An informal, low-lying group of sharp minds might be the world’s best defence against Distributed Denial of Service (DDoS) attacks, but legal uncertainty is hindering their capabilities. And it is through this IT grapevine that these groups of researchers and engineers will be notified when a significant DDoS attack strikes. But according to SecureWorks malware researcher and group member, Joe Stewart, these DDoS defenders may face persecution for launching what he says are essential retailiatory attacks due to legal grey areas.<\/p>\n","protected":false},"excerpt":{"rendered":"
“As a victim, you have to identify the IP address that is attacking you. For Tarpitting (a defence against HTTP-based DDOS attacks), set your TCP\/IP window size to zero [which] means the attacker will keep resending un-acknowledged packets and will be stuck in a loop. The overall effect is that traffic reduces more using tarpits than if you drop it and don’t respond. “When we drop packets, the CPU load of the bot is constant and the bot can handle it.<\/p>\n
He poured cold water on hype surrounding the use of peer-to-peer networks to control botnets, and said they are too difficult to control and fully decentralise. He said the infamous Storm botnet used peer-to-peer networks to connect nodes, as an “overlay”, but the coommand and control servers connected normally and were taken down. He said Google Groups and Twitter are often used to obfuscate botnets.<\/p>\n
http:\/\/www.networkworld.com\/news\/2010\/051810-auscert-2010-australia-protected-by.html?source=nww_rss<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-923","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=923"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/923\/revisions"}],"predecessor-version":[{"id":3410,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/923\/revisions\/3410"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}