Author

Topic: DDOS Attack Info Sharing and Analysis (Read 848 times)

newbie
Activity: 58
Merit: 0
April 22, 2013, 05:07:40 AM
#1
I am quite surprised to see not much technical DDOS attack information has been shared within the bitcoin community even though we have waves of attacks targeting exchange, pools etc. Are we all practicing security by obscurity? As a seasoned security guy, I have experience in dealing with various DDOS attacks in both financial and gaming industry. Most of the time, the only effective way to defend against DDOS is to raise the cost of launching these attacks and information sharing on these attacks is critical. Even the big guys have to form sharing centres like FS-ISAC to deal with DDOS as a collaborated effort. I hope this thread can get those who have suffered DDOS attack to share as much technical information as possible on the DDOS attack they experience. A very simple template for these information can be something like:

1. Type of traffic detected in DDOS attack (TCP/UDP/ICMP etc or layer 7 stuff slowris type of PUT/POST requests)
2. Your bottleneck (what make you fall in facing this DDOS)
- Network resource (usually ISP link bandwidth)
- System resource (web server connection limits, CPU, memory )
- Application resource (PUT/POST request flooding, DB request limit)
- If not resource exhaustive type of DDOS, was the attack exploiting particular DOS vulnerability in your gears.
3. Number of source IPs ( just an estimated range like <10, 10-100, 100-1000, >1000 ) spoofed or real DNS resolvable IPs
4. Any measure you took has improve the situation etc.

Hope this thread can kick off some sharing on the technical side of these DDOS.
Jump to: