Skip navigation
Help

ddos

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.
Original author: 
Nathan Yau

In distributed denial-of-service attack a bunch of machines make a bunch of requests to a server to make it buckle under the pressure. There was recently an attack on VideoLAN's download infrastructure. Here's what it looked like.

So you see this giant swarm of requests hitting the server. In contrast, here's what normal traffic looks like. Much more tranquil.

[via FastCo]

0
Your rating: None
Original author: 
Dan Goodin

A website that accepts payment in exchange for knocking other sites offline is perfectly legal, the proprietor of the DDoS-for-hire service says. Oh, it also contains a backdoor that's actively monitored by the FBI.

Ragebooter.net is one of several sites that openly accepts requests to flood sites with huge amounts of junk traffic, KrebsonSecurity reporter Brian Krebs said in a recent profile of the service. The site, which accepts payment by PayPal, uses so-called DNS reflection attacks to amplify the torrents of junk traffic. The technique requires the attacker to spoof the IP address of lookup requests and bounce them off open domain name system servers. This can generate data floods directed at a target that are 50 times bigger than the original request.

Krebs did some sleuthing and discovered the site was operated by Justin Poland of Memphis, Tennessee. The reporter eventually got an interview and found Poland was unapologetic.

Read 3 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Dan Goodin

Wikipedia

Coordinated attacks used to knock websites offline grew meaner and more powerful in the past three months, with an eight-fold increase in the average amount of junk traffic used to take sites down, according to a company that helps customers weather the so-called distributed denial-of-service campaigns.

The average amount of bandwidth used in DDoS attacks mushroomed to an astounding 48.25 gigabits per second in the first quarter, with peaks as high as 130 Gbps, according to Hollywood, Florida-based Prolexic. During the same period last year, bandwidth in the average attack was 6.1 Gbps and in the fourth quarter of last year it was 5.9 Gbps. The average duration of attacks also grew to 34.5 hours, compared with 28.5 hours last year and 32.2 hours during the fourth quarter of 2012. Earlier this month, Prolexic engineers saw an attack that exceeded 160 Gbps, and officials said they wouldn't be surprised if peaks break the 200 Gbps threshold by the end of June.

The spikes are brought on by new attack techniques that Ars first chronicled in October. Rather than using compromised PCs in homes and small offices to flood websites with torrents of traffic, attackers are relying on Web servers, which often have orders of magnitude more bandwidth at their disposal. As Ars reported last week, an ongoing attack on servers running the WordPress blogging application is actively seeking new recruits that can also be harnessed to form never-before-seen botnets to bring still more firepower.

Read 9 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Sean Gallagher

Aurich Lawson

A little more than a year ago, details emerged about an effort by some members of the hacktivist group Anonymous to build a new weapon to replace their aging denial-of-service arsenal. The new weapon would use the Internet's Domain Name Service as a force-multiplier to bring the servers of those who offended the group to their metaphorical knees. Around the same time, an alleged plan for an Anonymous operation, "Operation Global Blackout" (later dismissed by some security experts and Anonymous members as a "massive troll"), sought to use the DNS service against the very core of the Internet itself in protest against the Stop Online Piracy Act.

This week, an attack using the technique proposed for use in that attack tool and operation—both of which failed to materialize—was at the heart of an ongoing denial-of-service assault on Spamhaus, the anti-spam clearing house organization. And while it hasn't brought the Internet itself down, it has caused major slowdowns in the Internet's core networks.

DNS Amplification (or DNS Reflection) remains possible after years of security expert warnings. Its power is a testament to how hard it is to get organizations to make simple changes that would prevent even recognized threats. Some network providers have made tweaks that prevent botnets or "volunteer" systems within their networks to stage such attacks. But thanks to public cloud services, "bulletproof" hosting services, and other services that allow attackers to spawn and then reap hundreds of attacking systems, DNS amplification attacks can still be launched at the whim of a deep-pocketed attacker—like, for example, the cyber-criminals running the spam networks that Spamhaus tries to shut down.

Read 16 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Peter Bright


Sven Olaf Kamphuis waving the Pirate Party flag in front of CyberBunker's nuclear bunker.

Sven Olaf Kamphuis

Over the last ten days, a series of massive denial-of-service attacks has been aimed at Spamhaus, a not-for-profit organization that describes its purpose as "track[ing] the Internet's spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks." These attacks have grown so large—up to 300Gb/s—that the volume of traffic is threatening to bring down core Internet infrastructure.

The New York Times reported recently that the attacks came from a Dutch hosting company called CyberBunker (also known as cb3rob), which owns and operates a real military bunker and which has been targeted in the past by Spamhaus. The spokesman who the NYT interviewed, Sven Olaf Kamphuis, has since posted on his Facebook page that CyberBunker is not orchestrating the attacks. Kamphuis also claimed that NYT was plumping for sensationalism over accuracy.

Sven Olaf Kamphuis is, however, affiliated with the newly organized group "STOPhaus." STOPhaus claims that Spamhaus is "an offshore criminal network of tax circumventing self declared internet terrorists pretending to be 'spam' fighters" that is "attempt[ing] to control the internet through underhanded extortion tactics."

Read 40 remaining paragraphs | Comments

0
Your rating: None

The growth of hacktivism, inspired by global social movements such as Occupy Wall Street and the Arab Spring, is helping distributed denial of service attacks make a comeback. The attacks, which use thousands of hijacked computers to overload servers, increased 25% in the first quarter of 2012, compared with the final three month of 2011, according to a new report released by Prolexic, a security firm that helps companies fend-off DDoS attacks.

But the real surge was in financial companies, which have been hard hit by hacktivists. Financial firms monitored by the company saw a 3000% increase in malicious traffic this quarter, as hacker groups, such as Anonymous, went after banks such as Goldman Sachs again and again in pre-announced raids. In a different survey by Arbor Networks, another security firm, political or ideological causes were behind 35% of DDoS attacks, between October 2010 and September 2011.

Hacker groups, with social and political goals are helping bring about a “renaissance” in DDoS, a form of attack security experts had thought was fading. Before mid-2010, more sophisticated hacker exploits, such as cracking passwords, had taken the place of the DDoS assaults that security personnel view as a blunt instrument, said Gunter Ollmann, vice president of research for the security firm Damballa. And the operators of Botnets—the armies of zombie computers used for the attacks—had become more profit minded, using their hordes to run online scams, such as getting people to click on bogus ads.

But the aims of the new attacks are more grandiose, targeting governments and giant companies. Anonymous had promised a “global blackout” on March 31st, when it planned to launch attacks against the world’s root servers, which direct Internet users. The attacks generated almost no stoppage, though.

Neal Quinn, chief operating officer at Prolexic, said the key to dealing with such attacks is to conduct “fire drills” that prepare an organization for the assaults.  “How’re the events going to play out? You need to be able to figure out, if this is a two hour event or a two minute problem,” Quinn said.

Thomas Hughes, director of Media Frontiers, a web hosting company, says an attack in 2011  against one customer– a Southeast Asian news service– lasted six weeks of increasingly large waves of malicious traffic.

Tech staffs should have extra bandwidth available so that when the attacks come, the waves of traffic can be rerouted. Quinn said companies should have a continual dialogue with web-hosting providers to discuss preparedness, emergency contact information and the threat environment in their industry..

Ollmann took a dimmer view–organizations can’t fully prevent
attacks from succeeding and need to be prepared for the worst. ”Even the largest organization in the world can fall,” he said. “You need to have contingency plans in place so you can still carry out business.”

0
Your rating: None



Is turnabout fair play? A handful of Anons have found themselves on the wrong end of a hack in the wake of the US government takedown of Megaupload. On January 20, just one day after Megaupload founder Kim Dotcom was arrested in New Zealand, an unknown attacker slipped code from the infamous Zeus Trojan into the slowloris tool used by members of Anonymous to carry out DDoS attacks on websites that have drawn their ire. As a result, many of those who participated in DDoS attacks targeted at the US Department of Justice, music label UMG, and whitehouse.gov also had their own PCs compromised.

Security firm Symantec details how some Anons ended up with Zeus on their systems. After modifying the Slowloris source to include code for the Zeus trojan on January 20, the attacker changed a couple of Pastebin guides used to bring would-be DDoSers up to speed to show a new URL for downloading the Slowloris tool.

Each time Slowloris was downloaded and launched after the 20th of January, a Zeus botnet client was installed too. The Zeus client then stealthily downloaded a "clean" version of Slowloris to replace the modified copy in an attempt to conceal its existence on the infected PC. In the meantime, the Zeus trojan did its usual dirty work: capturing passwords and cookies, as well as banking and webmail credentials, and sending them off to a command-and-control server.

Symantec's research shows the modified version of Slowloris was widely downloaded. "This Anonymous DoS tool on PasteBin has become quite popular among the Anonymous movement with more than 26,000 views and 400 tweets referring to the post," noted Symantec's official blog. 

The compromised version of Slowloris is no longer linked to on Pastebin: it appears that coverage of the shenanigans pulled on Anonymous has resulted in what looks to be a link to the correct verison of Slowloris being restored to the Pastebin guide.

Having Zeus installed on one's PC is absolutely no fun at all, so those who have downloaded the compromised version of Slowloris are going to have their hands full trying to hunt down and eradicate the trojan. Indeed, we see a number of clean OS installs in the immediate future for those who participated in DDoS attacks after the Megaupload takedown.

Read the comments on this post

0
Your rating: None