At the Core
27 September 13

Web-based DNS amplification DDoS attack

As part of our partnership with Alert Logic, Virtacore will be providing articles from Alert Logic’s security team as part of our “At the Core” blog.

The content below has been authored and provided to Virtacore by Alert Logic.

The idea of controlling multiple, high-bandwidth servers for launching DDoS attacks (versus controlling hundreds of thousands of less powerful malware-infected hosts) has always tempted cybercriminals. A recent high-profile example of this futuristic attack vector is Qassam Cyber Fighters, and their attacks against major U.S. financial institutions. A command and control PHP script in its early stages of development—one capable of integrating multiple (compromised) servers for the purpose of launching distributed denial of service attacks (DDoS) while taking advantage of their bandwidth—has been available for purchase for $800.

Takeaway: Techniques using such attacks cannot be easily thwarted; an enterprise must not only deploy multilayered security, but also have robust support from their ISP for fast notification to the ISP with infected DNS servers. Currently, the PHP script supports four types of DDoS attack tactics, namely DNS amplification, spoofed SYN, spoofed UDP, and HTTP+proxy support. The script also acts as a centralized command and control management interface for all the servers where it has been (secretly) installed.

YOUR Cloud. OUR Infrastructure.