For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

DDoS: Detection and Response

The bogeyman, the monster under the bed, the creature lurking in the darkness waiting to pounce… That’s what it feels like we have made Denial of S...

Published May 15, 2012

Version 1.0

Nimbostratus

Joined November 08, 2011

View Profile

jwham20

Nimbostratus

May 18, 2012

Joon:

Take a look at the image next to "The Attack". At that point, the system was seeing about 1.7 Million ( 1,700,000) connections.

You can set Hyenae to send a specific count of attempts with a :

-c [Min packet count]

-C [Max packet count]

Keep in mind, this test was a standard syn flood. If I am reading right, it sounds like you are actually seeing fully established connections (complete 3way handshake) and then a GET request.

If that is so, the syn "cookie" protection would not be in play, since the handshake is being completed.

In the case of a full handshake HTTP GET DoS we'd have to look at the traffic and investigate what identifiable characteristics it has.

Feel free to ping me if I can help!

-Josh

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DDoS: Detection and Response

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS