As you know, DDoS attacks are pretty popular nowadays. Generally, we use services like Cloudflare to protect against them as these services absorb malicious traffic. But even additional protection mechanisms (e.g., “I’m Under Attack” mode combined with a white list in Cloudflare) will not help, if you disclose your IP address to the outside world (without even noticing it). In this article, we will talk about one of our real-life cases and discuss various ways to prevent them (and resulting DDoS attacks).

Preface. A few words about the scanners

As a starting point for discovering security breaches in your infrastructure, you can use some widely available services.

Here are examples of well-known systems that will help you to find vulnerable or incorrectly configured devices:

• Shodan is a search engine that allows you to use various filters to find Internet-connected devices;
• Censys.io is a novel, IoT-based search engine that, like Shodan, scans all publicly available IP addresses and saves their responses. You can use the resulting list of devices (map) to search for various vulnerabilities or monitor the current state of the network infrastructure;
• CloudFail is a tactical reconnaissance tool which aims to gather all available information about a service protected by Cloudflare. It uses this information to discover the location of the server;
• SecurityTrails is a set of tools for gathering information on a domain name, IP address, and WHOIS data. Part of the data is provided free of charge on the web platform with the same name. Additional information is available via the commercial API;
• Project Sonar “conducts internet-wide surveys across more than 70 different services and protocols to gain insights into global exposure to common vulnerabilities.”

We have used one of the above tools — Censys — in our real-life case discussed below.

#tls #dns #network-administration #cloudflare #ddos #neural networks