Home page logo
/

basics logo Security Basics mailing list archives

RE: mcafee DDOS solution
From: "Yannick Chanoine" <ychanoine () interdata fr>
Date: Wed, 4 Jul 2012 13:39:20 +0200

These tools are proposed to companies in order to give information on botnet
propagation, outgoing spam or, as you say, outgoing DDoS
Regarding DDos the only approach (IMHO) is to filter or shape on the ISP's
backbones or peering points, where bandwidth is not a matter.
If you filter suspicious traffic in places where bandwidth is not a problem,
then you "solve" the problem.

Back to your example, you can avoid the traffic jam by : 
- filtering the hooligans right out the stadium (outgoing DDoS filtered at
the company or individual access point); --> financial and technical
problems will seriously limit this option
- filtering and shaping traffic on the highway (left lane for actual
customers, middle lane for neighborhood, right lane for tourists, toll for
hooligans...).

Regards,

Yannick 


-----Message d'origine-----
De : pentester [mailto:pentester () surfhier nl] 
Envoyé : mercredi 4 juillet 2012 12:18
À : Yannick Chanoine
Cc : security-basics () securityfocus com
Objet : Re: mcafee DDOS solution

I'm sorry to say, but a company or individual can not protect against DDos
on layer 4. Not even with an Allot ServiceProtector. I'm sure the Allot
ServiceProtector can detect a DDoS and drop packets after it is determined
they are malicious, but it can't prevent the packets are delivered to the
Allot ServiceProtector itself. And DoSsing the Allot ServiceProtector also
means that all services protected by it are DoSsed as well. 

Imagine this: a security guard is protecting the entrance of a supermarket
and only allow entrance to real customers (let's assume the guard can tell
the difference between bad and good customers). Now a
football/soccer/baseball stadium full of people approach the supermarket.
The entrance is blocked, because the street can't handle that amount of
simultaneous pedestrians. The security guard makes sure the bad traffic is
dropped (exits through a facility that can handle this enormous load. Now
the good traffic, all three of them, can't reach the entrance because 50.000
pieces of bad traffic is blocking it. The supermarket is DoSsed, no matter
how good the security guard does it's job.

The comparison is not completely valid. In real, a DoS in the internet world
is even worse. Even if there is some magic that reduces the effect of the
DDoS, the attacker can always decide to saturate the victim's access router,
making even the Allot ServiceProtector inaccessible.

The Allot ServiceProtector would probably help to prevent that you DoS
something :-)

Cor

On Jul 4, 2012, at 11:30 AM, Yannick Chanoine wrote:

Hi,

You can act on DDoS on Layer 4 and apply policies to shape traffic : 

http://www.allot.com/Service_Protector.html (previously Esphion)

http://www.arbornetworks.com/arbor-pravail-availability-protection-sys
tem.ht
ml

Regards,


Yannick

-----Message d'origine-----
De : listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] De la part de 
alain.karioty () corero com Envoyé : mercredi 4 juillet 2012 10:52 À : 
security-basics () securityfocus com Objet : Re: Re: mcafee DDOS solution

ISP can block volumetric DDoS attacks (layer 2/3).

When the attack is build with tools like LOIC, SLOW LORIS, HULK, Hping,...
the ISP cannot do anything.

The ISP only count packets and look on traffic anomaly. All the tools 
used today for DDoS are working on layer 7 and have similar behaviour 
as a legitimate connection.

The right strategy is ISP service for volumetric attacks and on 
premise DDoS Defense solution for Layer 7 attacks, reflective attacks 
(spoofing), specially crafted packets attacks and other kind of 
attacks which may be generated by internal hosts compromised.

Regards,

----------------------------------------------------------------------
-- Securing Apache Web Server with thawte Digital Certificate In this 
guide we examine the importance of Apache-SSL and who needs an SSL 
certificate.  We look at how SSL works, how it benefits your company 
and how your customers can tell if a site is secure. You will find out 
how to test, purchase, install and use a thawte Digital Certificate on 
your Apache web server.
Throughout, best practices for set-up are highlighted to help you 
ensure efficient ongoing management of your encryption keys and 
digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
42f727
d1
----------------------------------------------------------------------
--


----------------------------------------------------------------------
-- Securing Apache Web Server with thawte Digital Certificate In this 
guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
42f727d1
----------------------------------------------------------------------
--



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault