Summary
Matthew J. Harmon and Phil Reno present at the (ISC)2 Twin Cities Area Chapter on DDoS Survival, delivered on October 18, 2013, provides a comprehensive primer on Distributed Denial of Service (DDoS) attacks and how organizations can withstand and mitigate them. It begins by defining DDoS as resource exhaustion aimed at disrupting servicesand tracing its roots from IRC-driven pranks to sophisticated protest and extortion campaigns.
Threats and Attack Techniques
The first section surveys real-world threats and attack techniques. The presenters highlight notable incidents such as Anonymous/AntiSec campaigns and itsoknoproblembro browser-based botnets and reference data on rising attack volumes from sources like Arbor Networks. They categorize attack vectors across the OSI stack (TCP/SSL floods, HTTP-level assaults like Slowloris and chunked-header exploits, and ICMP/UDP floods) and assess attacker skill levels, from low-effort LOIC/XOIC scripts to more advanced injection-driven browser botnets.
Defense and Resilience
The second section focuses on defense and resilience strategies. Harmon and Reno outline four architectural approaches: ISP-level scrubbing, Cloud SOC via proxy/DNS redirection, full-service cloud scrubbing with BGP rerouting, and in-house solutions. Detailing the pros and cons of each. They emphasize risk transference through CDNs and anti-DDoS services, null-routing tactics, and bigger pipes, supplemented by application-level tweaks. The presentation concludes with guidance on selecting providers (key questions on SLAs, mitigation capabilities, and cost structures), proactive load testing, and leveraging automation tools (Chef, Puppet, Ansible, SaltStack, Fabric) to scale and verify infrastructure readiness under attack.