Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
WEB UNDER PRESURE
DDoS as a Service

Denis Makrushin (@difezza)
Kaspersky Lab
http://defec.ru/
It was like that

2
Nowadays : application layer

3
Piece of the WEB-bot

4
Nowadays: IaaS

5
Nowadays: DNS Amplification

Disadvantages:
• Short life cycle of infected machines
• Support clouds with a lot of instanc...
Burst in tomorrow: SaaS

7
DoS, DDoS, stress…

8
Load testing as a Service
• Legitimate traffic
• The load is not limited by owners of service
• Cheap load
• Many services...
Proof of Concept: Loadimpact.com

10
Analytics

11
Without registration and SMS:
loaddy.ru

12
SaaS Amplification

13
SaaS 4 DDoS
•
•
•
•

Traffic exchange
Whois-services
Monitoring services
All that "disturbs" the victim

14
If you have conscience

15
Thanks!
Any questions?

condifesa@gmail.com
twitter.com/difezza
http://defec.ru/
Upcoming SlideShare
Loading in …5
×

Web under pressure: DDoS as a Service

11,525 views

Published on

Any web project has one important efficiency metric: maximum load. This talk will utilize a nontrivial look at stress testing services: we will see how a harmless instrument can be turned into a DDoS tool.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Web under pressure: DDoS as a Service

  1. 1. WEB UNDER PRESURE DDoS as a Service Denis Makrushin (@difezza) Kaspersky Lab http://defec.ru/
  2. 2. It was like that 2
  3. 3. Nowadays : application layer 3
  4. 4. Piece of the WEB-bot 4
  5. 5. Nowadays: IaaS 5
  6. 6. Nowadays: DNS Amplification Disadvantages: • Short life cycle of infected machines • Support clouds with a lot of instances • Trivial generators of traffic 6
  7. 7. Burst in tomorrow: SaaS 7
  8. 8. DoS, DDoS, stress… 8
  9. 9. Load testing as a Service • Legitimate traffic • The load is not limited by owners of service • Cheap load • Many services do not verify actions • User-owned scenarios • Analysis of a victim for a “heavy" content 9
  10. 10. Proof of Concept: Loadimpact.com 10
  11. 11. Analytics 11
  12. 12. Without registration and SMS: loaddy.ru 12
  13. 13. SaaS Amplification 13
  14. 14. SaaS 4 DDoS • • • • Traffic exchange Whois-services Monitoring services All that "disturbs" the victim 14
  15. 15. If you have conscience 15
  16. 16. Thanks! Any questions? condifesa@gmail.com twitter.com/difezza http://defec.ru/

×