are ipv6 ready. Besides, u still have control over the domain,to take that service out of the circle anytime u want,but still kn consider dns propogation la If someone would do a targeted attack to a site,the real ip is still exposed, they can just directed the attack to the real ip. Cdn/cloudflare might help to distribute the big bandwidth of the attack. If the attack goes directly to the real ip,u still have to handle the bandwidth. Still,i do think cdn is great for ur service delivery,and cloudflare have the capability to filter common attack by default. I think one approach is to monitor the ddos packet,and filter them reactively, based on the characteristic and pattern. Packet size,flag,pattern. so,do we have the device/software/tool that allow us to do that? do we have any alerting mechanism that allow us to respond accordingly,rather than plugout the cable? Sure ada software/framework for this,anyone have any idea? On Jun 23, 2011 10:14 AM, "Harisfazillah Jamel" <[email protected]> wrote: > Opps > > Just figure this out time bawa motor nak balik semalam. > > DDoS on the DNS itself. Setting 600 to may also a disadvantage if we > dont have backup dns properly configure. > > http://en.wikipedia.org/wiki/Time_to_live > > Default 86400 seconds, which is 24 hours. > > My advice have a proper secondary DNS in place outsite the primary DNS network. > > Amir Haris, what do you think? > > On Wed, Jun 22, 2011 at 12:52 PM, Adnan Mohd Shukor > <[email protected]> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA224 >> >> Yerp.. Cloudflare works as CDN and will monitor the traffic. It has the >> capability to stop ddos as well.. >> >> hiding IP? hurm.. in MOST cases, MX or direct-connect.<some_host>.<tld> >> is still pointing to the original IP :) >> >> Thanks >> > _______________________________________________ > OWASP-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.my > > OWASP Malaysia Facebook > http://www.facebook.com/OWASP.Malaysia > > OWASP Malaysia Twitter #owaspmy > http://www.twitter.com/owaspmy
_______________________________________________ OWASP-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.my OWASP Malaysia Facebook http://www.facebook.com/OWASP.Malaysia OWASP Malaysia Twitter #owaspmy http://www.twitter.com/owaspmy
