| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Jul 2010 14:28:54 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <full-disclosure@...ts.grok.org.uk> Subject: DDoS attacks via other sites execution tool (DAVOSET) Hello participants of Full-Disclosure! Last month I told you about my article Using of the sites for attacks on other sites (http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html). In which I wrote particularly about creating of botnet from zombie-servers (which is a new type of botnets). For drawing more attention to the problem described in my article, on last week I made additional researches and made a program - DDoS attacks via other sites execution tool (DAVOSET). To show that these attacks are not just my assumption, but they are quite real and they have enough effectiveness. And I'll tell you briefly about my last researches and tool. DDoS attacks with using of many other sites as zombie-servers. For researching of effectiveness of these attacks I created a program for conducting of DDoS attacks via using of other sites. Which I called DDoS attacks via other sites execution tool (DAVOSET). It's tool for conducting of DDoS attacks via Abuse of Functionality vulnerabilities on the sites. For researching I used 20 zombie-servers - these are 20 online services, which have Abuse of Functionality vulnerabilities, which are located at 10 physical servers (some of these services are located at the same server). For testing I selected two small sites at two not very high-powered servers (taking into account small amount of zombie-servers in the botnet). For the first site: as a result of attack the loading of main page of the site grew on average at 21.19% - from 4.72 s. to 5.72 s. I.e. the site becomes slowing down at short time. And this is only with 20 zombie-servers. At that results of work of DAVOSET are the next (at one start): time 0:05, requests 20, bytes sent 3068. I.e. small amount of traffic used by the program leaded to much bigger amount of traffic at attacked server. At cyclic starting of the program (e.g. every 5 seconds) and at larger amount of zombie-servers it's possible to completely block the work of this server. For the second site: as a result of attack the loading of main page of the site grew on average at 1677% - from 2.21 s. to 39.28 s. (and at 3465% - to 78.80 s. at second testing after half an hour). And this is only with 20 zombie-servers. At that results of work of DAVOSET are the next (at one start): time 0:03, requests 20, bytes sent 3368. Note, that second server after starting of few attacks (for counting of average value) becomes not just very slowing down, but freezes almost at half an hour at all. So even small DDoS attack with 20 zombie-servers can freeze server for a long time. Taking into account widespread of Abuse of Functionality vulnerabilities at the sites, which allow to attack other sites, and ignoring of sites' admins of this problem, it's actual. And taking into account that network from these zombie-servers can be created without wasting of resources (including financial), as it occurs in classical botnets, then this type of botnets is very profitable from financial side. So this method of attacks can become widespread in short-term outlook. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists