A presentation for the Innovation in the Post Heartbleed Era session at the 2014 Cyber Summit by David Hobbs,
Director of Security Solutions at Radware.
1. Open Source
Incidents
David Hobbs
Director of Security Solutions
Emergency Response Team
DavidH@Radware.com
September 2014
Radware Confidential September 2014
2. DDoS is the Most Common Cyber Attack
2
28% attack
of all cyber attacks in
2013 involved a DDoS
Source:
2013
Cyber
A1acks
Trends,
Hackmagedon
8. Bash Exploit
• This still works with the latest bash update
• (X='() { (a)=>' bash -c "echo ls /etc; cat echo")
• As does this:
• env X="() { :;} ; echo busted" /bin/sh -c "echo stuff”
• The following commands will implement a signature in ‘Report Only’ mode in our
DefensePro.
•
• dp signatures-protection filter basic-filters user create ERT-bash2-CVE-2014-6271 -p
tcp -c x28x29x20x7b -ct "Normalized URL" -ce "Case Sensitive" -dp http
• dp signatures-protection filter advanced-filters user create group_ERT-bash2-
CVE-2014-6271 ERT-bash2-CVE-2014-6271
• dp signatures-protection attacks user create 0 -n ERT-bash2-CVE-2014-6271 -f
group_ERT-bash2-CVE-2014-6271 -am 0
• dp update-policies set 1
•
• The customer should carefully inspect false positive rates of this signature and only
afterwards to move it to ‘Block and Report’ mode.
Slide 8
9. Booter DDOS Tools are Cheep
Slide 9
h"p://ragebooter.net/members/plans
Can be run from any device anywhere - Can be used to create huge dos floods, and more!