Re: [osdcmy-public] Protecting From DDOS
My experience has been that they're willing but they probably will not go the extra mile i.e. identifying the sources, putting ACLs all over their peering routers etc unless you're being persistent. I've heard of cases that if pushes come to shoves, ISPs are no longer willing to assume the risks of being attacked constantly so they probably can have the option to cancel the account. A good colo or server provider are probably those who run their own BGP, advertise their own or delegated IP addresses and have visibility of their own network. Those attributes are rare in Malaysia. So if one runs a service that is bound to attract a lot of unwanted attentions, it's probably a bit more expensive to do it here. On 12 September 2010 22:59, Harisfazillah Jamel wrote: > Ihsan > > Thanks, this information keep me more want to dig in to know more > > I dont know how far our ISP willing to help website owner during MSDOS > - multi-source denial of service. (thanks Harish) I do hear ISP cancel > an account and ask the owner to find other ISP. I believe that to goal > of the attack. Making sure the ISP will cancel the owner account and > no where to host it... > > On Sun, Sep 12, 2010 at 7:55 PM, Ihsan Junaidi Ibrahim > wrote: >> Additionally there's a third method but this relies on your provider >> to manually drop every single suspected IPs attacking your resources. >> Sure this is effective for probably 10 attackers but in case of >> botnets, the attack is probably over by the time their done updating >> their ACLs. >> >> On 12 September 2010 19:53, Ihsan Junaidi Ibrahim >> wrote: >>> Salam, >>> >>> Stopping DDOS at the perimeter is not the solution in the case of DDOS >>> targeting resources/bandwidth saturation. The only solution is to get >>> your upstream provider to drop the malicious traffic in their network >>> before it enters your network. This can be done by BGP blackhole >>> (traditional way) or the more recent, flowspec. This is probably the >>> only effective way against botnet-initiated DDOS attacks. If they have >>> the resources, running their own BGP is always recommended. >>> >>> Dropping traffic within your network only works if you have an obscene >>> amount of upstream bandwidth that can never, ever be saturated which >>> is of course, is not a reality here in Malaysia. >>> >>> CDN works if the CDN provider have their own DDOS mitigation mechanism >>> but I believe they are using either one of the 2 methods above. The >>> first one is nasty, they'll blackhole all access to your designated >>> IPs and the latter is much more refined but unsupported by many >>> carriers. >>> > > -- > Join Open Source Developers Club Malaysia http://www.osdc.my/ > > Facebook Fan page > > http://www.facebook.com/group.php?gid=98685301577 > > http://www.facebook.com/OSDC.my > > You received this message because you are subscribed to the Google > > Groups "OSDC.my Mailing List" group. > To post to this group, send email to osdcmy-list@googlegroups.com > To unsubscribe from this group, send email to > osdcmy-list+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/osdcmy-list?hl=en -- Thank you for your time, Ihsan Junaidi Ibrahim -- Join Open Source Developers Club Malaysia http://www.osdc.my/ Facebook Fan page http://www.facebook.com/group.php?gid=98685301577 http://www.facebook.com/OSDC.my You received this message because you are subscribed to the Google Groups "OSDC.my Mailing List" group. To post to this group, send email to osdcmy-list@googlegroups.com To unsubscribe from this group, send email to osdcmy-list+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/osdcmy-list?hl=en
Re: [osdcmy-public] Protecting From DDOS
On Sun, Sep 12, 2010 at 11:08 PM, Harisfazillah Jamel wrote: > Yep that the one... Get a message from a friend ... > > I quote ... > > Haris - > > Actually, DDOS is the wrong acronym. It should actually be MSDOS. > DDOS = distribute denial of service > MSDOS = multi-source denial of service. > > MSDOS is therefore more accurate. > > Harish :-). > Nice! Then I learned a new acronym tonight, even just heard about it. But I can't find any reference to link MSDOS with denial of service. > On Sun, Sep 12, 2010 at 11:03 PM, Hasan Abu Bakar wrote: >> On Sun, Sep 12, 2010 at 10:59 PM, Harisfazillah Jamel >> wrote: >>> Ihsan >>> >>> Thanks, this information keep me more want to dig in to know more >>> >>> I dont know how far our ISP willing to help website owner during MSDOS >>> - multi-source denial of service. (thanks Harish) I do hear ISP cancel >>> an account and ask the owner to find other ISP. I believe that to goal >>> of the attack. Making sure the ISP will cancel the owner account and >>> no where to host it... >>> >> >> Do you mean DDoS or distributed denial-of-service attack right? Just >> to make clear it's not "that" MSDOS >> http://en.wikipedia.org/wiki/Denial-of-service_attack >> >> > > -- > Join Open Source Developers Club Malaysia http://www.osdc.my/ > > Facebook Fan page > > http://www.facebook.com/group.php?gid=98685301577 > > http://www.facebook.com/OSDC.my > > You received this message because you are subscribed to the Google > > Groups "OSDC.my Mailing List" group. > To post to this group, send email to osdcmy-list@googlegroups.com > To unsubscribe from this group, send email to > osdcmy-list+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/osdcmy-list?hl=en > -- Join Open Source Developers Club Malaysia http://www.osdc.my/ Facebook Fan page http://www.facebook.com/group.php?gid=98685301577 http://www.facebook.com/OSDC.my You received this message because you are subscribed to the Google Groups "OSDC.my Mailing List" group. To post to this group, send email to osdcmy-list@googlegroups.com To unsubscribe from this group, send email to osdcmy-list+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/osdcmy-list?hl=en
Re: [osdcmy-public] Protecting From DDOS
Yep that the one... Get a message from a friend ... I quote ... Haris - Actually, DDOS is the wrong acronym. It should actually be MSDOS. DDOS = distribute denial of service MSDOS = multi-source denial of service. MSDOS is therefore more accurate. Harish :-). On Sun, Sep 12, 2010 at 11:03 PM, Hasan Abu Bakar wrote: > On Sun, Sep 12, 2010 at 10:59 PM, Harisfazillah Jamel > wrote: >> Ihsan >> >> Thanks, this information keep me more want to dig in to know more >> >> I dont know how far our ISP willing to help website owner during MSDOS >> - multi-source denial of service. (thanks Harish) I do hear ISP cancel >> an account and ask the owner to find other ISP. I believe that to goal >> of the attack. Making sure the ISP will cancel the owner account and >> no where to host it... >> > > Do you mean DDoS or distributed denial-of-service attack right? Just > to make clear it's not "that" MSDOS > http://en.wikipedia.org/wiki/Denial-of-service_attack > > -- Join Open Source Developers Club Malaysia http://www.osdc.my/ Facebook Fan page http://www.facebook.com/group.php?gid=98685301577 http://www.facebook.com/OSDC.my You received this message because you are subscribed to the Google Groups "OSDC.my Mailing List" group. To post to this group, send email to osdcmy-list@googlegroups.com To unsubscribe from this group, send email to osdcmy-list+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/osdcmy-list?hl=en
Re: [osdcmy-public] Protecting From DDOS
On Sun, Sep 12, 2010 at 10:59 PM, Harisfazillah Jamel wrote: > Ihsan > > Thanks, this information keep me more want to dig in to know more > > I dont know how far our ISP willing to help website owner during MSDOS > - multi-source denial of service. (thanks Harish) I do hear ISP cancel > an account and ask the owner to find other ISP. I believe that to goal > of the attack. Making sure the ISP will cancel the owner account and > no where to host it... > Do you mean DDoS or distributed denial-of-service attack right? Just to make clear it's not "that" MSDOS http://en.wikipedia.org/wiki/Denial-of-service_attack > On Sun, Sep 12, 2010 at 7:55 PM, Ihsan Junaidi Ibrahim > wrote: >> Additionally there's a third method but this relies on your provider >> to manually drop every single suspected IPs attacking your resources. >> Sure this is effective for probably 10 attackers but in case of >> botnets, the attack is probably over by the time their done updating >> their ACLs. >> >> On 12 September 2010 19:53, Ihsan Junaidi Ibrahim >> wrote: >>> Salam, >>> >>> Stopping DDOS at the perimeter is not the solution in the case of DDOS >>> targeting resources/bandwidth saturation. The only solution is to get >>> your upstream provider to drop the malicious traffic in their network >>> before it enters your network. This can be done by BGP blackhole >>> (traditional way) or the more recent, flowspec. This is probably the >>> only effective way against botnet-initiated DDOS attacks. If they have >>> the resources, running their own BGP is always recommended. >>> >>> Dropping traffic within your network only works if you have an obscene >>> amount of upstream bandwidth that can never, ever be saturated which >>> is of course, is not a reality here in Malaysia. >>> >>> CDN works if the CDN provider have their own DDOS mitigation mechanism >>> but I believe they are using either one of the 2 methods above. The >>> first one is nasty, they'll blackhole all access to your designated >>> IPs and the latter is much more refined but unsupported by many >>> carriers. >>> > > -- > Join Open Source Developers Club Malaysia http://www.osdc.my/ > > Facebook Fan page > > http://www.facebook.com/group.php?gid=98685301577 > > http://www.facebook.com/OSDC.my > > You received this message because you are subscribed to the Google > > Groups "OSDC.my Mailing List" group. > To post to this group, send email to osdcmy-list@googlegroups.com > To unsubscribe from this group, send email to > osdcmy-list+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/osdcmy-list?hl=en > -- Join Open Source Developers Club Malaysia http://www.osdc.my/ Facebook Fan page http://www.facebook.com/group.php?gid=98685301577 http://www.facebook.com/OSDC.my You received this message because you are subscribed to the Google Groups "OSDC.my Mailing List" group. To post to this group, send email to osdcmy-list@googlegroups.com To unsubscribe from this group, send email to osdcmy-list+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/osdcmy-list?hl=en
Re: [osdcmy-public] Protecting From DDOS
Ihsan Thanks, this information keep me more want to dig in to know more I dont know how far our ISP willing to help website owner during MSDOS - multi-source denial of service. (thanks Harish) I do hear ISP cancel an account and ask the owner to find other ISP. I believe that to goal of the attack. Making sure the ISP will cancel the owner account and no where to host it... On Sun, Sep 12, 2010 at 7:55 PM, Ihsan Junaidi Ibrahim wrote: > Additionally there's a third method but this relies on your provider > to manually drop every single suspected IPs attacking your resources. > Sure this is effective for probably 10 attackers but in case of > botnets, the attack is probably over by the time their done updating > their ACLs. > > On 12 September 2010 19:53, Ihsan Junaidi Ibrahim > wrote: >> Salam, >> >> Stopping DDOS at the perimeter is not the solution in the case of DDOS >> targeting resources/bandwidth saturation. The only solution is to get >> your upstream provider to drop the malicious traffic in their network >> before it enters your network. This can be done by BGP blackhole >> (traditional way) or the more recent, flowspec. This is probably the >> only effective way against botnet-initiated DDOS attacks. If they have >> the resources, running their own BGP is always recommended. >> >> Dropping traffic within your network only works if you have an obscene >> amount of upstream bandwidth that can never, ever be saturated which >> is of course, is not a reality here in Malaysia. >> >> CDN works if the CDN provider have their own DDOS mitigation mechanism >> but I believe they are using either one of the 2 methods above. The >> first one is nasty, they'll blackhole all access to your designated >> IPs and the latter is much more refined but unsupported by many >> carriers. >> -- Join Open Source Developers Club Malaysia http://www.osdc.my/ Facebook Fan page http://www.facebook.com/group.php?gid=98685301577 http://www.facebook.com/OSDC.my You received this message because you are subscribed to the Google Groups "OSDC.my Mailing List" group. To post to this group, send email to osdcmy-list@googlegroups.com To unsubscribe from this group, send email to osdcmy-list+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/osdcmy-list?hl=en
Re: [osdcmy-public] Protecting From DDOS
Additionally there's a third method but this relies on your provider to manually drop every single suspected IPs attacking your resources. Sure this is effective for probably 10 attackers but in case of botnets, the attack is probably over by the time their done updating their ACLs. On 12 September 2010 19:53, Ihsan Junaidi Ibrahim wrote: > Salam, > > Stopping DDOS at the perimeter is not the solution in the case of DDOS > targeting resources/bandwidth saturation. The only solution is to get > your upstream provider to drop the malicious traffic in their network > before it enters your network. This can be done by BGP blackhole > (traditional way) or the more recent, flowspec. This is probably the > only effective way against botnet-initiated DDOS attacks. If they have > the resources, running their own BGP is always recommended. > > Dropping traffic within your network only works if you have an obscene > amount of upstream bandwidth that can never, ever be saturated which > is of course, is not a reality here in Malaysia. > > CDN works if the CDN provider have their own DDOS mitigation mechanism > but I believe they are using either one of the 2 methods above. The > first one is nasty, they'll blackhole all access to your designated > IPs and the latter is much more refined but unsupported by many > carriers. > > On 12 September 2010 17:52, Harisfazillah Jamel > wrote: >> Team, >> >> What happen to Malaysia Today (MT) website get my interest to know >> more about handling this kind of attacks and what can be by us system >> administrator and developers in protecting our websites. Its can >> happen to any website. >> >> Im against DDOS that can cripple any websites including government >> websites, business and ordinary people. DDOS also shows our computer >> users still not updating their operating system to protect from trojan >> or DDOS bot. Lack of awareness and knowledge I believe. Im looking >> into this DDOS attack of MT in big picture If they can attack MT >> they also can attack our Internet infra and cripple our country >> network. Our banking systems now in question, can they protect >> themself? >> >> More info for those who want to know about protecting from DDOS >> >> http://developer.yahoo.com/performance/rules.html >> >> http://www.owasp.org/index.php/Testing_for_Denial_of_Service or google >> for OWASP DDOS >> >> At this blog post I also discuss about ways of protecting, may be its >> could work ... >> >> http://uppercaise.wordpress.com/2010/09/11/access-to-malaysia-today/ >> >> For example the use of CoralCDN network >> >> http://www.coralcdn.org/ >> >> CoralCDN service can be use to access non login websites (due to its >> proxy like) example to access PMO website >> >> http://www.pmo.gov.my.nyud.net/ >> >> more articles about Content Distribution Network (CDN) >> >> http://www.reaper-x.com/2009/10/02/how-to-use-coralcdn-to-save-your-bandwidth-problem-server-resources/ >> >> http://devcentral.f5.com/weblogs/macvittie/archive/2010/01/25/how-to-use-coralcdn-on-demand-to-keep-your-site-available.aspx >> >> or using Squid and Nginx >> >> http://serverfault.com/questions/30705/how-to-set-up-nginx-as-a-caching-reverse-proxy >> >> http://wiki.squid-cache.org/SquidFaq/ReverseProxy >> >> Im also looking into solution like >> >> IPF in FreeBSD >> >> and Iptables drop >> >> >> This email post to >> >> OSDC.my Mailing List >> >> http://groups.google.com.my/group/osdcmy-list >> >> OWASP Malaysia Mailing List >> >> https://lists.owasp.org/mailman/listinfo/owasp-Malaysia >> >> -- >> Join Open Source Developers Club Malaysia http://www.osdc.my/ >> >> Facebook Fan page >> >> http://www.facebook.com/group.php?gid=98685301577 >> >> http://www.facebook.com/OSDC.my >> >> You received this message because you are subscribed to the Google >> >> Groups "OSDC.my Mailing List" group. >> To post to this group, send email to osdcmy-list@googlegroups.com >> To unsubscribe from this group, send email to >> osdcmy-list+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/osdcmy-list?hl=en > > > > -- > Thank you for your time, > Ihsan Junaidi Ibrahim > -- Thank you for your time, Ihsan Junaidi Ibrahim -- Join Open Source Developers Club Malaysia http://www.osdc.my/ Facebook Fan page http://www.facebook.com/group.php?gid=98685301577 http://www.facebook.com/OSDC.my You received this message because you are subscribed to the Google Groups "OSDC.my Mailing List" group. To post to this group, send email to osdcmy-list@googlegroups.com To unsubscribe from this group, send email to osdcmy-list+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/osdcmy-list?hl=en
Re: [osdcmy-public] Protecting From DDOS
Salam, Stopping DDOS at the perimeter is not the solution in the case of DDOS targeting resources/bandwidth saturation. The only solution is to get your upstream provider to drop the malicious traffic in their network before it enters your network. This can be done by BGP blackhole (traditional way) or the more recent, flowspec. This is probably the only effective way against botnet-initiated DDOS attacks. If they have the resources, running their own BGP is always recommended. Dropping traffic within your network only works if you have an obscene amount of upstream bandwidth that can never, ever be saturated which is of course, is not a reality here in Malaysia. CDN works if the CDN provider have their own DDOS mitigation mechanism but I believe they are using either one of the 2 methods above. The first one is nasty, they'll blackhole all access to your designated IPs and the latter is much more refined but unsupported by many carriers. On 12 September 2010 17:52, Harisfazillah Jamel wrote: > Team, > > What happen to Malaysia Today (MT) website get my interest to know > more about handling this kind of attacks and what can be by us system > administrator and developers in protecting our websites. Its can > happen to any website. > > Im against DDOS that can cripple any websites including government > websites, business and ordinary people. DDOS also shows our computer > users still not updating their operating system to protect from trojan > or DDOS bot. Lack of awareness and knowledge I believe. Im looking > into this DDOS attack of MT in big picture If they can attack MT > they also can attack our Internet infra and cripple our country > network. Our banking systems now in question, can they protect > themself? > > More info for those who want to know about protecting from DDOS > > http://developer.yahoo.com/performance/rules.html > > http://www.owasp.org/index.php/Testing_for_Denial_of_Service or google > for OWASP DDOS > > At this blog post I also discuss about ways of protecting, may be its > could work ... > > http://uppercaise.wordpress.com/2010/09/11/access-to-malaysia-today/ > > For example the use of CoralCDN network > > http://www.coralcdn.org/ > > CoralCDN service can be use to access non login websites (due to its > proxy like) example to access PMO website > > http://www.pmo.gov.my.nyud.net/ > > more articles about Content Distribution Network (CDN) > > http://www.reaper-x.com/2009/10/02/how-to-use-coralcdn-to-save-your-bandwidth-problem-server-resources/ > > http://devcentral.f5.com/weblogs/macvittie/archive/2010/01/25/how-to-use-coralcdn-on-demand-to-keep-your-site-available.aspx > > or using Squid and Nginx > > http://serverfault.com/questions/30705/how-to-set-up-nginx-as-a-caching-reverse-proxy > > http://wiki.squid-cache.org/SquidFaq/ReverseProxy > > Im also looking into solution like > > IPF in FreeBSD > > and Iptables drop > > > This email post to > > OSDC.my Mailing List > > http://groups.google.com.my/group/osdcmy-list > > OWASP Malaysia Mailing List > > https://lists.owasp.org/mailman/listinfo/owasp-Malaysia > > -- > Join Open Source Developers Club Malaysia http://www.osdc.my/ > > Facebook Fan page > > http://www.facebook.com/group.php?gid=98685301577 > > http://www.facebook.com/OSDC.my > > You received this message because you are subscribed to the Google > > Groups "OSDC.my Mailing List" group. > To post to this group, send email to osdcmy-list@googlegroups.com > To unsubscribe from this group, send email to > osdcmy-list+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/osdcmy-list?hl=en -- Thank you for your time, Ihsan Junaidi Ibrahim -- Join Open Source Developers Club Malaysia http://www.osdc.my/ Facebook Fan page http://www.facebook.com/group.php?gid=98685301577 http://www.facebook.com/OSDC.my You received this message because you are subscribed to the Google Groups "OSDC.my Mailing List" group. To post to this group, send email to osdcmy-list@googlegroups.com To unsubscribe from this group, send email to osdcmy-list+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/osdcmy-list?hl=en
[osdcmy-public] Protecting From DDOS
Team, What happen to Malaysia Today (MT) website get my interest to know more about handling this kind of attacks and what can be by us system administrator and developers in protecting our websites. Its can happen to any website. Im against DDOS that can cripple any websites including government websites, business and ordinary people. DDOS also shows our computer users still not updating their operating system to protect from trojan or DDOS bot. Lack of awareness and knowledge I believe. Im looking into this DDOS attack of MT in big picture If they can attack MT they also can attack our Internet infra and cripple our country network. Our banking systems now in question, can they protect themself? More info for those who want to know about protecting from DDOS http://developer.yahoo.com/performance/rules.html http://www.owasp.org/index.php/Testing_for_Denial_of_Service or google for OWASP DDOS At this blog post I also discuss about ways of protecting, may be its could work ... http://uppercaise.wordpress.com/2010/09/11/access-to-malaysia-today/ For example the use of CoralCDN network http://www.coralcdn.org/ CoralCDN service can be use to access non login websites (due to its proxy like) example to access PMO website http://www.pmo.gov.my.nyud.net/ more articles about Content Distribution Network (CDN) http://www.reaper-x.com/2009/10/02/how-to-use-coralcdn-to-save-your-bandwidth-problem-server-resources/ http://devcentral.f5.com/weblogs/macvittie/archive/2010/01/25/how-to-use-coralcdn-on-demand-to-keep-your-site-available.aspx or using Squid and Nginx http://serverfault.com/questions/30705/how-to-set-up-nginx-as-a-caching-reverse-proxy http://wiki.squid-cache.org/SquidFaq/ReverseProxy Im also looking into solution like IPF in FreeBSD and Iptables drop This email post to OSDC.my Mailing List http://groups.google.com.my/group/osdcmy-list OWASP Malaysia Mailing List https://lists.owasp.org/mailman/listinfo/owasp-Malaysia -- Join Open Source Developers Club Malaysia http://www.osdc.my/ Facebook Fan page http://www.facebook.com/group.php?gid=98685301577 http://www.facebook.com/OSDC.my You received this message because you are subscribed to the Google Groups "OSDC.my Mailing List" group. To post to this group, send email to osdcmy-list@googlegroups.com To unsubscribe from this group, send email to osdcmy-list+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/osdcmy-list?hl=en
