• Home

  • Business

  • New DDoS Attack Tools and the DDoS Marketplace
2
1 New DDoS Attack Tools and the DDoS Marketplace The DDoS-as-a-Service marketplace has expanded to include new distributed denial of service (DDoS) attack tools. These new tools can discover the IP address of servers that can be used by attackers to generate a type of DDoS attack called a reflection attack or DrDoS attack. An attacker can use a scanner tool to make lists of thousands of vulnerable servers, and then load a list into a DrDoS attack tool to launch attacks or sell the lists to others. Although the existence of IP address scanner tools is not new, they are now available freely and publicly. The widespread availability of scanner tools and the demand for lists of servers specifically vulnerable to reflection attacks is unique to Q3 2013 – indicating a worrisome DDoS attack trend. Not surprisingly, the DrDoS attacks facilitated by these scanner tools are on the rise. In these attacks, the attacker’s target is overwhelmed by traffic generated by common network protocols on the vulnerable servers, such as DNS, SNMP and CHARGEN. The use of the CHARGEN reflection attack has enjoyed a recent resurgence. CHARGEN is a legacy protocol that was believed to be obsolete. Unfortunately, many servers running older Windows operating systems still have the protocol enabled, which is unnecessary – and dangerous. How a CHARGEN attack works When CHARGEN is used in a DrDoS attack, the attacker sends a spoofed CHARGEN request to a server, directing the output to the attacker’s target. The spoofing makes the vulnerable server, which is called a victim (to distinguish it from the attacker’s ultimate target), respond not to the attacker but to the target. The CHARGEN protocol sends lots of characters to the target. That’s what CHARGEN was designed to do – generate characters for testing purposes. By exploiting multiple servers with CHARGEN at once, the incoming flow of characters overwhelms the target. Prolexic has mitigated DrDoS attacks involving servers participating in CHARGEN protocol attacks from Africa, Asia, Australia, Canada, Europe, Latin America and the U.S. – every continent except Antarctica! What if your server were used by an attacker in a CHARGEN attack? If your server were used in a CHARGEN attack, your server would send unwanted traffic to the attacker’s target, probably without your knowledge. When combined with the output of other vulnerable servers, the attack would likely result in an outage from denial of service at the target. In addition, your server would perform poorly. Rather than spending its time processing your requests, it would be busy sending unwanted characters to the attacker’s target.

New DDoS Attack Tools and the DDoS Marketplace

Embed Size (px)

DESCRIPTION

The DDoS-as-a-Service marketplace has expanded to include new distributed denial of service (DDoS) attack tools used to generate a echo attack or DrDoS attack. These take advantage of misconfigured servers & hide the mask the identity of attackers.

Citation preview

Page 1: New DDoS Attack Tools and the DDoS Marketplace

1

New DDoS Attack Tools and the DDoS Marketplace The DDoS-as-a-Service marketplace has expanded to include new distributed denial of service (DDoS) attack tools. These new tools can discover the IP address of servers that can be used by attackers to generate a type of DDoS attack called a reflection attack or DrDoS attack. An attacker can use a scanner tool to make lists of thousands of vulnerable servers, and then load a list into a DrDoS attack tool to launch attacks or sell the lists to others. Although the existence of IP address scanner tools is not new, they are now available freely and publicly. The widespread availability of scanner tools and the demand for lists of servers specifically vulnerable to reflection attacks is unique to Q3 2013 – indicating a worrisome DDoS attack trend. Not surprisingly, the DrDoS attacks facilitated by these scanner tools are on the rise. In these attacks, the attacker’s target is overwhelmed by traffic generated by common network protocols on the vulnerable servers, such as DNS, SNMP and CHARGEN. The use of the CHARGEN reflection attack has enjoyed a recent resurgence. CHARGEN is a legacy protocol that was believed to be obsolete. Unfortunately, many servers running older Windows operating systems still have the protocol enabled, which is unnecessary – and dangerous. How a CHARGEN attack works When CHARGEN is used in a DrDoS attack, the attacker sends a spoofed CHARGEN request to a server, directing the output to the attacker’s target. The spoofing makes the vulnerable server, which is called a victim (to distinguish it from the attacker’s ultimate target), respond not to the attacker but to the target. The CHARGEN protocol sends lots of characters to the target. That’s what CHARGEN was designed to do – generate characters for testing purposes. By exploiting multiple servers with CHARGEN at once, the incoming flow of characters overwhelms the target. Prolexic has mitigated DrDoS attacks involving servers participating in CHARGEN protocol attacks from Africa, Asia, Australia, Canada, Europe, Latin America and the U.S. – every continent except Antarctica! What if your server were used by an attacker in a CHARGEN attack? If your server were used in a CHARGEN attack, your server would send unwanted traffic to the attacker’s target, probably without your knowledge. When combined with the output of other vulnerable servers, the attack would likely result in an outage from denial of service at the target. In addition, your server would perform poorly. Rather than spending its time processing your requests, it would be busy sending unwanted characters to the attacker’s target.

http://www.prolexic.com
Page 2: New DDoS Attack Tools and the DDoS Marketplace

2

How to disable CHARGEN on a Microsoft Windows server If you have a server running and older version of a Windows server operating system – especially NT through Windows 2008 R2 – it is likely vulnerable to becoming an unwilling participant in a DrDoS attack. The following shows how to turn off CHARGEN on a Windows 2000 server: Step 1

• Open the server configuration panel • Select the Advanced drop

down menu • Select Optional

Components Step 2

• Select Networking Services • Click Details

Step 3

• Uncheck Simple TCP/IP Services

• Click OK Steps 4-6

• Click Next, Next, and Finish. Once you complete these steps, the CHARGEN protocol will be closed and will not respond to requests. As a result, attackers can’t use your server to generate CHARGEN attack traffic. Learn more in the Q3 2013 Global DDoS Attack Report The Q3 2013 Global DDoS Attack Report includes:

• Why reflection attacks are increasingly popular • Parts of a CHARGEN attack, step by step • Details of specific CHARGEN attacks stopped by Prolexic • Players in the reflection attack (DrDoS) marketplace • How to turn off CHARGEN to protect your servers from being used in attacks

The more you know about DDoS attacks, the better you can protect your network against cybercrime. Download the free report at www.prolexic.com/attackreports. About Prolexic Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services. Learn more at www.prolexic.com.

Figure 1: Uncheck Simple TCP/IP Services in Step 3. This action removes CHARGEN, Daytime, Discard, Echo and Quote of the Day.

http://www.prolexic.com
http://www.prolexic.com/knowledge-center-ddos-attack-report-2013-q3.html?cvosrc=3rd%20Party.National%20Positions.DOCUMENT-NP-CHARGEN
http://www.prolexic.com/knowledge-center-ddos-attack-report-2013-q3.html?cvosrc=3rd%20Party.National%20Positions.DOCUMENT-NP-CHARGEN
http://www.prolexic.com/knowledge-center-ddos-attack-report-2013-q3.html?cvosrc=3rd%20Party.National%20Positions.DOCUMENT-NP-CHARGEN
http://www.prolexic.com/?cvosrc=3rd%20Party.National%20Positions.DOCUMENT-NP-CHARGEN

26. a Taxonomy of Ddos Attack and Ddos Defense Mechanisms

26. a Taxonomy of Ddos Attack and Ddos Defense Mechanisms

Documents
ICMPv6 ECHO REQUEST DDoS ATTACK DETECTION FRAMEWORK …eprints.usm.my › 31820 › 1 › REDHWAN_MOHAMMED_AHMED_SAAD... · ICMPv6 ECHO REQUEST DDoS ATTACK DETECTION FRAMEWORK USING

ICMPv6 ECHO REQUEST DDoS ATTACK DETECTION FRAMEWORK …eprints.usm.my › 31820 › 1 › REDHWAN_MOHAMMED_AHMED_SAAD... · ICMPv6 ECHO REQUEST DDoS ATTACK DETECTION FRAMEWORK USING

Documents
DDoS Attacks Against Global Markets DDoS Cyber-Attack Prolexic PPT PDF

DDoS Attacks Against Global Markets DDoS Cyber-Attack Prolexic PPT PDF

Documents
Attack Profiling for Ddos - Thesis

Attack Profiling for Ddos - Thesis

Documents
Radware DoS / DDoS Attack Mitigation System

Radware DoS / DDoS Attack Mitigation System

Documents
Breaking the DDoS Attack Chain

Breaking the DDoS Attack Chain

Documents
SNMP Reflected Amplification DDoS Attack Mitigation

SNMP Reflected Amplification DDoS Attack Mitigation

Documents
How to Mitigate DDoS Attack?

How to Mitigate DDoS Attack?

Technology
DDOS ATTACK DETECTION IN TELECOMMUNICATION NETWORK …

DDOS ATTACK DETECTION IN TELECOMMUNICATION NETWORK …

Documents
Protecting Web Services from DDOS Attack

Protecting Web Services from DDOS Attack

Investor Relations
Ddos ve bootnet Attack

Ddos ve bootnet Attack

Documents
Our My first DDoS attack - O'Reilly Mediaassets.en.oreilly.com/1/event/74/Our First DDoS attack Presentation... · Our My first DDoS attack ... my base_packages puppet module class

Our My first DDoS attack - O'Reilly Mediaassets.en.oreilly.com/1/event/74/Our First DDoS attack Presentation... · Our My first DDoS attack ... my base_packages puppet module class

Documents
CDNetworks Q2 2017 DDoS Attack Trends Report Attack... · CDNetworks Q2 2017 DDoS Attack Trends Report ... hacking group “Armada Collective ... attacks were included in addition

CDNetworks Q2 2017 DDoS Attack Trends Report Attack... · CDNetworks Q2 2017 DDoS Attack Trends Report ... hacking group “Armada Collective ... attacks were included in addition

Documents
Ddos attack with_tcp_syn_flooding

Ddos attack with_tcp_syn_flooding

Documents
DDOS Attack & Mitigation SImulation

DDOS Attack & Mitigation SImulation

Documents
DDoS Attack Detection & Mitigation in SDN

DDoS Attack Detection & Mitigation in SDN

Engineering
21984417 DDOS Attack Tools

21984417 DDOS Attack Tools

Documents
DNS DDoS Attack and Risk

DNS DDoS Attack and Risk

Technology
Cyber Attack Analysis : Part I DDoS

Cyber Attack Analysis : Part I DDoS

Documents
Mitigating DDoS attack leveraging AWS environment

Mitigating DDoS attack leveraging AWS environment

Technology
DDOS Attack Tools

DDOS Attack Tools

Documents
DDoS Attack in Cloud Computing

DDoS Attack in Cloud Computing

Documents
ATLAS Q3 2014 DDoS Attack Trends

ATLAS Q3 2014 DDoS Attack Trends

Technology
DDOS WEAPONS & ATTACK VECTORS - A10 Networks

DDOS WEAPONS & ATTACK VECTORS - A10 Networks

Documents
F5 Silverline DDoS Protection | F5 Product Datasheet€¦ · using real-time, DDoS attack detection and mitigation in the cloud. Protect against all DDoS attack vectors Engineered

F5 Silverline DDoS Protection | F5 Product Datasheet€¦ · using real-time, DDoS attack detection and mitigation in the cloud. Protect against all DDoS attack vectors Engineered

Documents
DDoS ATTACK HANDBOOK - Allot

DDoS ATTACK HANDBOOK - Allot

Documents
(D)DOS DEMYSTIFIED - OARnet...DDoS Attack Customers DDoS Attack Volumetric Protection Cloud ISPa ISPb L3-4 DDoS mitigation DDoS Platform DDoS Platform L7 DDoS mitigation SSL Termination

(D)DOS DEMYSTIFIED - OARnet...DDoS Attack Customers DDoS Attack Volumetric Protection Cloud ISPa ISPb L3-4 DDoS mitigation DDoS Platform DDoS Platform L7 DDoS mitigation SSL Termination

Documents
DDoS Attack

DDoS Attack

Documents
Ddos attack definitivo

Ddos attack definitivo

Technology
Attack Spotlight: Multi-vector DDoS Attacks

Attack Spotlight: Multi-vector DDoS Attacks

Technology