Penguicon 2019 – DDOSs and What the Average Person Can Do About It

Slides (HTML Version) PDF Version
( Created on Strut.io )

DDOS
Distributed Denial of Service
Denial of Service
Affects the Availablity of the resource (Website, internet access or other services)
The Distributed part is talking about the attacker or source Computers.
Increases the impact of the attack when there is more computers attacking

CIA Triad
DOS affects the Availablity in realtion to the CIA triad
Confidentiality – Keeping things secret
Integrity – Insuring acurate or unchanged info
Availablity – Making sure the system us avilable when someone needs it.

Who
Who are they
attackers
Script kiddies
Hired thugs
Sources are distributed and spoofed IP addresses

Why
Extorsion
Vandalism
Distraction

How
High Bandwidth Attacks
Traffic flood
Ping/ICMP
Reflection or Amplification
UDP Based: DNS, TCP

Low Bandwidth Attacks
Application attacks (L7)
Slow Lorus, HTTP GET flood, SIP invite flood, dns amplification
TCP Attack Flood
TCP SYN, TCP FIN, TCP RST, TCP Flags
(Diagram of TCP 3 way hand shake)
Wireshark Example of good tcp connections

Wireshark pcap example of syn attack
TCP Connection attacks
Large number of half open connections or idle connections stopping other people from connecting
TCP Idle attack

Defensive Countermeasures
When an attack hits
More bandwidth
stateless packet filtering
Hardware appliance (Not Firewall or IPS)
Proxy / Cloud / CDN redirect service
Work with ISP to block the traffic
(very difficult when the sources are distributed)

Proactive Countermeasures
Take steps to not become part of a bot net
Patch your devices
Enable firewalls
Change Default passwords
be vigilant agains phishing attacks
update your anti-virus and anti-maleware

This presentation is licensed under the Creative Commons License CC-BY-SA

Creative Commons Licence
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.