Saturday, June 16, 2012

DDOS Attacks In 2012




2011 has been the year where massive DDOS attacks tooks place and most of them were directed by a group of hacktivists called Anonymous and lulzsec. DDOS attacks have totally moved from layer 4 to layer 7 as in layer 4, A hacker would need thousands of computers to attack a single server, where as in Layer 7 DDOS a hacker can easily take down a server with a single computer provided that if it's vulnerable. For those of you who don't know a DOS attack is a method of exhausting a server's resources and compromising it's availability.

Apache Killer



Apache killer is a DDOS/DOS tool written in Perl which sends HTTP GET REQUESTS with multiple byte ranges, These byte ranges occupy a wide variety of portions in the memory space which when abused causes Apache to malfunction.

It was introduced in almost middle of the year 2011, where half of the internet was left vulnerable. And the DOS attacks towards apache were increased by more than 200%. However a patch was released soon after the tool was introduced in the wild. You can read more about apache killer in the following post Zero day Dos vulnerability in Apache.

SlowLoris


Slowloris was also witnessed in the wild, however the intensity of this tool was pretty less then apache killer. Slowloris abuses handling of HTTP request headers
R-U-Dead-Yet


Where in 2011 Apache killer was seen to attack Apache webservers, A tool named R-U-Dead-Yet was also witnessed in wild exploiting HTTP Post Request in order to attack a IIS server. It implements DOS attack via long field submissions.

LOIC


With Apache killer and other tools getting patched on the server side, it was really difficult for the hacktivists to exploit big targets?, So how did they do so?. They used a famous tool called Low Orbit cannon or LOIC for short is by far one of the most famous DDOS tool even. Anonymous used this tool to exploit take down major targets such as payoneer. 

But what's so amazing about this tool as this tool is nearly unstoppable if it's being used by a massive number of audience to target a single website. It performs a DDOS attack by continuously sending a HTTP request. But what's more important to note about this tool is that in 2011, there were about 381,976 downloads. However this download amount has been already surpassed 2 months before in 2012

Image Credit: Imperva

RHA's Predictions For The Year 2012
  • In 2012, The DDOS attacks will be completely moved towards layer 7. 
  • LOIC would be the favorite tool for the year 2012.
  • Tools similar to Apache Killer may be expected. 
  • SSL DDOS attacks would be increased by a huge extent and more user friendly tools would be introduced.