[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Ubisoft DDoS

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Ubisoft DDoS
From: "Dobbins, Roland" <rdobbins@xxxxxxxxx>
Date: Tue, 9 Mar 2010 16:21:30 +0000

On Mar 9, 2010, at 11:01 PM, <Valdis.Kletnieks@xxxxxx> wrote:

> Oh, I didn't say they didn't exist. 

A good way to get started w/scalable DDoS mitigation is to implement S/RTBH on 
one's hardware-based edge routers, and then make use of open-source NetFlow 
tools for visibility.

There are commercial solutions as well - in the interests of full disclosure 
(pardon the pun, heh), I work for a vendor of such intelligent DDoS mitigation 
(IDMS) solutions.

These slides may be of interest in hardening/leveraging one's network 
infrastructure and gaining the ability to  detect/classify/traceback/mitigate 
DDoS:

<http://files.me.com/roland.dobbins/k54qkv>

<http://files.me.com/roland.dobbins/prguob>

<http://files.me.com/roland.dobbins/k4zw3x>

<http://files.me.com/roland.dobbins/dweagy>

There was also a relevant talk at the latest NANOG (a synopsis of discussions 
on nanog-l and cisco-nsp):

<http://www.nanog.org/meetings/nanog48/presentations/Monday/Kaeo_FilterTrend_ISPSec_N48.pdf>

and other relevant presentations at various NANOGs in the past.

To answer the previous respondent's question, Cisco acquired Riverhead and its 
Guard in early 2004:

<http://www.cisco.com/en/US/prod/collateral/modules/ps2706/end_of_life_c51-573493.html>

I also highly recommend this book by Dave Smith and Gregg Schudel of Cisco - 
it's the best (and only!) book on real-world opsec out there, available in 
dead-tree, Kindle, and Adobe Reader formats:

<http://www.amazon.com/Router-Security-Strategies-Securing-Network/dp/1587053365/ref=sr_1_1?ie=UTF8&s=books&qid=1262667257&sr=8-1>

[Full disclosure again; I'm cited in the book, but received and continue to 
receive no renumeration of any kind due to same.]

But before going the commercial route, folks should work on hardening their 
hosts/OSes/apps and leveraging their existing infrastructure and open-source as 
noted in the presentations above - in many cases, this is all that's needed, as 
outlined here:

<http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@xxxxxxxxx> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Ubisoft DDoS
  - From: James Matthews

References:
- [Full-disclosure] Ubisoft DDoS
  - From: Jan Schejbal
- Re: [Full-disclosure] Ubisoft DDoS
  - From: Adrenalin
- Re: [Full-disclosure] Ubisoft DDoS
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Ubisoft DDoS
  - From: Michal
- Re: [Full-disclosure] Ubisoft DDoS
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] Ubisoft DDoS
Next by Date: Re: [Full-disclosure] Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit
Previous by thread: Re: [Full-disclosure] Ubisoft DDoS
Next by thread: Re: [Full-disclosure] Ubisoft DDoS
Index(es):
- Date
- Thread