Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Anatomy of a simple do s attack it can happen to you

92 Aufrufe

Veröffentlicht am

Shows how a DoS attack on a eCommerce site looks like and how it was thwarted. The attack was repelled by rate limit and subsequently by blocking the IP. luroConenct stack used.

Veröffentlicht in: Technologie
  • Loggen Sie sich ein, um Kommentare anzuzeigen.

  • Gehören Sie zu den Ersten, denen das gefällt!

Anatomy of a simple do s attack it can happen to you

  1. 1. Anatomy of a simple DOS attack How it can bring down your site
  2. 2. DoS attach from a single IP 0 20 40 60 80 100 120 140 160 180 Anatom of a DDoS attack total hits per minute rejected Clock Time (10am to 6pm) Initial hits undetected as attack All hits rejected Site had performance issues Automatic detection and defense Hitsperminute
  3. 3. DoS Attack • Crawling the site • Masquerading as google bot in the User Agent field • Missed our initial scrutiny as we saw traffic rise and we got slow response alerts since it was google bot • We monitored non-BOT traffic – which continued to respond well • Until we got errors 21/Sep/2018:16:54:13 +0530| GET /kids-lehenga-choli.html?color=32889&price=-100 HTTP/1.1|444|0|-| Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
  4. 4. We automatically blocked a IP Real-time report for the day : luroConnect / Insight dashboard
  5. 5. From a huge surge Real-time report for the day : luroConnect / Insight dashboard
  6. 6. Even the 25% that went through CPU utilization was very high Memory commit was over 100% Munin graphs of the app server
  7. 7. Analysis • Total error hits : 10 • Period of attack : 5 hours (with varying intensity) • Automatically blocked : 75% • Manual intervention : Blocked the IP luroConnect features used  IP Rate limit  luroConnect / Insight dashboard  luroConnect alerting  Munin monitoring  IP blocking
  8. 8. https://www.luroConnect.com/ Where to find us https://www.luroConnect.com/ info@luroConnect.com @luroconnect

×