DDoSs and 
What the  Average Person 
Can Do About It
Tony Bemus
Penguicon 2019
What is it?
Who is doing it?
What do they use?
Why are they doing it?
How is it done?
Where do you fit in?

What is it
  • Describes the attacker  or source computers.
Denial of Service
  • Denies the resource to the users or customers
  • Affects the Availability of the resource
    (Website, internet access or other services)
State of the DDoS
Worldwide Infrastructure Security Report
1.7 TBPS attacks (Increase of 273%)
Cloud and CDN services

CIA Triad
Making sure the system
is available when
someone needs it.

 Keeping things secret
Insuring accurate or
unchanged info

Who is doing it? 
  • Nation States
  • Protesters
  • Criminal Organizations
  • Disgruntled workers 
  • Botnets are hijacked connected devices
               Compromised devices, home routers, IoT, etc
  • Spoofed IP addresses
  • Other servers on the internet (reflection/amplification attacks)
What do they use?
  • Extortion
  • Political Motivations
  • Hackivism
  • Competition
  • Vandalism
  • Distraction
HOW is it done? 
High Bandwidth Attacks
Traffic flood
       ICMP/Ping, SYN
      UDP: DNS, NTP 
Low Bandwidth Attacks
HOW is it done? 
Application attacks (L7)
  •  Slow Loris,
  •  HTTP GET flood,
  •  SIP invite flood,
HOW is it done? 
Connection Attacks
TCP Attack Flood:  TCP SYN, TCP FIN, TCP RST, TCP Flags
Wireshark Example of good TCP connections

 Wireshark pcap example of syn attack
Defensive Countermeasures
When an attack hits
  • More bandwidth
  • Work with ISP to block the traffic
                 (very difficult when the sources are distributed)
  •  Stateless packet filtering
          Always on and automated:  
                  Hardware appliance (Not Firewall or IPS)
                  Proxy / Cloud / redirection service

Proactive Countermeasures
    Take steps to not become part of a bot net

Where do you fit in
Patch your devices
Enable firewalls
Change Default passwords
Be vigilant against phishing attacks
Update your anti-virus and anti-maleware
A Cisco Guide to Defending Against Distributed Denial of Service Attacks
Arbor Networks and Silver Back communications
NetScout DDoS and Network Visibility
NetScout WISR
About me
Tony Bemus

Sunday Morning Linux Review
NetScout Arbor Cloud SOC

This Presentation: