|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: nanog@nanog.org To: subashini hariharan <suba.h17@gmail.com> From: Valdis.Kletnieks@vt.edu In-Reply-To: <CAD=4tqQ4NLX3Adu_ZppJ_9di6YM=5SxYkCeVuXqo70epYeHG3w@mail.gmail.com> Date: Sun, 12 Jun 2016 12:04:12 -0400 Cc: nanog@nanog.org Errors-To: nanog-bounces@nanog.org --==_Exmh_1465747452_2073P Content-Type: text/plain; charset=us-ascii On Fri, 10 Jun 2016 22:22:31 -0700, subashini hariharan said: > The aim is to detect DoS/DDoS attacks using the application. I am going to > use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log > Analytics). Bad approach. At that point, not only is the application being DDoS'ed, but now your logging system may be overwhelmed as well. And a favorite attack method is to throw a DDoS at one application (your http server, for instance), and while you're drowning in logfiles, slip in an exploit for something else (you *did* patch that tftpd server, right?) Also, the vast majority of DDoS attempts are just fill-the-pipe attacks, which often don't even bother attacking an application, just an IP address. This leverages the fact that there's a lot of routers that can switch average sized packets at line speed, but not minimum sized packets. So the link falls over faster if it's getting pounded with ICMP Echo Request packets or TCP SYN packets than if it's getting 800-byte http requests. --==_Exmh_1465747452_2073P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Exmh version 2.5 07/13/2001 iQIVAwUBV12H/AdmEQWDXROgAQJXBw/+MMuJyJtxir+TOfPYOGB6H+FDZkZ+UQvv HoMDZQ0eBX79HI/kbr8Xdu9TdUZKB97MBeTj0yhFPMBpziyQWoK3nP8uKVOHYtd4 T8tGTaF3sqXCbeyds5ORPMfKkiWN1ZtkL/j+lwhYD7ZFNjQiHWjh7+TjWKxVbPWe Lp9m0C3peW4Xc695ONV5PFhGoyLrI66AIOQrjPSwTg/zPziUkeZTmJAzJRNJqOrs 3QC5jh4r/ofGFZwqUj5dTdzMjLO0M1pxOlz8J3c9o0k2w58B91GDc2NX4fCBUnj5 x1CzsVs/70p+ZzBZzdEqs9Ze1+5VBnjUkC6fVQrdf3pq2anVHXOKahsMtmDhFQSG WS7uFuKPLTbDRfitS4pXzBYH88SD+0uFByAfsv8o1NoUI/WwacU96sW31nXLZVDc xgnnKLn4ESn6LGoaCiVjDrC/g0fBUymc3ccOhXQow9AgNYMC2eH60x6HheFz5pZA vsLF5515EPL6wXKd7x0YkqV4pbumto81eE8Of3YRk8GT8U8RkBi8NY4ZFForUGXj JMbmbEBJrIZCen1eL0UCcjlwCUzUbodC3Dmxb/qhbZ1H+aCFXVdVSyOsDlNe7B3i KR9diNFdsWIKiiZVBBJnqUaITOzTf2j9IkBPM3Glu08DVpsrfIDsTeIES1xFE2au xrZKDAawx0c= =rnZo -----END PGP SIGNATURE----- --==_Exmh_1465747452_2073P--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |