Thanks Najmi for the link https://media.blackhat.com/bh-eu-11/Yuri_Gushin/BlackHat_EU_2011_GushinBehar_Building_Floodgates-Slides.pdf
On Thu, Jun 23, 2011 at 10:53 PM, Farhan Faisal <[email protected]> wrote: > Dos on dns level might happen, u can opt for 3rd party dns provider,yg ada > anycast routing,which might have geographically dispersed dns server. Lower > the risk of the dns server being taken down. > > Issue of using 3rd party dns server is fine for me. U're outsourcing one > part of ur critical service enablement with them,yg mana mereka specialized > in that field. Some of them are ipv6 ready. Besides, u still have control > over the domain,to take that service out of the circle anytime u want,but > still kn consider dns propogation la > > If someone would do a targeted attack to a site,the real ip is still > exposed, they can just directed the attack to the real ip. Cdn/cloudflare > might help to distribute the big bandwidth of the attack. If the attack goes > directly to the real ip,u still have to handle the bandwidth. Still,i do > think cdn is great for ur service delivery,and cloudflare have the > capability to filter common attack by default. > > I think one approach is to monitor the ddos packet,and filter them > reactively, based on the characteristic and pattern. Packet > size,flag,pattern. so,do we have the device/software/tool that allow us to > do that? do we have any alerting mechanism that allow us to respond > accordingly,rather than plugout the cable? > Sure ada software/framework for this,anyone have any idea? > > On Jun 23, 2011 10:14 AM, "Harisfazillah Jamel" <[email protected]> > wrote: >> Opps >> >> Just figure this out time bawa motor nak balik semalam. >> >> DDoS on the DNS itself. Setting 600 to may also a disadvantage if we >> dont have backup dns properly configure. >> >> http://en.wikipedia.org/wiki/Time_to_live >> >> Default 86400 seconds, which is 24 hours. >> >> My advice have a proper secondary DNS in place outsite the primary DNS >> network. >> >> Amir Haris, what do you think? >> >> On Wed, Jun 22, 2011 at 12:52 PM, Adnan Mohd Shukor >> <[email protected]> wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA224 >>> >>> Yerp.. Cloudflare works as CDN and will monitor the traffic. It has the >>> capability to stop ddos as well.. >>> >>> hiding IP? hurm.. in MOST cases, MX or direct-connect.<some_host>.<tld> >>> is still pointing to the original IP :) >>> >>> Thanks >>> >> _______________________________________________ _______________________________________________ OWASP-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.my OWASP Malaysia Facebook http://www.facebook.com/OWASP.Malaysia OWASP Malaysia Twitter #owaspmy http://www.twitter.com/owaspmy
