DDoS Basic handbook.

Written by Bader Alresheedi

Dm at Twitter: @BaderAlresheedi
Understanding the ddos you need to have some knowledge in networking such as the
Internet protocol tcp/udp etc.
Most of the ppl, says there is no solution for the ddos well. I cant agree nor disagree with
them, because the ddos its a big subject doesnt end and it change everyday if you need
more information regarding ddos please go: https://en.wikipedia.org/wiki/Denial-of-
service_attack
If you dont have control over your network then Im sorry there is nothing much you can
do to stop the ddos you might contact your upstream provider they can help you.

Part 1: You need edge router and hardware that can handle the ddos traffic for example
what Im using currently for my router and firewall: Cpu: Xeon 8core, rams: 32GB, hdd:
4x240SSD raid10, nics: 2x dual Intel X520.
Result: Im able to handle any ddos size from 1mbps up to 20gbps less then 5second.
The configuration of my network its very easy I uses linux as border router and freebsd as
firewall bridge. My router border I uses vyatta which it amazing and free I never had any
traffic issue during the ddos.
Well my vyatta runs as router with a few simple firewall rules like blocking bad icmp and
udp, with rate limiting the incoming traffic. But my freebsd firewall I uses pf firewall that
handle any syn flood and some IDS which I uses snort to block any bad layer7 attack
such as http flood etc, you might check it out at snort.org. First of all if you didnt
optimization and tuning tcp/udp buffers the setup it wont handle enough traffic here some
you might understanding what Im talking about follow this link for more info
https://fasterdata.es.net/host-tuning/linux/ .

Part 2: ask your upstream provider do rate-limit in your incoming traffic to match your
port, for example I have 1gbps port and Im getting 5gbps of ddos traffic before the ddos
hitting my network I was already notified my upstream provider to rate-limit my
incoming traffic depend on my network configuration by that I have protected my
network from crashing.

Part 3 and the end of this silly handbook, do a monitor things to watch your network
traffic and cpu load etc during heavy traffic in your network. Personally using MRTG
and SNMP. Please this is small expiation how to fight ddos and each time the ddos
method it change once the ddos goes bigger it gets more complicated, wait for another
silly handbook and let me knows if you got a complicated ddos.

References:
Router: https://vyos.io/
Firewall: http://freebsd.org or I highly recommended http://pfsense.org
IDS: http://snort.org
Mrtg: http://oss.oetiker.ch/mrtg/