MyCERT Advisories, Alerts and Summaries for the year 2017
MA-675.072017: MyCERT Advisory – DDoS Best Practices
Date first published: 13/7/2017
Distributed denial of service (DDoS) is a type of cyber threat created by the attackers to bring down networks, web-based applications, or services, unavailable to legitimate users. By overwhelming the targeted network infrastructure, web-based application or network service with high volume of data or requests, the target system either responds too slow as to be unusable or crashes completely.
The data volumes required to do this are typically achieved by botnets, which are networks of remotely controlled infected machines known as zombies that are normally used as DDoS agents in a DDoS attack.
• Slow network performance.
• May disable a web-based application, network service or an entire operating system crashing endlessly.
• Disconnection of a wireless or wired Internet connection.
• Drastic increase in spam emails.
• May affect a company’s revenue, reputation and productivity.
3.0 Affected Products/Systems
Hit system resources like bandwidth, disk space, processor time or routing information.
a. Organizations should start planning for DDoS attack in advance, not to wait until it happens as it is much harder to respond after an attack is already under way;
b. In the event of a DDoS attack, organizations must immediately report the matter to their ISPs for assistance to mitigate the attack;
c. Organizations may subscribe to ISPs who can offer DDoS mitigations services that helps organizations respond during a DDoS attack. Even if there is no formal DDoS Mitigation services provided by the ISP, they should be able to offer the type of assistance to the affected organization for mitigating the attack;
d. Apart from ISPs, organizations may subscribe with providers who specialize in DDoS mitigation. In which during a DDoS attack, traffic to the victim's network will be rerouted to the mitigation center where it is scrubbed, and legitimate traffic is then forwarded to the organization;
e. Check the possibilities offered by Geo-IP blocking. If your customers are
predominantly from Malaysia and neighbouring countries, you can predefine a
profile that either gives priority to IP addresses from this region or blocks other IP addresses. In the event of an attack, you can activate this profile and thus very
quickly increase your options for action and secure additional protection;
f. Organizations are recommended to report the DDoS attack to Cyber999 and report it to the relevant authority responsible for cyberattacks for assistance.
Generally, MyCERT advises the users and administrators to be updated with the latest security announcements and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT