DDoS Attack Preparation Workbook

Internet DDoS Attacks are a force of nature on the Internet. They are like earthquakes, hurricanes, floods, tornados, tsunamis, and all other disasters. Organizations need to prepare for a DDoS Attack the same way they prepare for severe weather and natural disasters. These guides have been crafted based on my personal experience (+25 years of DDoS experience) and the experience of my peers who I’m constantly working with to mitigate, disrupt, push back on the DDoS threats. The DDoS Attack Preparation Workbook pulls all the work into one location. This would make it easier for teams to pull down materials, guidelines, tools, and techniques that have proven to mitigate the effects of DDoS Attacks.

DDoS Preparation Guides, Playbooks, and References

The following are tools all organizations can use to get ready for the inevitable DDoS Attack. Focus on cost-effective essentials. They are key even if you need 3rd party cloud-based Anti-DDoS services.

DDoS Resiliency Workshops

DDoS experts around the world are rethinking and recrafting the DDoS Training into a new workshop series. We cannot ignore the growing, expanding, and unrelenting DDoS threat. We now live in a world where any system connected to the global telecommunications system (the Internet), must be resilient to DDoS. The capacity to launch DDoS attacks expands. The means of access and launch attacks are getting simpler. The miscreants setting up these DDoS systems are not getting caught nor ‘incentivized’ to stop.

The revised DDoS Resiliency Workshop kicks off with APRICOT 2022. Check out the materials here.

DDoS Extortionist’s Behaviors

Smart and prepared organizations use DDoS Extortionist’s Behaviors as a Defensive Tool. We have a long history of DDoS Extortionists. Action can be taken if you understand the criminal behavior behind the DDoS Extortion.

7 Habits of Highly Effective Cybercriminals

Yes, there are habits of success used by highly effective cyber-criminals use to be successful! We can leverage the knowledge of these habits to better prepare, defend, and attribute attacks. To understand where these habits were first observed, we must go back to the point where the Internet explosion was creating the opportunity for new criminal enterprises.

Preparing for DOS Attacks – the Essentials 

Created by several members of the DD4BC investigation. The DD4BC crew used a crafted DDoS Attack to gain the attention of the organization. They then extorted the organization to prevent further attacks. This document was pulled together after the DD4BC arrest (see EUROPOL’s statement – INTERNATIONAL ACTION AGAINST DD4BC CYBERCRIMINAL GROUP). The team knew the clock was ticking, it would be a matter of time before the next wave of DDoS Extortion was launched. This document was crafted to help organizations prepare. It is based on “what organizations were missing when DD4BC hit them with a DDoS Extortion Attack.”  

Demanding Security from your Vendors

How does any organization have a productive and meaningful security conversation? This guide offers a simple and meaningful security conversation guide. These conversations would help the organization determine the real security risk from their vendors.  This is an updated version of a set of questions Operators (and vendors) can use to have these meaningful conversations. 

How do you really stop DOS Attacks?

Are you prepared for the next DoS Extortion attack? DDoS Attacks will not go away. All the threat actors use DDoS as a tool to achieve their objectives (State Security, Cyber-criminals, Political Activities, and Corporate miscreants). DDoS Extortionist Groups will cyclicly appear every 12 to 18 months.  DDoS is not something to ignore. It is time to review those “DoS” preparation checklist. This white paper explores the data that would need to be collected to successfully push back on DoS attacks. It includes information your “DoS Defense Allies” will need to help you mitigate, remediate, and potentially whack down the DoS attack.

Reporting DoS Attacks & Fighting Back Against DOS Attacks

Expect DDoS Attacks. Prepare for DDoS Attacks. Don’t wait until you have an active DDoS Threat to start your work. There is no perfect anti-DoS solution. But with forethought, planning, coordination, and practice any organization minimizes the impact of the DoS attacks. What follows ten essential steps that have proven to help organizations prepare for DoS attacks. The fundamental principles you will find in this article apply to all organizations – large and small. They focus on low-cost – low-impact anti-DDoS essentials that add DDoS Resiliency to the entire organization.

Are you ready for the next attack? (Part 1)

Are you ready for the next attack? As many of my colleagues know, I’m constantly on the lookout for tools that would help my peers in all networks find ways to mitigate the security risk in their operations. 

The Practical Security Checklist – Part 2.1

This is part “2.1” of a multipart post to help organizations take security action. Stay tuned for next week’s practical security checklist item. Board members, CxOs, and professionals are saturated with security advice. This security advice is often confusing, contradictory, and always biased toward “buying something.” “Good security advice saturation” results in paralysis of action.

Operator’s Security Toolkit

It is time for a refresh of the SP Security materials used by many over the years. Back in 2002, several people in the emerging “Service Provider Security” field pulled together a list of top practices every Operator should deploy. These “NSP-SEC Top 10” techniques became the foundation of our toolkit that is used daily to mitigate DDoS Attacks.

Filtering Exploitable Ports and Minimizing Risk from the Internet and from Your Customers – What are you doing to prepare for the next “scanning malware” and “Internet Worm?”

Operators (CSPs, ISPs, Cloud Companies, and Hosting Companies) are strongly encouraged to deploy Port Filtering on the known Exploitable ports and Source Address Validation (SAV) on their customer edge of the network as a default configuration. Filtering Exploitable Ports will minimize risk to the Operator’s infrastructure, and the Operator’s Customers and Proactively minimize risk to the collective Internet & Telecommunications network. Customers who need access to their ports can request a bypass through the Operator’s customer support.

This document is a consultation and education tool for those Operators who have yet to deploy Exploitable Port Filtering. The document is maintained for the community.

UK National Cyber Security Centre (NCSC) one-page checklist on Preparing for DoS Attacks

This advice is written for technical and security IT professionals and summarises how to prepare for denial of service (DoS) attacks. It is not possible to fully mitigate the risk of a DoS attack affecting your service. However, the following five practical steps, if implemented, will lessen the impact of any incident. For more information, visit www.ncsc.gov.uk/dos

Australian Cyber Security Centre (ACSC) – Preparing for and Responding to Denial-of-Service Attacks. 

Although organizations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organizations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy; it is very difficult to respond once they begin, and efforts at this stage are unlikely to be effective.

AKAMAI WHITE PAPER – 8 Best Practices for Building and Maintaining a DDoS Protection Plan

Akamai’s Anti-DDoS services emphasize planning and preparation with the Tools to execute on those Anti-DDOS “playbooks.”  This guide can be used by anyone to start their own Anti-DDoS Playbook for their organization. The companion white paper, 8 Steps to a DDoS Mitigation Plan supplements the first guide. Finally, the new DDoS Extortion Battle Checklist covers many techniques that would “trigger” DDoS Extortionist behavior to go find easier targets.

Additional DDoS Resiliency Guides

The following is a long list of guides to help you on your journey. Some may seem old but remember our History of DDoS. The attack vectors don’t go away. They might be forgotten and seem not to be a risk. Our defenses get neglected, systems evolve, we forget DDoS Resiliency, and then POW …. the old attack vector gets rediscovered.