In the first half of this topic, we discussed IPv4 and essentially how it works, including how network address translation (NAT) and port forwarding currently are a key component in most people’s use of the internet at this time. This is important to know in order to understand the switch between IPv4 and IPv6. But what does it have to do with exploiting systems?
Most often when we hear about DDoS, we focus on the target of the attack. The target is generally going to be someone providing an application service to the world – such as a video game, a website, a VoIP server, or other publicly desired service. This could be on one server for a small player in the space or it could be spread across thousands of servers for someone like Sony. In both cases, the service can be dramatically affected with the right kind of DDoS attack. The service providers that carry the traffic very seldom are concerned about the DDoS as they’re simply conduits on the Internet connecting one network to another. They carry traffic and deliver it to its destination on demand. They have sufficient capacity to do this.
But what happens when they don’t? What happens when the carrier is crushed by the sheer power of the attack? If an attack is sufficiently large, can it actually impact a service provider or carrier? More importantly, what happens when the carriers are the culprits of the DDoS attack, being used against their will to engage in widespread nefarious activities?
Just about everyone has heard of an IP address, and most people have some basic knowledge of what an IP address is. 192.168.1.1 is the standard gateyway that home routers use, for example. The first time you go to configure a home router, you put that IP address into your web browser. The format WWW.XXX.YYY.ZZZ is known as IPv4 format. The total number of IPs in the IPv4 IP space is 2^32 power. That sounds like a lot, but it’s really not. IPv4 depletion, as it’s known, refers to the fact that the world is running out of IPv4 IPs to give out to people. Currently, there’s less than 1% of the total IPv4 IP space left. Read More
“Smart” technology is all the rage these days. Everyone I know has a smart phone. They do their work from it remotely, they video chat with their family in other countries; it has basically become one of those can’t-leave-home-without-it type of devices. “Smart” simply signifies that the device is internet ready. You can connect out from it, or into it. What does this mean for the future? How will DDoS play a role in the upcoming years as a result of smart devices?
In part 1 of this series, we’ve explained what stressers are, how they work, and where they got their start. What can be said for the early years is that the level of work required to hire someone to use a DDoS attack made it a lot more prohibitive. Bandwidth was expensive, the resources hard to find, and the overall affect was lackluster in comparison to the effort required. If you weren’t capable of using a DDoS attack yourself, chances are you weren’t going to hire one either.
Today, anyone can use Google to find a stress tester and be offered a large number of options, for incredibly cheap prices. It’s gaining ground in business, gaming, finances, and sometimes just for fun, which is having a truly damaging impact on companies and customers. What a difference a decade can make! What changed? In today’s article, I will discuss in a bit more detail why there are so many stress testers around now.
According to Cisco, global mobile data traffic grew 69 percent in 2014, reaching 2.5 exabytes per month. Facebook recently revealed that 78 percent of its US users are mobile. Apple is now the most valuable company in the history of the world. The mobile platform is quickly becoming the platform of choice for Internet users. Mobile phones have long performed far more tasks than just the phone application. Only recently, however, have they become a terrific platform to exploit and leverage to launch large-scale global DDoS attacks. Enter the age of LTE and high speed mobile DDoS botnets.
By now, we have all heard of the DDoS tool that Lizard Squad put out just after Christmas. For those that don’t recall the situation, on Christmas day, Lizard Squad DDoSed Playstation Network, Sony’s online gaming service, and Xbox Live, Microsoft’s gaming network. Connectivity to the online services was not restored until the next day. This was a big deal and got a lot of media coverage due to the fact that it was done on Christmas day, a day where people are off work and school, so the services see a lot more usage. People received video games as gifts, and found them to be useless with no network to support them.
Lizard Squad, having been using DDoS attacks against several companies already, quickly came out to claim responsibility. Soon afterwards, they announced the release of their stresser, a tool that anyone could pay to use to DDoS whoever they want. Having just sent two major companies offline and several others in the months before, they had proven the strength of their attacks in what would turn out to be an intelligent (although dubious) marketing strategy.
So what’s up with these stressers? How do they work? Why are there so many of them nowadays? Where were they all before?
Educational institutions have always played a pivotal role in breeding underground and counter-culture behavior. Many large DDoS attacks over the past 15 years have originated by students, often times no older than high school age. Historically, schools have had large connections with limited oversight and tracking, allowing their students to engage in nefarious behavior with little-to-no risk of getting caught. The tables have certainly turned in recent times. As corporate connections have become larger, schools are now finding themselves at odds with the underground culture they helped breed. Hacking groups are treating universities as both easy targets and easy sources of DDoS attacks.
China’s Golden Shield Project, also known as the Great Firewall of China (GFW), is a government controlled network firewall that monitors every bit of internet traffic generated inside of China. It is also used as a way to censor the internet in China through various methods, including: IP blocking, URL filtering, DNS filtering, and packet filtering. So what does any of this have to do with DDoS?
In part 1 of this series, a general history of the early rise of the Internet through IRC was discussed, as well as the beginnings of DDoS. What it was used for, and who was targeted. I covered the late 90s to the mid 2000s. These were the tame years, as far as DDoS was concerned. Although it is true that there was some amount of destruction to large online services during this time, it was relatively infrequent and hardly got any sort of the press that it gets today. In this article, I will discuss DDoS over the last 10 years: specifically hacktivism, the rise of Anonymous, the rise in the size of DDoS, and what the future holds as far as DDoS is concerned.