Suche senden
Hochladen
lightning talk proposal
•
Als PPTX, PDF herunterladen
•
0 gefällt mir
•
557 views
A
Alexander Lyamin
Folgen
Technologie
Melden
Teilen
Melden
Teilen
1 von 33
Jetzt herunterladen
Empfohlen
DDoS: practical survival
DDoS: practical survival
Positive Hack Days
DDoS: Practical Survival Guide
DDoS: Practical Survival Guide
HLL
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
Sadique Puthen
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigation
Pavel Odintsov
FastNetMonを試してみた
FastNetMonを試してみた
Yutaka Ishizaki
NGINX Can Do That? Test Drive Your Config File!
NGINX Can Do That? Test Drive Your Config File!
Jeff Anderson
Dhcp security #netseckh
Dhcp security #netseckh
HEM Sothon
Protect your edge BGP security made simple
Protect your edge BGP security made simple
Pavel Odintsov
Empfohlen
DDoS: practical survival
DDoS: practical survival
Positive Hack Days
DDoS: Practical Survival Guide
DDoS: Practical Survival Guide
HLL
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
Sadique Puthen
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigation
Pavel Odintsov
FastNetMonを試してみた
FastNetMonを試してみた
Yutaka Ishizaki
NGINX Can Do That? Test Drive Your Config File!
NGINX Can Do That? Test Drive Your Config File!
Jeff Anderson
Dhcp security #netseckh
Dhcp security #netseckh
HEM Sothon
Protect your edge BGP security made simple
Protect your edge BGP security made simple
Pavel Odintsov
Keeping your rack cool
Keeping your rack cool
Pavel Odintsov
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigation
Pavel Odintsov
9534715
9534715
Pavel Odintsov
How to monitor NGINX
How to monitor NGINX
Server Density
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And Mitigation
Pavel Odintsov
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Fastly
Eduardo Silva - monkey http-server everywhere
Eduardo Silva - monkey http-server everywhere
StarTech Conference
Jon Nield FastNetMon
Jon Nield FastNetMon
Pavel Odintsov
Be Mean to Your Code
Be Mean to Your Code
James Wickett
mod_perl 2.0 For Speed Freaks!
mod_perl 2.0 For Speed Freaks!
Philippe M. Chiasson
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Pavel Odintsov
What are your competitors doing seletskiy 10
What are your competitors doing seletskiy 10
lsmichael
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
Pavel Odintsov
Mobile Api and Caching
Mobile Api and Caching
New Relic
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
wallyqs
distributed tracing in 5 minutes
distributed tracing in 5 minutes
Dan Kuebrich
Primeiros Passos na API do Zabbix com Python - 2º ZABBIX MEETUP DO INTERIOR-SP
Primeiros Passos na API do Zabbix com Python - 2º ZABBIX MEETUP DO INTERIOR-SP
Zabbix BR
Testing Wi-Fi with OSS Tools
Testing Wi-Fi with OSS Tools
All Things Open
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
Amazon Web Services
Debugging Network Issues
Debugging Network Issues
Apcera
Hl++2012 lyamin qrator ddos highload 2012
Hl++2012 lyamin qrator ddos highload 2012
Alexander Lyamin
Ritconf2011 Asimov "Russian Internet Core"
Ritconf2011 Asimov "Russian Internet Core"
Alexander Lyamin
Weitere ähnliche Inhalte
Was ist angesagt?
Keeping your rack cool
Keeping your rack cool
Pavel Odintsov
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigation
Pavel Odintsov
9534715
9534715
Pavel Odintsov
How to monitor NGINX
How to monitor NGINX
Server Density
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And Mitigation
Pavel Odintsov
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Fastly
Eduardo Silva - monkey http-server everywhere
Eduardo Silva - monkey http-server everywhere
StarTech Conference
Jon Nield FastNetMon
Jon Nield FastNetMon
Pavel Odintsov
Be Mean to Your Code
Be Mean to Your Code
James Wickett
mod_perl 2.0 For Speed Freaks!
mod_perl 2.0 For Speed Freaks!
Philippe M. Chiasson
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Pavel Odintsov
What are your competitors doing seletskiy 10
What are your competitors doing seletskiy 10
lsmichael
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
Pavel Odintsov
Mobile Api and Caching
Mobile Api and Caching
New Relic
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
wallyqs
distributed tracing in 5 minutes
distributed tracing in 5 minutes
Dan Kuebrich
Primeiros Passos na API do Zabbix com Python - 2º ZABBIX MEETUP DO INTERIOR-SP
Primeiros Passos na API do Zabbix com Python - 2º ZABBIX MEETUP DO INTERIOR-SP
Zabbix BR
Testing Wi-Fi with OSS Tools
Testing Wi-Fi with OSS Tools
All Things Open
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
Amazon Web Services
Debugging Network Issues
Debugging Network Issues
Apcera
Was ist angesagt?
(20)
Keeping your rack cool
Keeping your rack cool
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigation
9534715
9534715
How to monitor NGINX
How to monitor NGINX
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And Mitigation
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Eduardo Silva - monkey http-server everywhere
Eduardo Silva - monkey http-server everywhere
Jon Nield FastNetMon
Jon Nield FastNetMon
Be Mean to Your Code
Be Mean to Your Code
mod_perl 2.0 For Speed Freaks!
mod_perl 2.0 For Speed Freaks!
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
What are your competitors doing seletskiy 10
What are your competitors doing seletskiy 10
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
Mobile Api and Caching
Mobile Api and Caching
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
distributed tracing in 5 minutes
distributed tracing in 5 minutes
Primeiros Passos na API do Zabbix com Python - 2º ZABBIX MEETUP DO INTERIOR-SP
Primeiros Passos na API do Zabbix com Python - 2º ZABBIX MEETUP DO INTERIOR-SP
Testing Wi-Fi with OSS Tools
Testing Wi-Fi with OSS Tools
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
Debugging Network Issues
Debugging Network Issues
Andere mochten auch
Hl++2012 lyamin qrator ddos highload 2012
Hl++2012 lyamin qrator ddos highload 2012
Alexander Lyamin
Ritconf2011 Asimov "Russian Internet Core"
Ritconf2011 Asimov "Russian Internet Core"
Alexander Lyamin
Goods search
Goods search
Alexander Lyamin
RITConf 2011 "DDoS Classification"
RITConf 2011 "DDoS Classification"
Alexander Lyamin
How to secure your web applications with NGINX
How to secure your web applications with NGINX
Wallarm
Activism x Technology
Activism x Technology
WebVisions
How to Battle Bad Reviews
How to Battle Bad Reviews
Glassdoor
Andere mochten auch
(7)
Hl++2012 lyamin qrator ddos highload 2012
Hl++2012 lyamin qrator ddos highload 2012
Ritconf2011 Asimov "Russian Internet Core"
Ritconf2011 Asimov "Russian Internet Core"
Goods search
Goods search
RITConf 2011 "DDoS Classification"
RITConf 2011 "DDoS Classification"
How to secure your web applications with NGINX
How to secure your web applications with NGINX
Activism x Technology
Activism x Technology
How to Battle Bad Reviews
How to Battle Bad Reviews
Ähnlich wie lightning talk proposal
Honeypots - November 8th Misec presentation
Honeypots - November 8th Misec presentation
Tazdrumm3r
Aerospike & GCE (LSPE Talk)
Aerospike & GCE (LSPE Talk)
Sayyaparaju Sunil
Malware Analysis For The Enterprise
Malware Analysis For The Enterprise
Jason Ross
How to Troubleshoot OpenStack Without Losing Sleep
How to Troubleshoot OpenStack Without Losing Sleep
Sadique Puthen
Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"
Faelix Ltd
Velocity 2012 - Learning WebOps the Hard Way
Velocity 2012 - Learning WebOps the Hard Way
Cosimo Streppone
Putting Rugged Into your DevOps Toolchain
Putting Rugged Into your DevOps Toolchain
James Wickett
Planning to Fail #phpne13
Planning to Fail #phpne13
Dave Gardner
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use Them
Sneha Inguva
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
Igalia
A Developer’s Guide to Kubernetes Security
A Developer’s Guide to Kubernetes Security
Gene Gotimer
(NET404) Making Every Packet Count
(NET404) Making Every Packet Count
Amazon Web Services
5 issues
5 issues
m0use
5 issues
5 issues
m0use
Extreme HTTP Performance Tuning: 1.2M API req/s on a 4 vCPU EC2 Instance
Extreme HTTP Performance Tuning: 1.2M API req/s on a 4 vCPU EC2 Instance
ScyllaDB
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)
Amazon Web Services
Non-blocking I/O, Event loops and node.js
Non-blocking I/O, Event loops and node.js
Marcus Frödin
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
Sagi Brody
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
Cosimo Streppone
Smit WiFi_2
Smit WiFi_2
mutew
Ähnlich wie lightning talk proposal
(20)
Honeypots - November 8th Misec presentation
Honeypots - November 8th Misec presentation
Aerospike & GCE (LSPE Talk)
Aerospike & GCE (LSPE Talk)
Malware Analysis For The Enterprise
Malware Analysis For The Enterprise
How to Troubleshoot OpenStack Without Losing Sleep
How to Troubleshoot OpenStack Without Losing Sleep
Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"
Velocity 2012 - Learning WebOps the Hard Way
Velocity 2012 - Learning WebOps the Hard Way
Putting Rugged Into your DevOps Toolchain
Putting Rugged Into your DevOps Toolchain
Planning to Fail #phpne13
Planning to Fail #phpne13
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use Them
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
A Developer’s Guide to Kubernetes Security
A Developer’s Guide to Kubernetes Security
(NET404) Making Every Packet Count
(NET404) Making Every Packet Count
5 issues
5 issues
5 issues
5 issues
Extreme HTTP Performance Tuning: 1.2M API req/s on a 4 vCPU EC2 Instance
Extreme HTTP Performance Tuning: 1.2M API req/s on a 4 vCPU EC2 Instance
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)
Non-blocking I/O, Event loops and node.js
Non-blocking I/O, Event loops and node.js
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
Smit WiFi_2
Smit WiFi_2
Kürzlich hochgeladen
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
The Digital Insurer
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
apidays
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Kürzlich hochgeladen
(20)
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
lightning talk proposal
1.
DDoS: practical survival
guide Alexander Lyamin <la@highloadlab.com>
2.
Poor mans version.
3.
Q1 2012 •
Incidents: 365 • Daily max: 12 • Avg. botnet size: 2637 • Max botnet size: 37834
4.
Daily 12 11 10 9 8
7 6 Jan 5 4 Feb 3 2 Mar 1 0
5.
Weekday distribution 20.00% 18.00%
17.26% 16.71% 15.89% 16.00% 14.52% 14.25% 14.00% 11.78% 12.00% 9.59% 10.00% 8.00% 6.00% 4.00% 2.00% 0.00% Monday Tuesday Wednesday Thursday Friday Saturday Sunday
6.
High speed attacks
3.56% > 1 Gbps < 1Gbps 96.44%
7.
Spoofed source attacks
22.74% Spoofed Full connect 77.26%
8.
Scary stuff •
DNS: NIC, Masterhost, FastVPS. • DataCenters: CROK, WAhome. • “Invisible” elections botnets. • Minerbot.
9.
New reality • 1k
botnet - 100-160 USD. • Readily available botnet toolkits. • Fall of prices - 20 USD/day.
10.
New competition
11.
Apache mod_evasive
12.
Apache mod_evasive <IfModule mod_evasive20.c> DOSHashTableSize
3097 DOSPageCount 8 DOSSiteCount 100 DOSPageInterval 2 DOSSiteInterval 2 DOSBlockingPeriod 600 DOSEmailNotify secure@adminmail.com </IfModule>
13.
Apache mod_evasive Positive
Negative It works! Apache
14.
Iptables --string
15.
Iptables --string iptables -A
INPUT -p tcp -m tcp --dport 80 -m string --string "GET / HTTP" --algo kmp --to 1024 -m recent --set --name httpddos --rsource iptables -A INPUT -p tcp -m tcp --dport 80 -m string --string "GET / HTTP" --algo kmp --to 1024 -m recent --update --seconds 10 --hitcount 2 --name httpddos --rsource -j DROP
16.
Iptables --string Positive
Negative It works. Not always works. (fragmentet packets) Its fast. Not always fast. (kmp matched packets) Orphaned sockets + retransmit. Requires conntrack(statefull is bad).
17.
NGINX testcookie_module
18.
JS
19.
Cookie/Redirect
20.
NGINX testcookie_module
testcookie_name BPC; testcookie_secret keepmescret; testcookie_session $remote_addr; testcookie_arg attempt; testcookie_max_attempts 3; testcookie_fallback /cookies.html?backurl=http://$host$request_uri; testcookie_get_only on; location / { testcookie on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://127.0.0.1:8080; } More reading: http://habrahabr.ru/post/139931/
21.
NGINX testcookie_module Positive
Negative It works. Doesn’t block traffic.* NGINX. Alternates UX. Its fast. Is not effective on FBS. Predictable. Expandable (Flash, QT checks). * That’s what ipset is for.
22.
Neuron network PyBrain
23.
Neuron network PyBrain Request: 0.0.0.0
- - [20/Dec/2011:15:00:03 +0400] "GET /forum/rss.php?topic=347425 HTTP/1.0" 200 1685 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9) Gecko/2008052906 Firefox/3.0» Dictionary: ['__UA___OS_U', '__UA_EMPTY', '__REQ___METHOD_POST', '__REQ___HTTP_VER_HTTP/1.0', '__REQ___URL_ __NETLOC_', '__REQ___URL___PATH_/forum/rss.php', '__REQ___URL___PATH_/forum/index.php', '__REQ___URL ___SCHEME_', '__REQ___HTTP_VER_HTTP/1.1', '__UA___VER_Firefox/3.0', '__REFER___NETLOC_www.mozilla- europe.org', '__UA___OS_Windows', '__UA___BASE_Mozilla/5.0', '__CODE_503', '__UA___OS_pl', '__REFER___PA TH_/', '__REFER___SCHEME_http', '__NO_REFER__', '__REQ___METHOD_GET', '__UA___OS_Windows NT 5.1', '__UA___OS_rv:1.9', '__REQ___URL___QS_topic', '__UA___VER_Gecko/2008052906’ Далее: http://habrahabr.ru/post/136237/
24.
Neuron network PyBrain Positive
Negative It works. May not work. Nerd award! No historical analysis.
25.
tcpdump
26.
tcpdump tcpdump -v -n
-w attack.log dst port 80 -c 250 tcpdump -nr attack.log |awk '{print $3}' |grep -oE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.[0- 9]{1,}' |sort |uniq -c |sort -rn
27.
tcpdump Positive
Negative It works. why tcpdump? Ask kernel!
28.
Summary •
Every solution works. • Not always. • Not for everyone. • UPTIME > DOWNTIME.
29.
Definition of happiness •
Minimal FALSE POSITIVES. • No vulnerabilities on lower levels. • Up to challenge.
30.
NGINX testcookie_module
31.
One last thing…
(protect your TCP stack) 22.74% 3.56% Spoofed 96.44% Full connect > 1Gbps < 1Gbps 77.26%
32.
Have a fun
ride!
33.
Homework. 1. NGINX/ipset preinstalled. 2.
No conntrack. 3. Dedicated IP per critical published service. 4. Blackhole communities present and tested.
Jetzt herunterladen