Internet Storm Center

SANS Network Security: Las Vegas Sept 4-9.

Handler on Duty: Didier Stevens

Threat Level: green

Distributed Denial of Service Cheat Sheet

Published: 2011-05-20. Last Updated: 2011-05-20 01:19:43 UTC
by Guy Bruneau (Version: 1)

The CERT Societe Generale has released another cheat sheet for Distributed Denial of Service (DDoS) freely available here. "This Incident Response Methodology is a cheat sheet dedicated to handlers investigating on a precise security issue." [1]

[1] http://cert.societegenerale.com/resources/files/IRM-4-DDoS.pdf

Previously published cheat sheet:

Worm Infection - http://cert.societegenerale.com/resources/files/IRM-1-Worm-Infection.pdf
Windows Intrusion - http://cert.societegenerale.com/resources/files/IRM-2-Windows-Intrusion.pdf
Unix Intrusion - http://cert.societegenerale.com/resources/files/IRM-3-Unix-Intrusion.pdf

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: DDoS IRM

Comments

might be obvious for most but I miss one critical prep:
distribute your dns servers/infrastructure through several AS! lowering the ttl for easier switching won't do any good if the servers aren't reachable because they depend on the DDoS'ed link(s).

Login here to join the discussion.

Diary Archives