Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: How to Handle DDoS Incidents? We're Looking for Tips. - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
How to Handle DDoS Incidents? We're Looking for Tips.

The incident handling cheat sheets in an earlier diary applied to many types of security incidents. Some incidents, such as DDoS attacks, can benefit from specialized guidelines. As suggested by one of our readers, we'd like to create a cheat sheet that helps organizations during a DDoS attack. We would love for you to contribute.

If you have handled a DDoS attack, send us your advice on dealing with such incidents faster and more effectively. The tips should assume that the organization is reactive, and has not had much time to prepare for the incident in advance. We're looking for suggestions arelated to all stages of the DDoS incident, including detection, analysis, and mitigation.

We will compile the tips into a cheat sheet if we receive enough of them. (And thanks to those who already sent us their suggestions!)

 -- Lenny

Lenny Zeltser
Security Consulting - SAVVIS, Inc.

Lenny teaches a SANS course on analyzing malware.


216 Posts
Nov 19th 2008

Sign Up for Free or Log In to start participating in the conversation!