DDoS mitigation EPIC FAIL collection

Presented at 32C3 (2015), Dec. 30, 2015, 2 p.m. (60 minutes).

For the past 3 years I have been delivering a custom-tailored DDoS attacks for organizations that wanted to test out their DDoS defense systems. The client did give their logs after the attack so we can analyze together the impact and rewind the attack in slow-motion for us to consider a proper recommendation and not just something the vendor is expecting us to believe. Many rhetorical advice from vendors regarding defense know-how was found wrong or insufficient and many times even contributed to the EPIC FAIL of the entire defense system. During the presentation I will be bring to light 10 such cases of FAILs in hopes that future defenses will be battered and, of course, for some lolz. I have been researching DDoS attacks and mitigation techniques for the past three years and worked with industry leaders on testing their systems, providing them with cutting edge, and even never-seen-before attacks. I was amazed (actually still am) to find out that those big corporations, investing much work into their architecture of defense came to FAIL and sometimes the sole reason for a successful attack was a mitigation configuration or architecture FAIL. My research is done by utilizing smart grids of computers, mimicking vast botnets from all over the world, writing and perfecting scripted attacks and even involve social engineering attempts within those attacks (for mitigation that involve manual intervention) In the presentation there will be a showcase of 10 such FAILs, detailed technically as for a step-by-step close follow on the attack strategy and its mitigation failing, and of course – how delving into a recommended setup for a proper mitigation technique that will not inflict such a direct damage as presented.

Presenters:

  • dalmoz
    Hacking as a way of life, researching security into bits and bytes

Links:

Similar Presentations: