DDoS prevention and mitigation

There are many DDoS prevention and mitigation products. Many of these products work at the network level, filtering out malicious packets.

For example, Guard-Host states that it provides:

  • a mitigation solution based on VAC technology

    • Analyse all packets at high speed in real time
    • Vacuum your server’s incoming traffic
    • Mitigate i.e. singling out all the illegitimate IP packets, while allowing legitimate ones to pass through
  •  “To detect the attack, we use the netflow sent by the routers and analysed by the Arbor Peakflow boxes. Each router sends a summary of 1/2000 of the traffic that is actually passing through it. The Arbor Peakflow boxes analyse this and compare it to the attack signatures. If the comparison is positive, mitigation is activated within seconds.
  • The signatures analysed are based on traffic thresholds of
    • “packets per second” (pps, Kpps, Mpps, Gpps) or
    • “bits per second” (bps, Kbps, Mbps, Gbps) on certain packet types”

DDoS attack types

For example, Guard-Host acknowledges the following DDoS attack types:

DDoS Attack Types

DDoS Attack Types

Mitigation phase

In the following diagram, the packets in the red area are flagged as belonging to a DDoS attack and are thus discarded and not sent to the server under attack.

Attack detection




User Experience (UX) References

Here are some interesting references on User Experience / User Interfaces, which I personally recomend:

HAPS-High-altitude platform station

This a kind of low altitude satellite:

A high-altitude platform (HAP) is a quasi-stationary aircraft that provides means of delivering a service to a large area while staying thousands of feet above in the air for long periods of time.”

High-altitude platform station (short: HAPS) is – according to Article 1.66A of the International Telecommunication Union´s (ITU) ITU Radio Regulations (RR)[2] – defined as “a station on an object at an altitude of 20 to 50 km and at a specified, nominal, fixed point relative to the Earth”.

Traveling Ruby (multi-platform portable Ruby binaries)

Traveling Ruby consists of a set of multi-platform portable Ruby binaries, which can be used to distribute Ruby-based products and run them even in machines where Ruby is not installed. It’s very useful, as you can also use it to pack multi-platform applications.

You can check the project’s home page here:

Traveling Ruby is a project which supplies self-contained, “portable” Ruby binaries: Ruby binaries that can run on any Linux distribution and any OS X machine. It also has Windows support (with some caveats). This allows Ruby app developers to bundle these binaries with their Ruby app, so that they can distribute a single package to end users, without needing end users to first install Ruby or gems.

It can run on

  • Linux x86.
  • Linux x86_64.
  • OS X
  • Windows






Code Smells detectors

A Code smell is an interesting Software Engineering concept. According to Wikipedia, a Code Smell

“refers to any symptom in the source code of a program that possibly indicates a deeper problem.[1] According to Martin Fowler, “a code smell is a surface indication that usually corresponds to a deeper problem in the system“.[2] Another way to look at smells is with respect to principles and quality:[3] “smells are certain structures in the code that indicate violation of fundamental design principles and negatively impact design quality“.

Common code smells include:

  • Class-level smells
    • Large class, Feature envy, Inappropriate intimacy, Refused bequest, Lazy class/freeloader
  • Method-level smells
    • Too many parameters, Long method, Excessively long identifiers, Excessively short identifiers, Excessive return of data
    • Excessive use of literals, Cyclomatic complexity, Downcasting
    • Orphan variable or constant class
    • Data clump

Code Smells detection tools

Some free code smell detection tools (which perform static code analysis) include:


Most of these smells lower your code’s quality and maintainability. Be sure to include some of these detection tools on your development processes, as well as appropriate coding standards. Automatic noncompliance detection can be accomplished by adding these tools to your build process.

You can research more tools at https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis


New e-Book: “VMware™ hypervisor fingerprinting”

Just published a new e-book at Amazon.com: “VMware™ hypervisor fingerprinting”.

You can find it here:

«In this book, we show how to determine hypervisor properties by running commands in the guest operating system, without any special privileges in the host machine running the hypervisor. This can be useful for penetration testing, information gathering, determining the best software configuration for virtualization-sensitive and virtualization-aware software. Finally, we present a reporting tool that unifies all the presented methods, by running them all in sequence and gathering the information in a useful report that can be run from any guest system.»