[Guest lecturer]
Place: University of Twente
Course: Cybercrime & Cybersecurity [Minor]
Consortium: University of Twente, European Research Center for Information (ERCIS), Westfälische Wilhelms - Univerität Münster, Universität Innsbruck, University of Leicester
10. Steps:
1) Start sniffing
2) Open a website
3) Discover the IP
address using a
CMD or a terminal
(host “website”)
4) Create a filter
on Wireshark
(ip.addr == “website_IP")
Example…
24. How much traffic can be generated using my
home connection and 100 BitTorrent servers?
[theoretically]
https://en.wikipedia.org/wiki/Denial-of-service_attack
http://www.speedtest.net/
46. Santanna, J.J. et al. 2015. Booters - An Analysis of DDoS-as-a-Service Attacks. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
47. # Booter URL
Offer
[Gbps]
1 boo ?
2 res 5
3 ano 5
4 des 25
5 fla ?
6 dej 10
7 reb Up to 3
8 gri 6
9 qua 1,5
10 oly Up to 3
11 ebo ?
12 vdo ?
13 resp 8
14 oni ?
Price [€]
10,90
1,95
3,12
3,89
3,89
3,89
3,00
3,90
8,00
4,90
free
3,11
3,90
3,90
Protocol
*DNS
*DNS
*DNS
*DNS
*Chargen
*DNS
*Chargen
*DNS
*DNS
Request
ddostheinter.net
anonsc.com
anonsc.com
root-server.net
-
packetdevil.com
-
root-server.net
root-server.net
dig @8.8.8.8 -t ANY packetdevil.com
dig @8.8.8.8 -t ANY root-server.net
Santanna, J.J. et al. 2015. Booters - An Analysis of DDoS-as-a-Service Attacks. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
49. CharGen-based attacks
Santanna, J.J. et al. 2015. Booters - An Analysis of DDoS-as-a-Service Attacks. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
52. Santanna, J.J. et al. 2015. Booters - An Analysis of DDoS-as-a-Service Attacks. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
61. Generic schema
Santanna, J.J. et al. 2015. Inside Booters: An Analysis on Operational Databases. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
66. User
Customer
Attacker
Santanna, J.J. et al. 2015. Inside Booters: An Analysis on Operational Databases. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
68. Santanna, J.J. et al. 2015. Inside Booters: An Analysis on Operational Databases. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
69. Santanna, J.J. et al. 2015. Inside Booters: An Analysis on Operational Databases. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
70. Santanna, J.J. et al. 2015. Inside Booters: An Analysis on Operational Databases. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
71. Santanna, J.J. et al. 2015. Inside Booters: An Analysis on Operational Databases. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
72. Santanna, J.J. et al. 2015. Inside Booters: An Analysis on Operational Databases. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
73. Santanna, J.J. et al. 2015. Inside Booters: An Analysis on Operational Databases. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
74. Santanna, J.J. et al. 2015. Inside Booters: An Analysis on Operational Databases. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
75. Santanna, J.J. et al. 2015. Inside Booters: An Analysis on Operational Databases. 14th IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015).
78. Mohammad Karami, Youngsam Park, Damon McCoy. Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services. arXiv:1508.03410
85. assignment:
How much network traffic a computer using your residential connection can
generate with 100 DNS servers as amplifiers?
- Print screen of your Internet SpeedTest;
- The amplification factor interval of DNS servers (considering DNSsec);
- The calculation and the result;
Who are the top 10 amplifier that sent more traffic?
- Choose on of the DNS-based attack available in http://www.simpleweb.org/
wiki/Traces#Booters_-_An_analysis_of_DDoS-as-a-Service_Attacks;
- Describe step-by-step how did you find the top 10 amplifiers using
Wireshark or TCPdump;
- Which DNS request was used in this attack;
- Where those top 10 amplifiers are located? (use https://
www.maxmind.com);