EvilZone

Hacking and Security => Hacking and Security => Topic started by: Satan911 on September 18, 2012, 08:07:50 AM

Title: How to Launch a 65Gbps DDoS, and How to Stop One
Post by: Satan911 on September 18, 2012, 08:07:50 AM

http://blog.cloudflare.com/65gbps-ddos-no-problem

Good read. Feel a bit ashamed I never heard of the reflection technique.. It is quite interesting.

Title: Re: How to Launch a 65Gbps DDoS, and How to Stop One
Post by: Stackprotector on September 18, 2012, 10:24:26 AM

That shit is cool, cloudfare is also a very good services from what i hear.

Title: Re: How to Launch a 65Gbps DDoS, and How to Stop One
Post by: ande on September 18, 2012, 04:24:18 PM

This has been a problem from some time. First time I heard of this is probably a few years back. Funny how this is still a problem..

Title: Re: How to Launch a 65Gbps DDoS, and How to Stop One
Post by: namespace7 on September 18, 2012, 04:58:51 PM

Quote from: ande on September 18, 2012, 04:24:18 PM

This has been a problem from some time. First time I heard of this is probably a few years back. Funny how this is still a problem..

And it will still be a problem for many years to come. Just look at this data (http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html), and it is not even complete. Service providers are usually very lazy and don't want to invest money in anything that won't bring them money.

Title: Re: How to Launch a 65Gbps DDoS, and How to Stop One
Post by: Ullen on September 18, 2012, 05:31:52 PM

Can anyone please explain more about "open resolvers" 

Title: Re: How to Launch a 65Gbps DDoS, and How to Stop One
Post by: puddi on September 18, 2012, 06:22:13 PM

(http://getfile4.posterous.com/getfile/files.posterous.com/temp-2012-09-17/AztlsorzrBrAbypwAaAIczHzkiHoHweHudJqnDncffGzhjxetAtCcrhpstca/eu_slice_of_65Gbps_attack.png.scaled500.png)
:)

Title: Re: How to Launch a 65Gbps DDoS, and How to Stop One
Post by: namespace7 on September 18, 2012, 07:51:15 PM

Quote from: Af73R1if3 on September 18, 2012, 05:31:52 PM

Can anyone please explain more about "open resolvers"

It is nothing complicated. Just a DNS resolution service that also accepts requests from external sources, rather then just identified clients. What it does is listens for someone (anyone) to send a request to it (on port 53 usually) which might ask it to do something useful (like resolve a domain name and return a corresponding IP address) or something malicious (like return a huge number of DNS records to a target that you want to DoS). Because UDP (which is one-way in a sense) is usually used to send the request packets to the resolver and because the resolver allows anyone without identification to submit recursive queries, you can fake the sender IP in the header of the packet and the DNS resolver will send the stuff you or anyone else requested  to the IP you specify in the header of the packet. So basically you can use the OpenDNS service to help you DDoS your target.

Of course openDNS service providers can do quite a lot to protect against such attacks, but many don't bother to.

Hope this helps. If you want to know more about how the technology actually works, just get some book on DNS and it should have everything you wanna know.

Title: Re: How to Launch a 65Gbps DDoS, and How to Stop One
Post by: Polyphony on September 19, 2012, 01:23:58 AM

clever ways of amplifying and spoofing the source IP.  A freaking 65Gbps DDoS would be unbearable lol I guess CloudFlare has it under control though.