"No one is harder on a talented person than the person themselves" - Linda Wilkinson ; "Trust your guts and don't follow the herd" ; "Validate direction not destination" ;

May 17, 2014

RootConf Day #2 Notes

June 6th Update - All RootConf Session Videos are available in link

Today was Day#2 of RootConf. Some sessions were engaging. Content, Presentation, Connecting with audience was good. Some good learning's for a powerful presentation
  • Creative Quotes (Similar to Quora answers with Pics)
  • From Tweets (Co-relating the context)
  • Movie Stills with modified subject + humour related conversations 
Some presentations / context will remain in our memory due to its impact / situation
Tools
  • ejoson (Secret management), 
  • mesos for resource management  
  • coreos - linux for massive system deployements
  • Ansible - Deployment + Configuration Management + Continuous Delivery
  • citoengine - Alert management and automation tool
  • pacemaker - Server side exploitation software - Python based
  • RobotFramework for Device Automation
  • Linux Profiling Tools - Perf Top, Perf Sched
Two days are full of Open Source related stack. There are open source alternatives to VMWare VSphere, AWS. BrowserStack manages all its hundreds of servers Ansible. Aditya Patawari demonstrated wordpress setup in few clicks.

First session on Security by Anant Shrivastava on Heartbleed bug was good. Demonstration of heartbleed bug was done. 

Session - DDOS mitigation @flipkart by Sameer Garg
Volumetric Attack
  • DNS, SNMP, NTP Amplification
  • SYN Flood
  • Fragmented Packets
App Layer
  • Wordpress Ping back
  • Exploiting HTTP
  • Incomplete requests
Volumetric Attack Mitigation
  • Use Scrubbing farms (3rs Party Mitigation Service)
  • Work with Upstream providers
  • Using BGP
App Layer Mitigations
  • Home grown solutions
  • Scrubbing farms
  • Real time log analysis
  • Identify Standard Patterns
  • Use data to block traffic
Happy Learning!!!

No comments: