Failosophy
DDoS mitigation EPIC FAIL collection
For the past 3 years I have been delivering a custom-tailored DDoS attacks for organizations that wanted to test out their DDoS defense systems.
The client did give their logs after the attack so we can analyze together the impact and rewind the attack in slow-motion for us to consider a proper recommendation and not just something the vendor is expecting us to believe.
Many rhetorical advice from vendors regarding defense know-how was found wrong or insufficient and many times even contributed to the EPIC FAIL of the entire defense system.
During the presentation I will be bring to light 10 such cases of FAILs in hopes that future defenses will be battered and, of course, for some lolz.
I have been researching DDoS attacks and mitigation techniques for the past three years and worked with industry leaders on testing their systems, providing them with cutting edge, and even never-seen-before attacks.
I was amazed (actually still am) to find out that those big corporations, investing much work into their architecture of defense came to FAIL and sometimes the sole reason for a successful attack was a mitigation configuration or architecture FAIL.
My research is done by utilizing smart grids of computers, mimicking vast botnets from all over the world, writing and perfecting scripted attacks and even involve social engineering attempts within those attacks (for mitigation that involve manual intervention)
In the presentation there will be a showcase of 10 such FAILs, detailed technically as for a step-by-step close follow on the attack strategy and its mitigation failing, and of course – how delving into a recommended setup for a proper mitigation technique that will not inflict such a direct damage as presented.
Additional information
| Type | lecture |
|---|---|
| Language | English |
More sessions
| 12/27/15 |
Datahavens have long been discussed as a solution to user security and privacy needs. Instinctively, the idea of physical locations where servers for communications, financial privacy, and other services can work is easily understood and seems appealing. As a founder of the HavenCo datahaven on Sealand in 2000, I saw firsthand the potential and the pitfalls of this approach.
|
| 12/27/15 |
Software design and testing is hard, but what happens when each bug fix can cost months of delay and millions of dollars? In this talk we’ll take a behind-the-scenes look at the challenges in the design of a very complex, yet critical piece of hardware: the modern x86 CPU.
|
| 12/28/15 |
„Never ever say no, act your first thought and learn to love mistakes“ – these are the basic rules of improv theatre. I will show how this can be adopted for everyday life.
|
| 12/28/15 |
Legend has it, the first iteration of the Secure Sockets Layer (SSL) protocol was broken in ten minutes by Phillip Hallam-Baker and Alan Schiffman during a presentation by Marc Andreesen at MIT in 1994. In the following two decades the protocol has been improved and the implementations have been strengthened, but not without a steady stream of implementation vulnerabilities and protocol design errors. From the ciphersuite rollback attack to LogJam, SSL/TLS has seen a diverse set of problems. In ...
|
| 12/29/15 |
In 2010 I was asked by the second maintainer in a row to take over as new maintainer of the libusb project. The first time I had declined. The second time I accepted, and sadly failed. Eventually a hostile fork emerged, with the explicit goal to take over the original project. I will tell you my story, which mistakes I made and what I learned - about independent and corporate contributors in open source projects, about package maintainers in downstream OS distributions, about trolls on the ...
|
| 12/30/15 |
What do you want? Did you build your web/app for humans or NSA robots? Let's make it usable for human beings. I'd like to show you some basic design mistakes and how to avoid them to improve usability of your web or app. Why? Because it's worth it and I'm good in it.
|
