Search This Blog

Tuesday 7 April 2020

Switching to the NBN - Fibre To The Node (FTTN) - what you want to know that no one seems to tell you

I'm on ADSL2+ and receive a flyer in the mail saying NBN is available in your area. So I pop on over to the NBN website, put in m address details and sure enough it says im ready to choose a provider. But I have a few questions first:
  • What is FTTN?
  • Can I use my existing modem?
  • Which provider should I choose?
  • What plan should I choose?
  • Will my existing home phone still work?

I hunted around for these answers and while i'm sure the exist, it was difficult to find. There is plenty of links which explain FTTN and NBN Co does a pretty good job of explaining it so ill leave it to them for the defnition, but essentally its VDSL technology which has been around for quite some time. 

If its been around for some time will my existing modem work you might ask, well if your existing modem/router is VDSL compatible then there is a good chance it will. I would recommend looking up the specifications of your modem and finding out what VDSL protocols it supports. My trusty old Fritzbox 7390 said it supported ITU G993.2 but i wasnt sure if that was enough. Various ISP's I was considering using listed their modems provided so after looking up their specifications they listed a range of protocols so who knows if it would work. Also most ISPs provide limited assistance when it comes to modems which are not provided by them. As it turns out NBN FTTN uses/supports VDSL2 17a G.Vector (ITU G.933.5) as per the below screenshot. It may support other VDSL2 protocols but this is what worked for me.

Obviously the above information was after I chose an NBN plan, I ended up going with my existing provider for simplicity and they had a good offer on at the time though whistleout and whirlpool always seem to have good broadband information. I'd suggest checking there if you are considering switching providers. Though to choose a different provider you will probably need to know what you are shopping for.

Given the techie that I am, before switching I did some analysis on my existing ADSL2 connection. As per the below screenshot you can see I was getting ~19.2mbit/s down and ~1mbit/s up on ADSL2+ which all things considering is pretty good! Most standard NBN FTTN plans are around 25mbits down and 5mbits up so I would be hoping the NBN would cost about the same if the speeds are similar. Turns out I signed up for a 25mbits down / 4mbits up for the same price. So a bit faster on the uplink which helps for snappiness and so far making the switch.

I did some research on my existing monthy usage from my ISP portal and worked out I was using just on average somewhere between 100 - 200GB per month. I ended up going for a similar unlimited plan since i thought my data usage my increase on the NBN but so far it has remained about the same. Perhaps if I chose a faster speed my usage might have gone up, but will my existing line support a faster speed? How fast of a plan could I go?

A couple of points, firstly when switching from ADSL, dont forget to take out all of the line filters you might be using! And secondly like me if you have oldschool yellow 2 pair cabling through your house its very likely to affect your reliability and throughput. Initially I was experiencing regular errors/timeouts on my connection which turned out to be the old cabling (tested it straight from the incoming street connection) and had an attainable throughput of about 50mbit/20mbit.

After switching out with cat 6 cabling (about a 25m run) I had an attainable throughput of about 100mbit down / 50 mbit up. Given this is the case it wouldnt be worth signing up for any plans above this speed but atleast I know my current speed limits! Also no more dropouts :)

So lastly would my existing phone work? Most plans give you the free option of a land line. Given I had an old analog one on the kitchen wall it was probably easier to try and make it work rather than patching the hole, so I signed up for a free land line.

These lines generally use a SIP VOIP connection which your ISP can provide settings for. My Fritzbox supported 2 analog lines and using the old yellow 2 pair wiring with some basic configuration I was able to setup my old existing analog phone to work with VOIP.

Hopefully this post has given you some more information I wasn't able to find before making the NBN switch - and might extend the life of your old modem.

Tuesday 28 January 2020

Making an Automatic Sliding Gate

Sliding gates can be quite useful for closing in your yard. In my case a garage door would have cost about the same however limited the usable space. After looking around many places offer prefabricated gates however they seemed a bit more expensive or you would have to pick up the whole gate once it has been made. Given my gate was 4.5 meters wide and 1.5 meters high, I would have had to likely hire a truck and drive a fair distance. Not to mention the gate would have been custom made since i couldnt find anyone who reasonably flat packed that size. Though this may be a viable option for yourself if you want to save on time, effort and to get the desired finish.

After some research I thought i may be able to pull this off. As a general handy kind of person but not too much experience in cutting, welding and general construction - it seemed like a reasonable project to try and tackle.


These are the guides (Jackal Fencing | EasyGate | BMGI | AutomaticGateSolutions ) I read which were very handy on the do's and dont's for sliding gate consutruction and installation. Its recommended to have a read if you're looking to make a start. It definitely helped in preparing for what would be required for the construction and installation.


After measuring up the following was aquired to make the frame and support posts from a local metal supplier. I found Scott's Metals quite handy for finding metal products and prices for estimation. Atleast when you go into your local supplier you vaguely sound like you know what you're talking about.

  1. 100x100x2 SHS Galvanised steel (2x2.2m)
  2. 50x50x2 - SHS Galvanised steel (1x4.5 and 2x1.58m)
  3. 100x50x2 RHS Galvanised steel (1 x  4.5m)
  4. 25x25x3 angle - (2 x 4.4m)

The slats came down to a choice of Merbau decking or hardwood fence. The total coverage including spacing was 6.732m2. I gave the hardwood fence a go and just sanded it back and clear varnished it. I figure i can always swap them out in the future if i dont like how it weathers. Another consideration was aluminium slats.

Gate weight was also important to calculate since it would provide the specifications for the solar motor and other weight calulations. Not to mention how to maneuver it into place.

23kg/m2 x 6.732 (1.53 x 4.4) = 154.836kg

50 x 50 x 2mm (2x1530, 1 x 4500)= 2.93kg/m = 22.1508kgs
100 x 50 x 2mm (1 x 4500) = 4.50kg/m = 20.25kgs
25 x 25 x 3mm (4400) = 1.89kg/m = 8.316kgs

TOTAL = 205.5528 kgs

Etch primer and black spray paint was used to finsh the frame and support posts. The primer was just applied using a roller brush. I considered powercoating the whole thing however i would have needed to transport it to and from.

For the Solar Gate Opener I used the weight and gate dimentions to work out a suitable unit. I managed to pick one up as a complete kit which seemed to work well. What i liked about this unit (apart from everything came together) was that it supported inputs of 24v DC/AC and 240v. This meant I could run additional low voltage power without the need of an electrican via a trench if the battery system didnt work as well as I wanted. Its been working perfectly for the last few months so fingers crossed.

Next I just needed a roller kit which allows the gate to slide manually across a track. Only issue with the one I ordered was it didnt come with enough track fasteners which I ordered separately from tigerlink.

Before moving the gate frame into place I had to put down a footing. This was after I cemented the 100x100 posts into place. For the specifications I just used what was in the guides posted above. Trench mesh or reinforcing steel helps with cracking and ensures the track stays straight. I made a conduit hole in the footing for where the additional power to the motor could be run in the event i needed it.


A rough sequence of construction was as follows:
  1. measure up everything
  2. dig footing and post holes
  3. cement posts into place
  4. complete track footing
  5. weld up gate
  6. attach rollers to gate
  7. paint gate
  8. prepare wooden slats (pre-drill screw holes, sand and varnish)


Once all the construction was finished the gate was installed in the following order. See guides for more detailed information to do some of these steps.
  1. attach track to footing and drive way
  2. move frame into place
  3. attach support rollers, catch and stoppers
  4. install solar kit and motor 
  5. adjust gear tracks accordingly
  6. attach limit switch striker plates
  7. screw slats to frame
The footing and sliding track was a bit tricky during installation since the drive way has a bit of a hump in the middle. I ended up having to cut into the driveway and had the track on a slight slope. While there is no issue with this the trick was keeping the slope straight so that when the gate is sliding it doesnt touch at any point. This is covered a bit more in the lessons learnt section.

The automatic motor needed a support frame to get it to the desired height. This frame was dynabolted into the concrete footing

A good tip is to ensure that the gate moves freely without having the motor move it before you program the electronics. Once the motor is fixed to the ground you can adjust the gear tracks to the right height/position and manually release the motor so it has good connectivity between the tracks and the teeth for the whole time it is moving. Surprisingly this didnt not need to be as perfect as I thought it may to get it working well however the better you get it the less likely it will have issues in the future. 

A video of the final product in full swing can be found here :)


Roller Gate Kit - $253
Steel: $240
Paint: $5
Additionally (counter sunk, respirator) = $10
Primer $29
Rio $10
Solar gate opener $360
Hardwood fence pailings (44) $88
1L varnish and 200 gal 22mm screws $60
26 x Sliding Gate Track Fasteners Zipfix 40mm x 6mm $16.80

TOTAL: $1071.80


Things I would do differently that come to mind are as follows:

Gate Construction

Looking back on it i would have likely welded a coule of extra timber braces into the gate. Currently the slats are fixed at the top and bottom and have the potential to warp over time. By adding the brace it should stop this happening. Maybe something ill do if i replace all the slatting over time.

Support posts

I would consider going with thicker 100x100 posts. While what is there is fine it would just be a bit more sturdy and support for the various screws and bolts better.

Concrete Footing

I would have spent more time on the form work of the footing to get it level and easier to screed. I know at the time it feels like you just want to get into it and move along but i think i would have spent less time and without a cup grinder if i spent more time on this

Not mix by hand! I know the footing looks relatively small but it does end up being time consuming. I think I spent the whole day on mixing and filling concrete. By the end of the day I was knackered and didnt feel like spending much time on the leveling. Looking back on it the leveling is where you want to spend most of the time to get it right. Look into getting a cement mixer, it makes it much easier. But if you're set on mixing by hand, get a mate around to help.


I've considered adding beam sensors and a manual switch at the gate for convinience. Not sure exactly how much power these things would consume so I may look at doing this at a later date. The motor supports these functions

Thursday 28 February 2019

DJ ND - Like a Rollercoaster [Mixtape]

Like Any Given Sunday - Street Level at King Street Hotel. You know what to do

01 - Michael Jackson - Rock with you
02 - Friendly Fires - Skeleton Boy
03 - Golden Features Feat Fear - No One
04 - Zhu - Faded
05 - Camelphat Elderbrook - Cola
06 - Eurythmics - Sweet Dreams
07 - Ellie Golding - Lights
08 - Prince - 1999
09 - Regurgitator - The Song Formally Known As
10 - Touch Sensitive - Lay Down
11 - John Newman - Love Me Again
12 - Robert Delong - Global Concepts
13 - Human League - Don't You Want Me Baby
14 - Elderbrook - Capricorn
15 - Seal - Crazy
16 - Martin Solveig & GTA - Intoxicated
17 - Journey - Don't Stop Believin'
18 - Loud Luxury Feat Brando - Body
19 - Spandau Ballet - True
20 - Bob Marley - I Can See Clearly Now
21 - Empire of the Sun - We are the People
22 - Mann - Buzzin
23 - Daryl Braithwaite - Horses

Monday 25 February 2019

DJ ND - Dance First [Mixtape]

Mainstream mix with a few classics mixed in for some good times.

Download Link: here

01 - Lauren Hill -  Can't Take My Eyes Off You
02 - Tyga -  Rack City [Radio Mix]
03 - Big Boi ft. Cutty -  Shutterbugg
04 - L D R U Ft. Paige IV - Keeping Score
05 - Peking Duk Ft. Icona Pop - Let You Down
06 - Baker Boy - Mr La Di Da Di
07 - Daft Punk feat. Pharrell Williams -  Lose Yourself to Dance
08 - Whethan Feat Honne - Radar
09 - Robert Delong - Happy
10 - Beyonce vs  Jagged Edge -  Single Ladies Get's Married
11 - PNAU - In My Head
12 - Peking Duk Feat Nicole Millar - High
13 - Rihanna - Diamonds
14 - Kanye West - Flashing Lights
15 - Peking Duk - Fake Magic
16 - Eve - Tambourine
17 - Hanson - Mmmbop
18 - Daft Punk Feat Panda Bear - Doin' it Right
19 - Kendrick Lamar - King Kunta
20 - Prince - Kiss
21 - Client Liaison - Off White Limousine
22 - Dexys Midnight Runners – Come On Eileen23 - Queen - Under Pressure
24 - Frank Ocean - Lost
25 - Fisher - Stop It
26 - Zhu - The One
27 - The weeknd - Can't Feel my Face
28 - Fergie - Here I come
29 - Kendrick Lamar - I
30 - Outkast - I like the way you move
31 - Hayden James - Just Friends

Saturday 23 February 2019

DJ ND - The Vibe [Mixtape]

Another party mashup with all your favourite artists. Click here for the goods


01 - Drake - Passionfruit
02 - Jason Derulo - Want to Want Me
03 - Calvin Harris - Colors
04 - RUFUS - Say a Prayer For Me
05 - Stevie Wonder - Superstition
06 - Claptone Feat Peter Bjorn - Puppet Theatre
07 - The Avener - Fade Out Lines
08 - Motez Feat Scrufizzer - The Vibe
09 - Michael Jackson - Bad
10 - RUFUS - Like an Animal
11 - PNAU - Go Bang
12 - Milky Chance - Stolen Dance
13 - Asta Feat All Day - Dynamite
14 - Krafty Skillz - It's a Booty
15 - INXS - Need You Tonight
16 - Bob Marley - Could you be Loved
17 - Disciples - They Don't Know
18 - Flume - Holdin On
19 - Yaeji - Rain Gurl
20 - Darude - Sandstorm
21 - Mat Zo & Porter Robinson - Easy
22 - Bag Raiders - Sunlight
23 - Hermitude - Hyperparadise
24 - Hermitude - The Buzz
25 - Drake - Hotline Bling

Tuesday 23 January 2018

Hiking Angel Falls

After doing the Andes World Travel  Angel Falls - Rappel & Trek trip (Explora Treks in country) we come out with some handy tips for anyone who is looking to do this trek/rappel or another tour which may offer something similar. If your interested in a bit of Angel Falls history and background click here

Fitness and Experience

This trip covers 15-20km per day undulating terrain walking on un-maintained trails. Approx. 8 hour days with jungle bathrooms (if you know what I mean). Abseiling with all your bags and being on some precarious high ledges. With that said you get to see some stunning scenery, meet great people and experience something of a lifetime!

Guides are experienced in taking people on this tour, have climbing experience and very helpful. Abseiling experience is not required but recommended. ExploraTreks recommend a minimum of basic rappel rope management skills. We didn't do much prior however a day course from the Australian School of Mountaineering helped boost confidence.

Revised Packing List 

Amendments to the provided packing list:
  • Snacks (whilst breakfast lunch and dinner is always provided, snacks for the day is not)
  • Soap/shampoo/conditioner (nearly all camps have the opportunity to bath in a river or stream, also handy for washing clothes)
  • Gators or old shoes (not a huge fan of gators but there is some serious mud on this trek)
  • Ear plugs (charted plane sounds like a lawn mower for an hour or two - music earbuds may do the trick)
  • Mosquito (puli puli) net (optional - not on our packing list provided but you do sleep open air a couple of times where they can be bad
  • Plates, cups and forks were on the list but not required


Additional notes to existing itineraries here and here


Day 1 - Arrival - Caracas - Cuidad Bolivar

Arrive 3am transit to Cuidad Bolivar arrive midday (9 hour car ride). Transfers normally by connecting flight if available in country (wasn't available for us due to issues in country). Option to leave bag with the tour company at airport and pick up on return flight from Canaima. 

Day 2 - Cuidad Bolivar - Uruyen Camp

Up breakfast 7am fly 8-9am (take ear plugs - leave stuff at airport) to campsite (1.5 hours - 7000ft). Arrive noon. Hike to swimming hole (3 hour round trip - no box lunch). Dinner around 4-5pm plus briefing

Day 3 - Uruyen Camp - Guayaraca Camp

7am weigh gear hike by 8.40 first campsite 5-6 hours 15km (4 hours with lunch - 1 hour to cliff 2 hours climb 1 hour to camp site with lunch stop). Arrive around 2. Go for swim in near by river

Day 4 - Guayaraca Camp - El Penon Camp

Up at 6.40 hiking by 8.40 up hill Forrest across plain to jungle take water before going up ascent in jungle. Lunch at big rock with site seeing of previous levels. Continue up jungle forest to campsite (6 hours). Setup camp under the rock and refresh in the stream 2 mins away.

Day 5 - El Penon Camp - El Oso Camp

Up at 6.40 for 8.30 start walk to cliff face up similar terrain as before. At the cliff face walk and climb your way using various rope systems to the 3rd terrace. Take lunch and continue to walk to the next camp site over flat rock. Make sure you pack your toggs in your day pack for a mid day bath in the orange river. Short 45 minute walk to camp (finish at 4.30 - 8hours). Fill water at orange river since no water available at the campsite.

Day 6 - El Oso Camp - Lecho Camp

Short day today. Set out at 9am across the terrace walk through forest to the Churun river, arrive at 11.30 and take a swim while lunch is prepared. Another 45mins through undulating terrain alo
ng the river to the next camp site (1.45pm arrival). More swimming and relaxing

Day 7 - Lecho Camp - Neblina Camp

Mud day! Long pants a must! Ascend away from Churun river up to the ridge to make your way though the labyrinth of trees and rocks. Now the fun part! Navigate the swampy plateau to the creek to refill drink bottles and energy tanks (3hours) then onward through the swamp to the lunch spot by the stream (1 hour). After lunch a little more mud until the downhill decent to the campsite to relax by the creek to wash off all the mud. (9am - 4pm with lunch break).

Day 8 - Neblina Camp - Salto Angel Camp

Early start as the last day hiking will be the hardest. Set out north east through thick scrub for about a hour to the weather station then cut back into the forest where the track will wind through the bush to the lunch spot by the river. After lunch continue for about 2 hours through the bush on the narrow track lined by tree roots to the next camp site on the edge. Take a break or a bath since you earned it and prepare for the rappel.

Day 9 - Rest Day

Rest day today (or at least on our trip since its negotiable) is a good opportunity to get your gear in order, possibly a couple of test rappels and go see the edge of angel falls. Take a moment to view the Kerepacupai river as this is what feeds angel falls.

Day 10 - Rappel: Salto Angel Campsite - La Cueva Ledge

Rappel day. A very early start (5.30) to have breakfast and packed and ready to begin repelling by 7am. Take a short walk to the first rappel point and follow the instructions of the guides. Take a deep breath before launching yourself into almost 1km of decent over 2 days (14 rapells varying from ~20m - 95m in length). First day is 7 rappels and half the distance to the cave camp spot. You will most probably arrive in the dark so get your sleeping arrangements sorted, something to eat then rest.

Day 11 - Rappel: La Cueva Ledge - Isla Raton Campsite

Wake up to stunning angel falls views from the campsite if you managed to get some sleep! After a quick breakfast and packing up the camp its straight back into it for another day of repels. Today most repel s are through jungle like terrain hit another 500m none the less. After deciding the 7 pitches you find yourself in jungle on there side of the wall. About an hour walk to the best ground viewing point of angel falls. After a quick group photo it's on the trail again to the next camp site (2 hours) where other team members are waiting with a hot cooked meal and drinks. Likely a bath in the river at night since its been a long day. Sleeping in hammocks.

Day 12 - Boat: lsla Raton Campsite - Canaima

The last of the early starts. Take breakfast then a boat ride down the Churun/Carrao river (approx. 5 hours). If the river is shallow a few walking stops along the way may be needed to get the long boat through. Arrive at Canaima pier and unload bags onto waiting transport to take you to the nights accommodation (Morichal Lodge) where lunch and drinks are available. Take some downtime and or a boat ride to see the falls in the afternoon followed by dinner and a free evening.

Day 13 - Canaima - Cuidad Bolivar - Caracas

Early morning flight from Canaima to Ciudad Bolivia then a transit back to Caracas (car or plane). Nights accommodation near the airport (ole something).

Day 14 - Caracas - Departure

Following day transfer to Caracas airport by inclusive transfer.


At the time of travel (Dec 2018) the exchange rates for Venezuela was as follows. It was a bit confusing with the whole official and unofficial rates but this article gives a bit of insight. There is some controversy about the unofficial rate which apparently is influenced by the information on this website. Most people in country pay with a bank card since carrying around cash is a little inconvenient. We only found one place in Canaima where we could exchange currency (USD for Bolivars) but our new Venezuelan friends were kind enough to cover our costs until we found a place to exchange money.

Official Rate:

25,000 = 2.50c USD
100,000 = 10 USD
1,000,000 = 100 USD

Unofficial Rate:
25,000 = .25c USD
100,000 = 1 USD
1,000,000 = 10 USD

Exchange in Canaima:
80000 = 1 USD
50 USD = 4,000,000 Bolivars


Porter cost approx. 35USD (15kgs / 3 USD per day) for Tupi hike. Need to take your bag down the abseil with you (strapped to your ATC belay device)

Equipment hire was $50 USD for the following
1 x harness
1 x helmet
3 x carabina
2 x sling (one for bag and one for you)
1 x black diamond ATC belay device

Some approximate costs to get an idea of budgeting:

Postcard and magnet  = 15,000 Bolivars
Dinner meal (hotel) =  500,000 Bolivars
Beer (Canaima) = 1USD
Bottle of Rum (Cacique) = 660,000 Bolivars

Hotel food costs as per picture

If your looking to travel to other places in or near Venezuela why not try some of the other large cities or somewhere in the Caribbean.

Monday 8 February 2016

Mitigating distributed denial of service attacks – a practical approach

Distributed Denial of Service attacks present a real threat to the security and reputation of industries across the globe. This report looks at why DDoS attacks occur, who are likely targets of DDoS attacks, types of DDoS and strategies to mitigate against attacks.

The first Distributed Denial of Service (DDoS) attack tool appeared in June of 1998 labelled FAPI. FAPI could direct TCP, UDP and ICMP traffic from multiple attack sources causing a victim to become unresponsive to legitimate requests (Lin & Tseng, 2004). Since FAPI, DDoS tools and techniques have provided a lucrative avenue for cyber-crime. With more organisations and businesses connecting critical infrastructure to the internet, the impact of DDoS strikes is becoming increasingly prevalent.

Why Who and What?
DDoS attacks can be used for masquerading other attack activity, revenge, hacktivism and more typically extortion (Symantec Corporation, 2015). It is common with extortion attacks where an organisation will be given an ultimatum for money or else its online presence or internet services will be affected, usually during a critical time for the business (Mansfield-Devine, 2011).
Figure 1 - Size and Frequency of DDoS attacks
(Akamai Technologies, Inc, 2015)

Cyber criminals use DDoS because botnets are cheap, highly effective and hard to detect. Botnets can go for as little as $5 per hour, use normal connections and consistently bring down internet services like clockwork (Florian, 2012). DDoS targets are usually broken down into different industries with over half of all attacks in 2015 directed towards gaming and software and technology entities (Akamai Technologies, Inc, 2015).

Figure 2 - Attacks by Industry (Akamai Technologies, Inc, 2015)

DDoS attacks are growing in frequency and intensity each year, the likelihood of businesses being targeted is ever increasing. DDoS attack vectors generally fall into two categories – Layer 3 network or infrastructure floods and Layer 7 application attacks (Mansfield-Devine, 2011). Infrastructure attacks utilise network protocols such as TCP, UDP, ICMP, NTP, SSDP, DNS and CHARGEN; these network layer attacks account for over 95% in frequency and volume of all DDoS traffic in 2015 (Akamai Technologies, Inc, 2015).

Application layer attacks on the other hand exploit web servers by flooding the service with a large number of HTTP GET, POST or PUSH requests. These requests aim to overwhelm the server's resources until the service is rendered unusable or unavailable (Iyengar, Banerjee, & Ganapathy, 2014).
Figure 3 - Attacks by Type (Akamai Technologies, Inc, 2015)

A trend towards the use of non-botnet based resources such as open proxies has recently been observed. This shift may lead to an increase in reflective DDoS attacks that abuse web application frameworks making DDoS mitigation exceedingly challenging (Akamai Technologies, Inc, 2015).

Mitigation Strategies
Many different mitigation strategies exist depending on client base size, content type, business requirement and funding capital. Four traditional mitigation tools exist which can be used independently or in conjunction with other mitigation methods such as white listing and cloud security services. Mitigation tools include bandwidth defence, rate filtering, signature filtering and moving target (Hunter, 2003).
Bandwidth defence aims to mitigate bandwidth attacks. A bandwidth attack involves large traffic throughput which can be upwards of 10GBp/s as shown in figure one. This attack aims to overwhelm the connection pipe to the web site to disrupt service. Bandwidth defences usually involve the use of multiple service provider internet links and the ability to increase internet throughput on demand (Mansfield-Devine, 2011). Content Distributed Networks (CDN) such as Akamai and Sandpiper also assist with bandwidth defences however usually is expensive. Organisations should intelligently monitor their infrastructure bandwidth to ensure sufficient normal capacity and the ability to detect bandwidth attacks when they occur (Hunter, 2003).

Rate filtering looks to counter DDoS attacks through preservation of resources on the victim end. A DDoS SYN flood attack aims to exhaust finite bandwidth, CPU, memory and buffer resources.

Figure 4 – Traditional single tier data centre.
Adapted from “Three Tier Network Architecture to mitigate DDoS Attacks on Hybrid Cloud Environments” by Bhardwaj, Subrahmanyam, & Sastry, 2015.

Each connection allocates system resources. Once resources are saturated, subsequent requests are dropped causing service outages. Limiting half-open connections, packet throughput and monitoring resources can mitigate these types of attacks. Access control lists (ACL) also preserve system resources through network packet filtering. Filtering should be placed as close to the network perimeter as possible to limit device resource allocation. In the event rate filtering is problematic, distribute the filtering over multiple inline perimeter devices to share mitigation load (Beitollahi & Deconinck, 2012).
Vendors which provide commercial rate filtering devices include Hewlett Packard Enterprise, Riorey Checkpoint, Juniper, F5, Fortinet and Cisco. Low bandwidth DDoS and application layer attacks cannot be mitigated by rate filtering, cloud security services or signature filtering can assist with these types of attacks.

Signature filtering relies on recognizing signatures created for typical attack patterns. These devices are efficient and less likely to suffer from performance problems, however could block legitimate traffic (Hunter, 2003). Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS) are great examples of signature filtering devices. WAFs and IPS’ execute deep packet inspection on HTTP/S requests and their payload to identify and prevent attacks. Akamai recommends WAFs which utilise flexible comprehensive rule sets, situational awareness, black and white listing, GEO blocking, behavioural controls and origin cloaking (Akamai, 2014).

WAFs and IPS’ should be placed inside or outside (or both) of the perimeter network. Inline open source perimeter IPS devices which support custom signature and the ability to capture DDoS traffic for analysis include Suricata or Snort.
The Moving Target Defence involves switching services to a new IP address in the event of an attack, DDoS attack traffic will then be delivered to the old IP address mitigating the attack. For added protection the IP addresses can be changed periodically to provide further defence against attack. This option has the advantage of reducing the risk of an attack since multiple end points are possible and the process of changing service IP addressing is frequently tested. Attackers can circumvent this defence by using DNS requests to identify the new service IP address. Moving target defence should not just protect public web addresses; it should also protect DNS servers and core network infrastructure (Hunter, 2003). Cloud security services can provide moving target defences since the web services public address points to the cloud security service. Cloud security edge servers act as a distributed firewall. Traffic is scrubbed and cleaned before clean traffic is forwarded to the origin server (Gillman, Lin, Maggs, & Sitaraman, 2015).

Moving target defence can be costly due to the number of servers and network addresses required to keep shifting services, not to mention the attacker can easily identify current infrastructure addresses. This is where white listing can improve defence success.
White listing can be done by a VIP list (user based) or cloud security services white listing (service based).

Figure 5 - VIP whitelist overview (Yoon, 2010)

Very important IP addresses (VIPs) are collected IP addresses from previous successful applications logins to make a whitelist under normal network conditions.

The VIP or whitelist is installed on a perimeter network device and activated when a DDoS attack is detected. White listing is similar to GEO protection however instead of permitting or blocking based on country, the whitelist is permitted based on previous successful user authentications.

Figure 6 - CloudFlare security services

Due to the nature of internet users and public IP allocation, users can often be assigned a new public address when connecting to the internet. Yoon observes public IP addresses of client users do not change all that frequently however when it does, the network address portion remains the same since most service providers are allocated a static range and use a contiguous block. This can be exploited to maximize the usefulness of the VIP list by introducing network subnets to the VIP whitelist. (Yoon, 2010).

Figure 7 – Cloud security services with CloudFlare. Retrieved January 2015, from Copyright 2016 CloudFlare, Inc.

Leading cloud security services offer CAPTCHA, IP ACLs, GEO blocking, WAF, DNS protection and analytics. According to Forrester Wave, cloud security, DNS and CDN services are best provided by Prolexic (now Akamai technologies), CloudFlare and CenturyLink (Holland & Ferrara, 2015).
At minimum a single tier data centre design with VIP white listing should be used for self mitigating small scale attacks. Multi-tier cloud security services and CDN is recommended for large scale high attack bandwidth mitigation. DDoS mitigation should be part of all businesses disaster recovery plans, be implemented and tested prior to DDoS attacks and include monitoring for ongoing detection (Florian, 2012).

Distributed Denial of Service (DDoS) attacks present a real threat to the security and reputation of industries across the globe. With more organisations and businesses connecting critical infrastructure to the internet, the impact of DDoS strikes is becoming increasingly prevalent. Mitigation strategies include bandwidth defence, rate filtering, signature filtering, moving target, white listing and cloud security services. At minimum a single tier data centre design with VIP white listing should be used for self mitigating small scale attacks. Multi-tier cloud security services and CDN is recommended for large scale DNS and high bandwidth attack mitigation. DDoS mitigation should be part of all businesses disaster recovery plans, be implemented and tested prior to DDoS attacks and include monitoring for ongoing detection.

Akamai Technologies, Inc. (2015). [state of the internet] / security Q3 2015 report. Cambridge, Massachusetts: Akamai Technologies, Inc.
Akamai. (2014). Threats and Mitigations. A guide to multi-layered web security. Retrieved from Akamai ebook guide to multi layered web security:
Beitollahi, H., & Deconinck, G. (2012). Analyzing well-known countermeasures against distributed denial of service attacks. Computer Communications , 1312-1332.
Bhardwaj, A., Subrahmanyam, G., & Sastry, H. (2015). Three Tier Network Architecture to mitigate DDoS Attacks on Hybrid Cloud Environments. arXiv .
Florian, M. (2012). Simple ways to dodge the DDoS bullet. Network Security , 18-20.
Gillman, D., Lin, Y., Maggs, B., & Sitaraman, R. K. (2015). Protecting Websites from Attack with Secure Delivery Networks. Computer , 26-34.
Holland, R., & Ferrara, E. (2015). The Forrester Wave™: DDoS Services Providers, Q3 2015. Cambridge: Forrester Research, Inc.
Hunter, P. (2003). Distributed Denial of Service (DDOS) Mitigation Tools. Network Security , 12-14.
Iyengar, N., Banerjee, A., & Ganapathy, G. (2014). A Fuzzy Logic based Defense Mechanism against Distributed Denial of Service Attack in Cloud Computing Environment. International Journal of Communication Networks and Information Security , 233-245.
Lin, S.-C., & Tseng, S.-S. (2004). Constructing detection knowledge for DDoS intrusion tolerance. Expert Systems With Applications , 379-390.
Mansfield-Devine, S. (2011). DDoS: threats and mitigation. Network Security , 5-12.
Symantec Corporation. (2015). 2015 Internet Security Threat Report. California, USA: Symantec Corporation.
Yoon, M. (2010). Using whitelisting to mitigate DDoS attacks on critical Internet sites. IEEE Communications Magazine , 110-115.