DDoS Playbook

 

DDoS Attack Playbook:

1) Identify the attack

• Monitor network traffic for unusual activity or spikes in traffic.
• Take note of unusually slow services .
• Check traffic logs/firewall logs to identify malicious traffic.

2) Notify your ISP

• Your ISP may be able to help by filtering out the malicious traffic, or by redirecting it from your network.

3) Determine the attack vectors

• Find the point of compromise that the attacker abused to preform the attack.
• Find what the attacker is trying to achieve and protect any critical or sensitive services of the network.

4) Block the attack

• Try to redirect as much traffic away from important services and ideally away from the whole network.
• Set firewall rules to try to block some malicious IP’s
• Modify firewall rules to better detect this type of attack for the future.

5) Monitor network traffic

• Both during and after the attack, network traffic should be carefully monitored for suspicious activity.
• Logs should be kept to analyze at a later time.

6) Conduct analysis

• Keep detailed notes of the attack so that after, you can look for areas of improvement.
• Provide training based on areas that can be improved
• Audit logs.
• Review security controls and rules.
• Get in contact with all necessary personnel i.e. stakeholders, law enforcement, etc.