--Originally published at Computer Security
Ok ok, the title is a bit too fancy, it was just to catch attention and I apologize beforehand for the repercussion it could have, I’m thinking of changing it later. The machine (computer) is some kind of god for people involved and not involved (mostly not involved but fanatic) in technology. Computers comes in all sizes and shapes, they are in the most recondite places of the world, they can answer almost every question a normal person is able to formulate, and can makes the things we imagine come true.
But this is not some post about why computers are so awesome we can compare them to some kind of god, it’s about denial of service and how to approach an attack of this nature, just like christian people have their counterarguments when other deny god, we security students must be ready when someone is trying to deny services within our system.
First, what’s denial of service (DOS)? It is an attack which consists in stop the functionality of a service provided by some server. Have you ever heard about Anonymous? Some time ago, I watch some post where you entered a page to send packages of information to a governmental web page with the objective of overthrowing it, that’s exactly like DOS works.
Now I’ll present a guide I found to answer effectively to a DOS attack:
First step – Preparation
I moved from a small town to a big city some years ago, I had heard a lot of stories about the common the assaults are here so from the moment I arrived I was expecting an attack at any time, kind of paranoiac. An amount of paranoid it’s OK, one must be prepared for a DOS attack, we have to have complete knowledge of our system
Second step – Identification
Continuing my story, every time I looked at some weird guy, I’d avoid going through that way, I identified a risky situation. So the next step is identify when you are being attacked, because the problem could escape your control.
Third step – Contention
I can’t go on with personal stories because I have never been assaulted and this is the stage where the battle takes action. You work on the different net devices to avoid the malicious traffic affects the service functionality, some measures are blocking/redirecting packages or finding new communication channels between your service and the user.
Fourth step – Remediation
Even if the situation is controlled, you still have to stop the attack, you can’t always be in defense mode. It might be possible that you require to involve your ISP (internet service provider) or even a specialized security force, depending on the level of the attack and the possible damages.
Fifth step – Recovery
Return your services to its original state, before the attack began. This is why you must track and record the actions you take while defending from the attack, and return the configurations to how they were, if no you could have problems on the service even if you are not being attacked anymore.
Six step – Post attack actions
Last but not least, it’s a good practice to analyze everything occurred. So, document details of the attack, discuss lessons learned and verify if some things can be done in another way to obtain better results, then go back to step one and be more prepared for the next possible attack, it might not be near but it’s sure to come.
For more information visit: https://cert.societegenerale.com/resources/files/IRM-4-DDoS.pdf