DDoSs and 
What the  Average Person 
Can Do About It
Tony Bemus
Penguicon 2019
bemushosting.com/security
What is it?
Who is doing it?
What do they use?
Why are they doing it?
How is it done?
Where do you fit in?
DDoS
DDoS
What is it
Distributed
  • Describes the attacker  or source computers.
Denial of Service
  • Denies the resource to the users or customers
  • Affects the Availability of the resource
    (Website, internet access or other services)
State of the DDoS
Worldwide Infrastructure Security Report
1.7 TBPS attacks (Increase of 273%)
Cloud and CDN services
https://www.netscout.com/report/
Availability?
CIA Triad
Making sure the system
is available when
someone needs it.
 Keeping things secret
Insuring accurate or
unchanged info
Who is doing it? 
  • Nation States
  • Protesters
  • Criminal Organizations
  • Disgruntled workers 
  • Botnets are hijacked connected devices
               Compromised devices, home routers, IoT, etc
  • Spoofed IP addresses
  • Other servers on the internet (reflection/amplification attacks)
What do they use?
Why?
  • Extortion
  • Political Motivations
  • Hackivism
  • Competition
  • Vandalism
  • Distraction
HOW is it done? 
High Bandwidth Attacks
Traffic flood
       ICMP/Ping, SYN
Reflection,
Amplification 
      UDP: DNS, NTP 
Low Bandwidth Attacks
HOW is it done? 
Application attacks (L7)
  •  Slow Loris,
  •  HTTP GET flood,
  •  SIP invite flood,
HOW is it done? 
Connection Attacks
TCP Attack Flood:  TCP SYN, TCP FIN, TCP RST, TCP Flags
Wireshark Example of good TCP connections
 

 Wireshark pcap example of syn attack
Defensive Countermeasures
When an attack hits
  • More bandwidth
  • Work with ISP to block the traffic
                 (very difficult when the sources are distributed)
  •  Stateless packet filtering
          Always on and automated:  
                  Hardware appliance (Not Firewall or IPS)
                  Proxy / Cloud / redirection service

Proactive Countermeasures
    Take steps to not become part of a bot net
 
Where do you fit in
Patch your devices
Enable firewalls
Change Default passwords
Be vigilant against phishing attacks
Update your anti-virus and anti-maleware
Sources
https://www.cisco.com/c/en/us/about/security-center/guide-ddos-defense.html
A Cisco Guide to Defending Against Distributed Denial of Service Attacks
http://sbnetworkit.com/arbor-networks/
Arbor Networks and Silver Back communications
NetScout DDoS and Network Visibility
https://www.netscout.com/arbor-ddos
https://www.netscout.com/report/
NetScout WISR
About me
Tony Bemus

Bemushosting 
      https://bemushosting.com
Sunday Morning Linux Review
      https://smlr.us
NetScout Arbor Cloud SOC
     https://www.netscout.com/arbor-ddos


This Presentation:
https://bemushosting.com/security