Introduction
You could be a victim of a distributed denial-of-service (DDoS) attack at any time, hence it is important to be aware of common DDoS attack tools and their salient features. A single-point attack aimed at disrupting the services provided by an entity is termed as denial of service (DoS), whereas a multipoint attack with the same intentions is known as distributed denial of service (DDoS). In 2011, attackers exploited a vulnerability in Google servers to attack DDoS targets around the world by flooding them with requests. The most recent attack that affected millions of websites across the world was the DDoS attack on GoDaddy Inc. Statistically, there has been an exponential increase in the volume of DDoS attacks over the last three years. DDoS attacks are mainly targeted at an infrastructure level, with the average attack resulting in 20+ hours of service disruption! In this photo-story, we present to you the most common DDoS attack tools and briefly describe their capabilities and features.
1) Hulk Web server
The Hulk Web server is a brainchild of Barry Shteiman. This DDoS attack tool distinguishes itself from many of the other tools out in the wild. According to its creator, the Hulk Web server was born of his conclusion that most available DDoS attack tools produced predictable repeated patterns that could easily be mitigated. The principle behind the Hulk Web server is that a unique pattern is generated at each and every request, with the intention of increasing the load on the servers as well as evading any intrusion detection and prevention systems.
2) RUDY – R-U-Dead-Yet
RUDY – R-U-Dead-Yet is a DDoS attack tool specifically designed for HTTP DoS attacks. The principle behind RUDY – R-U-Dead-Yet tool is long-form field submissions. RUDY takes a URL as input and detects all forms within the URL. Other features of RUDY include support for the SOCKet Secure (SOCKS) Internet protocol proxy, and session persistence using cookies. From a user perspective, R-U-Dead-Yet is a very user friendly tool, with a very interactive console menu.
3) LOIC - Low-Orbit Ion Cannon
The Low-Orbit Ion Cannon (LOIC) is a DDoS attack tool that promises one-click denial-of-service attacks. LOIC has been made famous by the hacktivist group Anonymous. In principle, Low-Orbit Ion Cannon is a powerful tool capable of taking down millions of sites, but it has a major drawback in that it does not obfuscate the IP address of the attack launcher. LOIC had a very promising start but now it is considered to be just one more tool out there in the wild, due to its limitations. However, when combined with other functionalities, the Low-Orbit Ion Cannon could still prove to be a powerful component in the overall DDoS attack arsenal.
4) Power DDoSer
The online gaming arena witnesses furious competition in today’s scenario. Serious gamers might use any means, fair or foul, to outwit opponents. Power DDoSer is one such attack tool online gamers use, with the objective of flooding an opponent with packets thereby slowing down the Internet connection and eventually knocking the opponent off the game! Power DDoSer offers added lethal functions as well. With Power DDoSer one can steal Firefox passwords, obtain the IP address and operating system details of the infected person, and download/execute files from/on the infected PC! Power DDoSer comes with powerful encryption technology and this DDoS attack tool needs as few as 10 bots to carry out an attack on single-threaded systems.
5) Silent DDoSer
Silent DDoSer is a distributed denial-of-service tool that has been coded using the .Net platform, featuring UDP and SYN flooding that can disrupt any target. Silent DDoSer also has the ability to create bots, use zombie IP addresses and steal Windows keys. Apart from these, Silent DDoSer can be made to run at startup and has the ability to update the bots on the botnet at one go. Using the Silent DDoSER DDoS attack tool, PC to PC transfer of files is possible and the attacker has the ability to execute or download files to and from the infected host.
The other side of the coin
There are two sides to every coin. And this applies to the distributed denial-of-service attack story as well. So far in this photo-story, we have explored various DDoS attack tools that attackers might use on targets. Now what if you are at the receiving end? What are the ways to mitigate DDoS threats? Are your resources being used to DDoS other networks? Are you being made part of the botnet? Let’s address these issues in the following slides.
Bottlenecks and ghosts in the wire
You need to minimize bottlenecks in your networks. However strong your policies to secure your organization’s networks from DDoS attacks, a simple misconfiguration could cause lethal damage to your online identity. For instance, consider the case wherein a server is able to handle over 50,000 connections in parallel but has been configured to allow only 1,000 parallel connections. This is a classic example of a bottleneck within a corporate network. Another instance is that of lack of visibility of the network. If the administrator cannot clearly see what’s happening inside the wires, then a ghost could enter the wire anytime and damage the entire network!
Threat landscape of DDoS attacks
2011 saw a surge of DDoS attacks, surpassing all previous records. Surprisingly a majority of these distributed denial-of-service attacks were not attributed to bandwidth constraints. In the accompanying graph it is clearly seen that network-based DoS attacks were less than application-level DDoS attacks. A majority of the attacks exploited the HTTP and its sibling HTTPS protocols. Attackers realize that volumetric attacks can be mitigated by use of scrubbers on the cloud, so they opt for slow and low DoS attacks, choosing applications as the target instead of networks.
To sum it up
We hope that this photo-story has given you an adequate overview of DDoS attack tools. Hopefully some of these pointers will help you mitigate DDoS attacks and prevent your own resources from being unwitting participants in a DDoS attack.
The corporate threat landscape has changed from earlier years. Now it’s not so much a matter of declaring that you are “resilient” to DoS attacks, but being aware that it is just a matter of time before you would be threatened by a denial-of-service attack. So, make sure that you have carefully implemented optimum network configurations, with constant monitoring and updation of patches to the various systems. Organizations must admit that everyone is vulnerable, but in response to the current situation, the measures taken to address this threat landscape are what counts in the final analysis.
No comments:
Post a Comment