0
WEB UNDER PRESURE
DDoS as a Service

Denis Makrushin (@difezza)
Kaspersky Lab
http://defec.ru/
It was like that

2
Nowadays : application layer

3
Piece of the WEB-bot

4
Nowadays: IaaS

5
Nowadays: DNS Amplification

Disadvantages:
• Short life cycle of infected machines
• Support clouds with a lot of instanc...
Burst in tomorrow: SaaS

7
DoS, DDoS, stress…

8
Load testing as a Service
• Legitimate traffic
• The load is not limited by owners of service
• Cheap load
• Many services...
Proof of Concept: Loadimpact.com

10
Analytics

11
Without registration and SMS:
loaddy.ru

12
SaaS Amplification

13
SaaS 4 DDoS
•
•
•
•

Traffic exchange
Whois-services
Monitoring services
All that "disturbs" the victim

14
If you have conscience

15
Thanks!
Any questions?

condifesa@gmail.com
twitter.com/difezza
http://defec.ru/
Upcoming SlideShare
Loading in...5
×

Denis Makrushin - Web under pressure DDoS as a service

176

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
176
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Denis Makrushin - Web under pressure DDoS as a service"

  1. 1. WEB UNDER PRESURE DDoS as a Service Denis Makrushin (@difezza) Kaspersky Lab http://defec.ru/
  2. 2. It was like that 2
  3. 3. Nowadays : application layer 3
  4. 4. Piece of the WEB-bot 4
  5. 5. Nowadays: IaaS 5
  6. 6. Nowadays: DNS Amplification Disadvantages: • Short life cycle of infected machines • Support clouds with a lot of instances • Trivial generators of traffic 6
  7. 7. Burst in tomorrow: SaaS 7
  8. 8. DoS, DDoS, stress… 8
  9. 9. Load testing as a Service • Legitimate traffic • The load is not limited by owners of service • Cheap load • Many services do not verify actions • User-owned scenarios • Analysis of a victim for a “heavy" content 9
  10. 10. Proof of Concept: Loadimpact.com 10
  11. 11. Analytics 11
  12. 12. Without registration and SMS: loaddy.ru 12
  13. 13. SaaS Amplification 13
  14. 14. SaaS 4 DDoS • • • • Traffic exchange Whois-services Monitoring services All that "disturbs" the victim 14
  15. 15. If you have conscience 15
  16. 16. Thanks! Any questions? condifesa@gmail.com twitter.com/difezza http://defec.ru/
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×