DoS | Botnet Specific Defensive Strategies

DoS | Botnet Specific Defensive Strategies: Let’s look at some DoS defensive strategies:-

Disabling Unnecessary Services: You can help protect against DoS and DDoS attacks by hardening individuals systems and by implementing network measures that protect against such attacks.

Using Anti-Malware:  Real-time virus protection can help prevent bot installations by reducing Trojan infections with bot payloads.

This has the effect of stopping the creation of bots for use in botnet. Though not a defense against an actual attack, it can be a proactive measure.

Enabling Router Throttling: DoS attacks that rely on traffic saturation of the network can be thwarted, or at least slowed down, by enabling router throttling on your gateway router.

This establishes an automatic control on the impact that a potential DoS attack can inflict, and it provides a time buffer for network administrators to respond appropriately.

Using a Reverse Proxy: A reverse proxy is the opposite of a forward or standard proxy.

The destination resource rather than the requestor enacts traffic is redirected. For example,

When a request is made to a web server, the requesting traffic is redirected to the reverse proxy before it is forwarded to the actual server. The benefit of sending all traffic to a middleman is that the middleman can take protective action if an attack occurs.

Enabling Ingress and Egress Filtering: Ingress filtering prevents DoS and DDoS attacks by filtering for items such as spoofed IP addresses coming in from an outside source.

In other words, if traffic coming in from the public side of your connection has a source address matching your internal IP scheme, then you know it’s a spoofed address.

 Egress filtering helps prevent DDoS attacks by filtering outbound traffic that may prevent malicious traffic from getting back to the attacking party.

Degrading Services: In this approach, services may be automatically throttled down or shut down in the event of an attack.

The idea is that degraded services make an attack tougher and make the target less attractive.

Absorbing the Attack: Another possible solution is to add enough extra services and power in the form of bandwidth and another means to have more power than the attacker can consume.

This type of defense does require a lot of extra planning, resources, and of course money. This approach may include the use of load-balancing technologies or similar strategies.

Botnet-Specific Defenses

The following are botnet-specific defensive strategies:

RFC 3704 Filtering: This defense is designed to block or stop packets from addresses that are unused or reserved in any given IP range.

Ideally, this filtering is done at the ISP level prior to reaching the main network.

Black Hole Filtering: This technique is essence creates a black hole or area on the network where offending traffic is forwarded and dropped.

Source IP Reputation Filtering: Cisco offers a feature in their product, specifically their IPS technologies, that filter traffic based on reputation.

Reputation is determined by past history of attacks and other factors.

DoS Pen-Testing Consideration

When you are pen testing for DoS vulnerabilities, a major area of concern is taking down integral resources during the testing phase.

The ripple effect of taking out a file server or web resources can be far reaching, especially if bringing the system back online proves challenging after a successful DoS test attack.

As with all pen-testing activities, an agreement between the tester and the client should explicity define what will be done and the client’s timeframe for when the testing will occur. Also, as always, documenting every step is crucial in every part of the process.

Downlaod Complete Course: – METASPLOIT – Penetration Tests from Scratch Download For Free