Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Distributed Denial of Service Cheat Sheet - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Distributed Denial of Service Cheat Sheet

The CERT Societe Generale has released another cheat sheet for Distributed Denial of Service (DDoS) freely available here. "This Incident Response Methodology is a cheat sheet dedicated to handlers investigating on a precise security issue." [1]


Previously published cheat sheet:

Worm Infection -
Windows Intrusion -
Unix Intrusion -


Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu


522 Posts
ISC Handler
May 20th 2011
might be obvious for most but I miss one critical prep:
distribute your dns servers/infrastructure through several AS! lowering the ttl for easier switching won't do any good if the servers aren't reachable because they depend on the DDoS'ed link(s).

Sign Up for Free or Log In to start participating in the conversation!