Comments on: How to Survive a DDoS Extortion Attack http://www.whatevercompliance.com/network-security/how-to-survive-a-ddos-extortion-attack/ Savid Technologies thoughts on technology, information security, and business Wed, 24 Feb 2010 19:36:40 -0600 hourly 1 http://wordpress.org/?v=3.0 By: Dimitry Snezhkov http://www.whatevercompliance.com/network-security/how-to-survive-a-ddos-extortion-attack/comment-page-1/#comment-70 Dimitry Snezhkov Wed, 24 Feb 2010 19:36:40 +0000 http://www.whatevercompliance.com/?p=383#comment-70 Mike, A couple of things: 1. I fully agree businesses should not only share the attack data but also learn from the very guys who have been dealing with this for a long time - Easter European hosting providers. It's very safe to say that many of the DDoS toolkits are being tested in EU on a smaller scale at least before they are being employed elsewhere. There's just a lot of info on DDoS mitigation from the trenches. Businesses susceptible to DDoS ( as you mentioned gaming, etc. ) should be advised to use their OSINT capabilities in DDoS research and not only rely on appliances. DDoS mitigation is a process and for them it should be on par with their DR capabilities ready to kick in. 2. Not all DDoS is created equal. I think the element of fear and helplessness upon facing the unknown play a huge role in this setup when methods of attack are not understood. I 100% believe that businesses should invest in their staff for DDoS mitigation before they invest in specific technology. Log monitoring, nginx setup feeding into decent scripting, kernel buffer modification and iptables rules should fend off 90% of most medium-size bots. The game is most likely won in the first 24-72 hours when the attacker pays enough money while renting the botnet and should ROI on that, or move on to another target. Mike,
A couple of things:
1. I fully agree businesses should not only share the attack data but also learn from the very guys who have been dealing with this for a long time – Easter European hosting providers. It’s very safe to say that many of the DDoS toolkits are being tested in EU on a smaller scale at least before they are being employed elsewhere. There’s just a lot of info on DDoS mitigation from the trenches. Businesses susceptible to DDoS ( as you mentioned gaming, etc. ) should be advised to use their OSINT capabilities in DDoS research and not only rely on appliances. DDoS mitigation is a process and for them it should be on par with their DR capabilities ready to kick in.

2. Not all DDoS is created equal. I think the element of fear and helplessness upon facing the unknown play a huge role in this setup when methods of attack are not understood. I 100% believe that businesses should invest in their staff for DDoS mitigation before they invest in specific technology. Log monitoring, nginx setup feeding into decent scripting, kernel buffer modification and iptables rules should fend off 90% of most medium-size bots. The game is most likely won in the first 24-72 hours when the attacker pays enough money while renting the botnet and should ROI on that, or move on to another target.

]]>