
Examining the Remnants of a Small DDoS Attack - cdubzzz
https://chrxs.net/articles/2016/12/03/ddos-examination/
======
jaytaylor
I really like this postmortem RCA! The author has done an excellent job
walking us through his thought process and explaining the discoveries.

One thing I'd add is putting HAProxy with stick-tables rules in front of the
web server (even Apache) as a measure to protect against this form of DDoS
attack.

~~~
cdubzzz
Thanks! It was a very odd thing to have happen to such a small website so I
was curious to learn what I could from it. I still want to dig deeper with the
compromised hosts and see if there is some way to determine anything
identifying about the worm or botnet itself.

