lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Jul 2010 11:51:16 +0000 From: "Dobbins, Roland" <rdobbins@...or.net> To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: DDoS attacks via other sites execution tool (DAVOSET) On Jul 14, 2010, at 6:28 PM, MustLive wrote: > In which I wrote particularly about creating of botnet from zombie-servers > (which is a new type of botnets). A more appropriate name for this sort of attack might be an 'application reflection attack', as it's similar in concept to making use of open DNS recursors in the same vein. The servers themselves aren't botted, so they don't compromise a new form of botnet, per se. The question then becomes whether this particular form of attack offers any advantages over a more conventional layer-7 DDoS attacks launched via botnets. One advantage is obvious - it may prove problematic to block the attack traffic via conventional means such as S/RTBH, given that the servers being abused to launch the application reflection attack are legitimate servers which users on the targeted networks may well have the desire to access. However, as IDMSes can readily handle this sort of attack, while interesting, it's unclear whether it's worth the effort required to do this, given the prevalence of untold millions of botted hosts which can launch layer-7 attacks via existing command-and-control mechanisms which render said botnets completely under the control of the attacker, and since the sites being abused can in fact take measures to render themselves unsuitable for such abuse. The question then becomes, is there an amplification factor to be gained by doing so? The reason that DNS reflection attacks are of interest to the attackers is that they gain a considerable amplification effect from doing so - do you see an amplification resulting from this mode of attack? ----------------------------------------------------------------------- Roland Dobbins <rdobbins@...or.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists