DDOS Handbook

Description

Highlights

5 Attack Tools

Quote

Slowloris, a tool developed by a gray hat hacker who goes by the handle “RSnake,” is able to create a denial-of-service condition for a

Quote

server by using a very slow HTTP request. By sending HTTP headers to the target site in tiny chunks as slow as possible (waiting to send the

Quote

just before the server

Quote

would time out the request), the server is forced to continue to wait for the headers to arrive. If enough connections are opened to the server in this fashion, it is

Quote

quickly unable to handle legitimate requests. 21

Quote

Named after a Children of Bodom album, R.U.D.Y. achieves

Quote

U Dead Yet? (R.U.D.Y.).

Quote

denial of service by using long-form field HTTP POST submissions rather than HTTP headers, as Slowloris does.

Quote

By injecting one byte of information into an application POST field at a time and then waiting, R.U.D.Y. causes application threads to await the end of never-ending posts in order to perform processing (this behavior is necessary in order to allow Webservers to support users with slower connections). Since R.U.D.Y. causes the target Webserver to hang while waiting for the rest of an

Note

WebSockets maybe?

Quote

request, a user is able to create many simultaneous connections to the server—ultimately exhausting the server’s connection table and causing a denial-of-service condition.

Quote

Using a SQL injection,RefRef allows an attacker to cause a denial-of-service condition for a target

Quote

server by forcing it to use a special SQL function (which allows for the repeated execution of any other SQL expression). This constant execution of a few lines of code consumes the target servers’

Quote

resources, resulting in denial of service. Unlike LOIC or HOIC,RefRef does not require a vast number of machines to take down a server due to the nature of its attack 22

Note

Ohhhhh

Quote

If the server’s backend uses SQL and is vulnerable, only a few machines are needed to cause significant outage.

Quote

outages for minutes at a time, and requiring only 10 to 20 seconds of a single machine runningRefRef.

Quote

Botnets are large collections of compromised computers, often

RefRef but using a botnet,what kind of algorithm would be useful to make the attack as efficient as a botnet spamming a whole bunch of junk TCP packets? What about UDP? Needs more research.

If I wanted to run something like

Quote

Botnet owners, or “herders,” are able to control the machines in the botnet by means of a covert channel, such as IRC, issuing commands to perform malicious activities. Such activities may include distributed denial-of-service (DDoS) attacks, distribution of spam mail and information theft.

6 Enterprise Security: Then and Now

Quote

enterprises have extended IT infrastructure to the public cloud, deploying new applications in the cloud or using it for disaster recovery, they now face the need to protect applications in

Quote

the cloud as well as private data centers. This renders traditional security technologies inadequate and enterprises must build multiple skill sets and maintain a new set of management tools.

Note

DevOps!

Quote

Content delivery network (CDN) solutions present new vulnerabilities, with hackers asking for dynamic content to

Quote

There is a real need for an automated central command and

Quote

control system that manages all the tools by receiving ongoing information from all detection tools at all times—automatically controlling the mitigation process. Such a system would provide complete

Note

Could I build this?

10 DDoS Dictionary

Quote

Domain Name System (DNS) is the protocol used to resolve domain names into IP addresses; its underlying protocol is UDP, taking advantage of fast request and response