A couple of months ago, I wrote an article about how the Great Firewall of China, due to a code glitch, ended up sending out massive DDoS attacks. This obviously spells danger if it falls into the wrong hands and is misused. Last week, GitHub fell prey to a large DDoS attack that caused intermittent issues with their service for over four days. What was this DDoS attack all about? Why did it happen?
First, there was DNS. Open DNS resolvers were exploited to generate massive DDoS attacks. Over time, most of these open DNS resolvers were patched so that they would not reply to unknown DNS requests. Then, there was NTP. Just like DNS, but at a much larger amplification factor, DDoS attackers were able to generate very large attacks. And just like DNS, over time exploitable NTP servers were mostly patched, making it significantly harder to generate the huge attacks that were wreaking havoc on the Internet. Although DNS and NTP amplification attacks still exist, they are much harder to execute and are nowhere near as large as they used to be. But now, SNMP amplification attacks are on the rise.
In the first half of this topic, we discussed IPv4 and essentially how it works, including how network address translation (NAT) and port forwarding currently are a key component in most people’s use of the internet at this time. This is important to know in order to understand the switch between IPv4 and IPv6. But what does it have to do with exploiting systems?
Most often when we hear about DDoS, we focus on the target of the attack. The target is generally going to be someone providing an application service to the world – such as a video game, a website, a VoIP server, or other publicly desired service. This could be on one server for a small player in the space or it could be spread across thousands of servers for someone like Sony. In both cases, the service can be dramatically affected with the right kind of DDoS attack. The service providers that carry the traffic very seldom are concerned about the DDoS as they’re simply conduits on the Internet connecting one network to another. They carry traffic and deliver it to its destination on demand. They have sufficient capacity to do this.
But what happens when they don’t? What happens when the carrier is crushed by the sheer power of the attack? If an attack is sufficiently large, can it actually impact a service provider or carrier? More importantly, what happens when the carriers are the culprits of the DDoS attack, being used against their will to engage in widespread nefarious activities?
Just about everyone has heard of an IP address, and most people have some basic knowledge of what an IP address is. 192.168.1.1 is the standard gateyway that home routers use, for example. The first time you go to configure a home router, you put that IP address into your web browser. The format WWW.XXX.YYY.ZZZ is known as IPv4 format. The total number of IPs in the IPv4 IP space is 2^32 power. That sounds like a lot, but it’s really not. IPv4 depletion, as it’s known, refers to the fact that the world is running out of IPv4 IPs to give out to people. Currently, there’s less than 1% of the total IPv4 IP space left. Read More
“Smart” technology is all the rage these days. Everyone I know has a smart phone. They do their work from it remotely, they video chat with their family in other countries; it has basically become one of those can’t-leave-home-without-it type of devices. “Smart” simply signifies that the device is internet ready. You can connect out from it, or into it. What does this mean for the future? How will DDoS play a role in the upcoming years as a result of smart devices?
In part 1 of this series, we’ve explained what stressers are, how they work, and where they got their start. What can be said for the early years is that the level of work required to hire someone to use a DDoS attack made it a lot more prohibitive. Bandwidth was expensive, the resources hard to find, and the overall affect was lackluster in comparison to the effort required. If you weren’t capable of using a DDoS attack yourself, chances are you weren’t going to hire one either.
Today, anyone can use Google to find a stress tester and be offered a large number of options, for incredibly cheap prices. It’s gaining ground in business, gaming, finances, and sometimes just for fun, which is having a truly damaging impact on companies and customers. What a difference a decade can make! What changed? In today’s article, I will discuss in a bit more detail why there are so many stress testers around now.
According to Cisco, global mobile data traffic grew 69 percent in 2014, reaching 2.5 exabytes per month. Facebook recently revealed that 78 percent of its US users are mobile. Apple is now the most valuable company in the history of the world. The mobile platform is quickly becoming the platform of choice for Internet users. Mobile phones have long performed far more tasks than just the phone application. Only recently, however, have they become a terrific platform to exploit and leverage to launch large-scale global DDoS attacks. Enter the age of LTE and high speed mobile DDoS botnets.
By now, we have all heard of the DDoS tool that Lizard Squad put out just after Christmas. For those that don’t recall the situation, on Christmas day, Lizard Squad DDoSed Playstation Network, Sony’s online gaming service, and Xbox Live, Microsoft’s gaming network. Connectivity to the online services was not restored until the next day. This was a big deal and got a lot of media coverage due to the fact that it was done on Christmas day, a day where people are off work and school, so the services see a lot more usage. People received video games as gifts, and found them to be useless with no network to support them.
Lizard Squad, having been using DDoS attacks against several companies already, quickly came out to claim responsibility. Soon afterwards, they announced the release of their stresser, a tool that anyone could pay to use to DDoS whoever they want. Having just sent two major companies offline and several others in the months before, they had proven the strength of their attacks in what would turn out to be an intelligent (although dubious) marketing strategy.
So what’s up with these stressers? How do they work? Why are there so many of them nowadays? Where were they all before?