Jump to content

Search the Community

Showing results for tags 'ddos'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges
    • Bug Bounty
    • Programare
    • Reverse engineering & exploit development
    • Mobile phones
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Sugestii
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Categories

There are no results to display.

There are no results to display.

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 26 results

  1. Hello After Collecting Best Of Denial Of Service Attack Tools, I decided To Share Them With You So, I Already Scanned All Tools And Removed Backdored one This Is A list Of Tools : - Anonymous Doser - Hoic - Hulk - Loic - SlowLoris - Unknow Doser - XOIC This is A picture : Now For The Download Link:* ddos attack tools
  2. Repo-ul e pe private for now.
  3. (inca unul mic si-al dracu' ) Si uite asa mai scapa un copil basma curata... SURSA A British teenager has been sentenced for his part in what was called the "biggest cyber attack in history". The attack on anti-junk mail group Spamhaus in 2013 slowed the internet around the world. Seth Nolan Mcdonagh was sentenced at Southwark crown court to 240 hours of community service for the attack. Mcdonagh had already pleaded guilty to five charges but details could not be reported until today's sentencing hearing by which time he had turned 18. The attack on Spamhaus - which tracks sources of junk mail messages, to help network administrators and law enforcement to block spam senders - began on 15 March 2013 and drew world-wide attention. It was a Distributed Denial of Service (DDoS) attack in which attackers bombarded servers with so many requests for data that they can no longer cope. This made them crash or stop working. Spamhaus called on anti-DDoS specialist Cloudflare for support which then led to further and heavier attacks. At its peak the attack was funnelling 300 gigabits of traffic every second to Spamhaus computers - the biggest DDoS attack ever seen at that time. The sheer volume of traffic caused problems for internet traffic internationally and particularly for LINX - the London Internet Exchange - which helps data hop from one network to another. The court heard the impact on the internet had been "substantial". Mcdonagh, who used the hacker alias "narko", was described as a "gun for hire" who took down websites for those willing to pay, although other individuals, the court heard, may also have been involved. Amongst other sites he targeted was the BBC on 24 February 2013, Sandip Patel QC for the prosecution said. The court also heard that more than £72,000 had been discovered in Mcdonagh's bank account after his arrest in April 2013. Source code used in the attacks was also found on machines in his house in London. He also had in his possession 1,000 credit card numbers, apparently from German financial institutions. Evidence presented in court revealed that Mcdonagh's criminal activity started when he was 13. Ben Cooper, defending Mcdonagh, said his client had suffered from a severe mental illness at the time of the attack and had withdrawn from school, the wider world and even his own family. His family have since played a key role in supporting his recovery to the point where he is now completing his A-levels and hoping to go to university . Judge Pegden described the case as "exceptional" adding that the crimes were "serious" and "sophisticated and unprecedented in scope". The judge did not impose a custodial sentence saying Mcdonagh's rehabilitation since his arrest was "remarkable" and that he had shown "complete and genuine remorse". He said there was virtually no risk of further harm or re-offending. Richard Cox, chief information officer at Spamhaus, thanked the UK's National Crime Agency for the "enormous effort and resources" it had dedicated to investigating Mcdonagh. He said he hoped the case would make very clear the considerable benefit that can result from law enforcement working closely with industry. "We fully appreciate the difficult predicament with which the sentencing judge was faced, and hope that anyone considering similar attacks will take heed of his remarks, that in any other circumstances such criminality would have resulted in a custodial sentence," he said.
  4. V? ofer acest trial de 120 secunde ca s? v? pica?i prieteni,etc. Connection Stresser - Dashboard
  5. Radware, a provider of application delivery DDoS attack protection solutions, this week unveiled its latest attack mitigation platform designed to help carriers and cloud providers protect against high volume DDoS attacks. According to Radware, its new attack mitigation platform provides up to 300Gbps of mitigation capacity and can help protect against volumetric DDoS attacks such as UDP reflection attacks, fragmented and out-of-state floods. Radware’s DefensePro x4420 has the ability to handle 230 million packets per second of attack traffic and was designed for multi-tenant environments with the ability to support up-to 1,000 active policies, separate processing capabilities and customized management & reporting per tenant, the company said. “Cyber-attacks have evolved and reached a tipping point in terms of quantity, length, complexity and targets,” says Carl Herberger, vice president of security solutions for Radware. “In 2014, one in seven cyber-attacks were larger than 10Gbps and we’ve seen attacks 100+Gbps in size. The attack landscape is changing and cyber-attackers are getting more and more aggressive with their tactics. It’s not uncommon for mobile carriers and cloud providers to experience extra-large attacks.” “Soon enough, DDoS attacks will eventually reach the 1Tbs level, placing manufacturers in a frenzy to keep up with future volumetric cyberattacks,” Dan Thormodsgaard, vice president of solutions architecture for FishNet Security, said in a statement. More information on the platform is available online. Sursa: securityweek.com
  6. Researchers have uncovered a distributed denial-of-service (DDoS) attack campaign that takes advantage of Joomla servers with a vulnerable Google Maps plug-in installed. Akamai's Prolexic Security Engineering & Research Team (PLXsert) worked with PhishLabs' Research, Analysis, and Intelligence Division (R.A.I.D) to analyze malicious traffic coming from multiple Joomla websites, a threat advisory (PDF) issued Wednesday said. Through analysis, the teams found that attackers were able to use servers as DDoS zombies due to a vulnerability in a Google Maps plug-in that allows the plug-in to act as a proxy, masking the origin of DDoS attacks. “Attackers spoof the source of the request, causing the results to be sent from the proxy to someone else – their denial of service target,” a release from Akamai explained. This year, the company has observed eight Joomla-based DDoS attacks against its customer base, six of which were targeted at the education sector. PLXsert said that the DDoS attacks contained traffic signatures that matched sites known for providing DDoS-for-hire services, and that miscreants used attack tools, such as DAVOSET and UFONet, that have also been increasingly adapted by the DDoS-for-hire market. Researchers have observed the Joomla-based DDoS attacks since September, but believe the for-hire attacks are ongoing. In a Thursday interview with SCMagazine.com, Rod Soto, principal security researcher at PLXsert, said that reflection-based DDoS attacks, like those seen in this campaign, have become popular as they allow attackers to use the “path of least resistance.” In the last quarter of 2014, Akamai found that 39 percent of all DDoS traffic used reflection techniques, which amplified attacks while hiding attackers' identities. “For reflection attacks, it does not require the attacker to actually compromise the botnet [or abused hosts],” Soto said. “Most of them don't even realize they are being used as reflectors.” In addition to ensuring that plug-ins for content management systems (CMS), like Joomla or WordPress, are properly patched, Akamai provided other DDoS migration steps, such as blocking HTTP GET/1.0 request traffic if support for legacy clients isn't needed, and blocking HTTP requests with a PHP-based user-agent string, if they are not needed, the threat advisory said. The advisory also included three Snort rules, which match the DDoS attack variations Akamai detected in the campaign. Source
  7. Hacktivists and gamers are becoming big users of net attacks that knock sites offline by bombarding them with data, suggests a report. Compiled by Arbor Networks, the report looks at 10 years of distributed denial of service (DDoS) attacks. The ease with which they could be staged had made them a favourite for groups with a grudge, said Arbor. Also, it said, insecure home routers were being enrolled into large groups of devices that mounted the attacks. Extortion attempt In the early days of DDoS, cybercrime gangs had used them to extort cash from websites run by betting and gambling firms that could not afford to be knocked offline, said Darren Anstee, a senior analyst at Arbor. Now, he said, attacks were being mounted by different groups and had grown considerably in size. In 2011, the biggest attacks had flung about 100 gigabits per second (Gbps) of data at targets, found the report. In 2014 that peak had hit 400Gbps and in the same year there had been four times as many attacks over 100Gbps than in the previous 12 months. "There's been a massive jump in the number of very large attacks going on out there," said Mr Anstee. "In 2014 we saw more volumetric attacks, with attackers trying to knock people offline by saturating their access to the internet." Almost 40% of the organisations Arbor contacted for its report said they were being hit by more than 21 attacks per month, said the report. The hacking group known as The Lizard Squad reportedly uses hacked home routers to mount some of its attacks Part of the reason for the shift to the large attacks could be explained by a change in the technologies being used to stage them, he said. When cybercrime gangs had been behind the majority of attacks, the data barrages had been generated by the thousands of hijacked home computers they had had under their control, he said. Botnets were still used to mount extortion attacks, he said, and were also used to divert the attention of a company's security team so they did not notice a separate attack on another part of a company's infrastructure. Figures in the report suggested that companies were getting better at spotting the early stages of an attack and recovering once they were hit, he said. However, said Mr Anstee, building a botnet was difficult for hacktivists and others, who had instead turned to other net-connected devices and technologies to generate the huge data flows. Some attacks abused the net's timekeeping system or the domain servers that kept a list of which website was where, he said. Other groups had found ways to enrol insecure home net gateways and routers into attacks, he added. Hacktivists, hacker groups such as Lizard Squad and gamers who wanted revenge on other players were the bigger users of these tactics, said Mr Anstee. It was now easy to find so-called "booter" services online that let gamers kick rivals off a particular gaming network or title by attacking that network, he said. DDoS was also being used by people keen to use their technical skills express their feelings about a real-world conflict. "If you look at DDoS attacks and try to tie them up with geopolitical events in the last few years, you will always see those events echoed in cyberspace," he said. Source
  8. Document Title: =============== LizardSquad DDoS Stresser - Multiple Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1417 http://magazine.vulnerability-db.com/?q=articles/2015/01/20/lizardsquad-ddos-stresser-multiple-vulnerabilities-revealed-takeover-ddos# Release Date: ============= 2015-01-20 Vulnerability Laboratory ID (VL-ID): ==================================== 1417 Common Vulnerability Scoring System: ==================================== 8.9 Product & Service Introduction: =============================== The product, called Lizard Stresser is a stress tester that might let you see how your own network stands up to DDoS attacks, like the ones that interrupted the gaming networks for several days last week. DDoS attacks basically overload servers with massive amounts of bogus requests. (Copy of the Homepage: https://lizardstresser.su/ ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the official LizardSquad DDoS Stresser online-service web-application. Vulnerability Disclosure Timeline: ================================== 2015-01-20: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== LizardSquad Product: DDoS Stresser - Web Application (Online-Service) 2015 Q1 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ Multiple web vulnerabilities has been discovered in the official LizardSquad `Stresser DDoS Service` web-application. 1.1 The 1st vulnerability is located in `username` value of the registration module. A user can register a script code as payload to the name values. The ddos web-service of the input on registration uses the wrong conditions to encode and parse. Thus allows to execute the injected script code in the `./ref` module of the service. The request method to inject is POST and the vulnerability is located on the application-side of the ddos stresser service. The main administrators are able to see the user passwords, by watching the logs of an compromised server you see that they can switch by login in through the registered user accounts. This is possible because of plain transfered passwords in the ddos application. The known event can be used to prepare malicious code that executes function in connection with application-side injected script codes. The vulnerable file to inject the code is the register.php file. Another execution of the injected script code occurs in the main dashboard (left sidebar) were the username is getting visible. Vulnerable Module(s): [+] Registration (./ref) Vulnerable Parameter(s): [+] username Affected Module(s): [+] Dashboard (Username in Left Sidebar) 1.2 The 2nd vulnerability is located in the Ticket Title & Ticket Content input fields of the `Tickets` (tickets) module. A fresh registered user account is able to inject own malicious persistent script code to the ticket input fields to exploit a backend administrator account. After an attacker registers and inject own script code to the ticket system he is able to get the ip of the backend users or can compromise the session data of moderators/administrators. The inject occurs in the `./tickets` module. The execution takes place locally in the listed open ticket items of the backend. Remote attackers are also able to access other tickets and stored information by intercepting the session of the add Ticket POST method request. Vulnerable Module(s): [+] Tickets (./tickets) Vulnerable Parameter(s): [+] name (servername) 1.3 The 3rd vulnerability is located in the target server `name` value. The attacker uses the device or servername to send malicious data to the ddos application control panel. A remote attacker can change the server or device name value to a script code payload that executes in the panel (server target list). The service syncs the the device/server name value after the infection but also if the attacker syncs the data manually. In case of usage macOS to attack it is possible to change the servername easily to a malicious script code payload that affects the ddos control panel. Vulnerable Module(s): [+] server list Vulnerable Parameter(s): [+] name (servername) 1.4 The 4th vulnerability is located in the `dasboard > user settings > change password` module. The data in the POST method to change the own account password is send in plain-text. Thus allows remote attackers and network administors to capture compromised accounts. The service can also be observed by man-in-the-middle attacks in the local network. Vulnerable Module(s): [+] dasboard > user settings > change password 1.5 The 5th vulnerability is also located in the `dasboard > user settings > change password` module. The POST method request of the change function in the ddos application can be intercepted by attackers to compromise the service. The remote attacker logs in as user and intercepts the session information by changing to an existing user account. Successul exploitation of the session tampering issues results in account system compromise (administrators/customers). Vulnerable Module(s): [+] dasboard > user settings > change password Vulnerable Parameter(s): [+] id Proof of Concept (PoC): ======================= 1.1 --- PoC Session Logs [POST] (Injection) --- Status: 200[OK] POST http://lizardstresser.su/usercp Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[-1] Mime Type[text/html] Request Header: Host[lizardstresser.su] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Referer [http://lizardstresser.su/usercp] Cookie[__cfduid=dede840b76815fd52769922600b1e086c1421749609; PHPSESSID=f4i5t8vhqgscb0adhtkqlcvv01] Connection[keep-alive] POST-Daten: cpassword[chaos666] npassword[http%3A%2F %2Flizardstresser.su%2F%3Fr%3Dimgsrcx2020iframesrca20iframe] rpassword[http%3A%2F%2Flizardstresser.su%2F%3Fr%3Dimgsrcx2020iframesrca20iframe] updatePassBtn[Change+Stored+Data%21] Response Header: Date[Tue, 20 Jan 2015 10:29:21 GMT] Content-Type[text/html] Transfer-Encoding[chunked] Connection[keep-alive] Expires[Thu, 19 Nov 1981 08:52:00 GMT] Cache-Control[no-store, no-cache, must-revalidate, post-check=0, pre-check=0] Pragma[no-cache] Server[cloudflare-nginx] CF-RAY[1aba972a06dd15b3-FRA] Content-Encoding[gzip] - Status: 302[Moved Temporarily] POST https://lizardstresser.su/register.php Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[-1] Mime Type[text/html] Request Header: Host[lizardstresser.su] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Referer[https://lizardstresser.su/register.php] Cookie[__cfduid=dede840b76815fd52769922600b1e086c1421749609; PHPSESSID=f4i5t8vhqgscb0adhtkqlcvv01] Connection[keep-alive] POST-Daten: username[%22%3E%3C%22%3Cimg+src%3D%22x%22%3E%2520%2520%3E%22%3Ciframe+src%3Da%3E%2520%3Ciframe%3E2] password[chaos666] rpassword[chaos666] email[research%40vulnerbaility-lab.com] ref[%2F] checkbox1[1] register[Register] Response Header: Server[cloudflare-nginx] Date[Tue, 20 Jan 2015 11:20:02 GMT] Content-Type[text/html] Expires[Thu, 19 Nov 1981 08:52:00 GMT] Cache-Control[no-store, no-cache, must-revalidate, post-check=0, pre-check=0] Pragma[no-cache] Location[/purchase] CF-RAY[1abae168238f15b3-FRA] X-Firefox-Spdy[3.1] Reference(s): http://lizardstresser.su/?r=imgsrcx2020iframesrca20iframe https://lizardstresser.su/register.php 1.2 --- PoC Session Logs [POST] (Injection) --- Status: 200[OK] POST http://lizardstresser.su/ajax/addticket.php Load Flags[LOAD_BYPASS_CACHE LOAD_BACKGROUND ] Größe des Inhalts[-1] Mime Type[text/html] Request Header: Host[lizardstresser.su] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0] Accept[*/*] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Content-Type[application/x-www-form-urlencoded; charset=UTF-8] X-Requested-With[XMLHttpRequest] Referer[http://lizardstresser.su/tickets] Content-Length[324] Cookie[__cfduid=dede840b76815fd52769922600b1e086c1421749609; PHPSESSID=f4i5t8vhqgscb0adhtkqlcvv01] Connection[keep-alive] Pragma[no-cache] Cache-Control[no-cache] POST-Daten: title2[%22%3E%3C%22%3Cimg+src%3D%22x%22%3E%2520%2520%3E%22%3Ciframe+src%3Da%3E%2520%3Ciframe%3E] code[%22%3E%3C%22%3Cimg+src%3D%22x%22%3E%2520%2520%3E%22%3Ciframe+src%3Da%3E%2520%3Ciframe%3E] content[%22%3E%3C%22%3Cimg+src%3D%22x%22%3E%2520%2520%3E%22%3Ciframe+src%3Da%3E%2520%3Ciframe%3E] hash[JMX02SbuIwklRiGPAVDgeOC5nTs41xFp] Response Header: Date[Tue, 20 Jan 2015 10:30:54 GMT] Content-Type[text/html] Transfer-Encoding[chunked] Connection[keep-alive] Expires[Thu, 19 Nov 1981 08:52:00 GMT] Cache-Control[no-store, no-cache, must-revalidate, post-check=0, pre-check=0] Pragma[no-cache] Server[cloudflare-nginx] CF-RAY[1aba996d3d7115b3-FRA] Content-Encoding[gzip] Reference(s): http://lizardstresser.su/ajax/addticket.php Credits & Authors: ================== Vulnerability Laboratory [Research Team] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source
  9. There is special type of DDoS attacks, application level DDoS, which is quite hard to combat against. Analyzing logic which filters this type of DDoS attack must operate on HTTP message level. So in most cases the logic is implemented as custom modules for application layer (usually nowadays user space) HTTP accelerators. And surely Nginx is the most widespread platform for such solutions. However, common HTTP servers and reverse proxies were not designed for DDoS mitigation- they are simply wrong tools for this issue. One of the reason is that they are too slow to combat with massive traffic (see my recent paper and presentation for other reasons). If logging is switched off and all content is in cache, then HTTP parser becomes the hottest spot. Simplified output of perf for Nginx under simple DoS is shown below (Nginx’s calls begin with ’ngx’ prefix, memcpy and recv are standard GLIBC calls): % symbol name 1.5719 ngx_http_parse_header_line 1.0303 ngx_vslprintf 0.6401 memcpy 0.5807 recv 0.5156 ngx_linux_sendfile_chain 0.4990 ngx_http_limit_req_handler The next hot spots are linked to complicated application logic (ngx vslprintf ) and I/O. During Tempesta FW development We have studied several HTTP servers and proxies (Nginx, Apache Traffic Server, Cherokee, node.js, Varnish and userver) and learned that all of them use switch and/or if-else driven state machines. The problem with the approach is that HTTP parsing code is comparable in size with L1i cache and processes one character at a time with significant number of branches. Modern compilers optimize large switch statements to lookup tables that minimizes number of conditional jumps, but branch misprediction and instruction cache misses still hurt performance of the state machine. So the method probably has poor performance. The other well-known approach is table-driven automaton. However, simple HTTP parser can have more than 200 states and 72 alphabet cardinality. That gives 200 x 72 = 14400 bytes for the table, which is about half of L1d of modern microprocessors. So the approach is also could be considered as inefficient due to high memory consumption. The first obvious alternative for the state machine is to use Hybrid State Machine (HSM) described in our paper, which combines very small table with also small switch statement. In our case we tried to encode outgoing transitions from a state with at most 4 ranges. If the state has more outgoing transitions, then all transitions over that 4 must be encoded in switch. All actions (like storing HTTP header names and values) must be performed in switch. Using this technique we can encode each state with only 16 bytes, i.e. one cache line can contain 4 states. Giving this the approach should have significantly improve data cache hit. We also know that Ragel generates perfect automatons and combines case labels in switch statement with direct goto labels (it seems switch is used to be able to enter FSM from any state, i.e. to be able to process chunked data). Such automatons has lower number of loop cycle and bit faster than traditional a-loop-cycle-for-each-transition approach. There was successful attempt to generate simple HTTP parsers using Ragel, but the parsers are limited in functionality. However there are also several research papers which says that an automaton states is just auxiliary information and an automaton can be significantly accelerated if state information is declined. So the second interesting opportunity to generate the fastest HTTP parser is just to encode the automaton directly using simple goto statements, ever w/o any explicit loop. Basically HTTP parsers just matches a string against set of characters (e.g. [A-Za-z_-] for header names), what strspn(3) does. SSE 4.2 provides PCMPSTR instructions family for this purpose (GLIBC since 2.16 uses SSE 4.2 implemenetation for strspn()). However, this is vector instruction which doesn't support accept or reject sets more than 16 characters, so it's not too usable for HTTP parsers. Results I made a simple benchmark for four approaches described above (http_ngx.c - Nginx HTTP parsing routines, http_table.c - table-driven FSM, http_hsm.c - hybrid state machine and http_goto.c - simple goto-driven FSM). And here are the results (routines with 'opt' or 'lw' - are optimized or lightweight versions of functions): Haswell (i7-4650U) Nginx HTTP parser: ngx_request_line: 730ms ngx_header_line: 422ms ngx_lw_header_line: 428ms ngx_big_header_line: 1725ms HTTP Hybrid State Machine: hsm_header_line: 553ms Table-driven Automaton (DPI) tbl_header_line: 473ms tbl_big_header_line: 840ms Goto-driven Automaton: goto_request_line: 470ms goto_opt_request_line: 458ms goto_header_line: 237ms goto_big_header_line: 589ms Core (Xeon E5335) Nginx HTTP parser: ngx_request_line: 909ms ngx_header_line: 583ms ngx_lw_header_line: 661ms ngx_big_header_line: 1938ms HTTP Hybrid State Machine: hsm_header_line: 433ms Table-driven Automaton (DPI) tbl_header_line: 562ms tbl_big_header_line: 1570ms Goto-driven Automaton: goto_request_line: 747ms goto_opt_request_line: 736ms goto_header_line: 375ms goto_big_header_line: 975ms Goto-driven automaton shows the better performance in all the tests on both the architectures. Also it's much easier to implement in comparison with HSM. So in Tempesta FW we migrated from HSM to goto-driven atomaton, but with some additional optimizations. Lessons Learned ** Haswell has very good BPU ** Core micro-architecture has show that HSM behaves much better than switch-driven and table-driven automatons. While this is not the case for Haswell - the approach loses to both the approaches. I've tried many optimizations techniques to improve HSM performance, but the results above are the best and they still worse than the simple FSM approaches. Profiler shows that the problem (hot spot) in HSM on Haswell is in the following code if (likely((unsigned char)(c - RNG_CB(s, 0)) <= RNG_SUB(s, 0))) { st = RNG_ST(s, 0); continue; } Here we extract transition information and compare current character with the range. In most cases only this one branch is observer in the test. 3rd and 4th branches are never observed. The whole automaton was encoded with only 2 cache lines. In first test case, when XTrans.x structure is dereferenced to get access to the ranges, the compiler generates 3 pointer dereferences. In fact these instructions (part of the disassembled branch) sub 0x4010c4(%rax),%bl cmp 0x4010c5(%rax),%bl movzbl 0x4010cc(%rax),%eax produce 3 accesses to L1d and the cache has very limited bandwidth (64 bytes for reading and 32 bytes for writing) on each cycle with minimal latency as 4 cycles for Haswell. While the only one cache line is accessed by all the instructions. So the test case bottle neck is L1d bandwidth. If we use XTrans.l longs (we need only l[0], which can be loaded with only one L1d access, in all the cases) and use bitwise operations to extract the data, then we get lower number of L1d accesses (4G vs 6.7G for previous cases), but branch mispredictions are increased. The problem is that more complex statement in the conditions makes harder to Branch Prediction Unit to predict branches. However, we can see that simple branches (for switch-driven and goto-driven automatons) show perfect performance on Haswell. So advanced Haswell BPU perfectly processes simple automatons making complex HSM inadequate. In fact HSM is only test which is slower on Haswell in comparison with Core Xeon. Probably, this is the difference between server and mobile chips that ever old server processor beats modern mobile CPU on complex loads... -O3 is ambiguous Sometimes -O3 (GCC 4.8.2) generates slower code than -O2. Also benchmarks for -O3 show very strange and unexpected results. For example the below are results for -O2: goto_request_line: 470ms However, -O3 shows worse results: goto_request_line: 852ms Automata must be encoded statically whenever possible Table-driven and HSM automaton are encoded using static constant tables (in difference with run-time generated tables for current DPI parser). This was done during HSM optimizations. Sometimes compiler can't optimize code using run-time generated tables. And this is crucial for real hot spots (for HSM the table is used in the if-statement described above which gets about 50-70% of whole the function execution time) - after the moving to the static data the code can get up to 50% performance improvement (the case for HSM). Source: High Performance Linux: Fast Finite State Machine for HTTP Parsing Refs: - Tempesta FW is a hybrid solution which combines reverse proxy and firewall at the same time. It accelerates Web applications and provide high performance framework with access to all network layers for running complex network traffic classification and blocking modules - http://natsys-lab.com/tpl/tempesta_fw.pdf
  10. Manual: (sorry my bad english) http://www.youtube.com/watch?v=B2u0oBd8R0c Download: HttpFlooder.exe — RGhost — ????????????? Soft coded - PuL9 (not me). Made in Russia
  11. Salut baieti ,am vazut ca Team-CrackerS astia si-au revenit iar si am zis sa ma pun pe ei Team-CrackerS pwned Nu cred ca isi va mai reveni . Jegosi m-au reclamat la provider si acum stau pe netu la vecini pana se rezolva ) Ce pareri aveti ?
  12. This is another big news to the cyber world that, DDos attack that is most common and popular attack used by the hackers to shut down the service of a host connected to the Internet have reached a higher attacking speed by breaking the earlier biggest DDos attack of 300 Gbps that was recorded in the Spamhaus DDoS attack, which almost the broke the internet. To boost the attacking speed of Distributed Denial of Service attack (DDos) sizes hackers uses a new tricks called "Amplification Attack" that was named in 2013 over last year biggest DDos attack of 300Gbps. Yesterday, hacker have succeeded in achieving the highest peak of DDos attacking speed of more then 400Gbps by applying the same method targeting the content-delivery and anti-DDoS protection firm Cloudfare data-server of Europe. Amplification attack provide the benefits of obscuring the source of the attack, while enabling the bandwidth to be used to multiply the size of the attack. Cloudflare CEO Matthew Price says that, “Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year. Mitigating,” “Someone’s got a big, new cannon. Start of ugly things to come,” Attacker found the vulnerability on the one of the protocol of cloud Network Time Protocol (NTP) which synchronize computer clocks. Hackers have leveraged the NTP servers by sending small spoofed 8-byte UDP packets to the vulnerable server that requests a large amount of data to be sent to the DDoS's target IP Address. Company says that, all the version of the of ntpd prior to 4.2.7 are vulnerable and are recommended to upgrade it to the latest version. It also mention that, Until all the misconfigured NTP servers are cleaned up, attacks of this nature will continue. Credits: http://www.cyberkendra.com/2014/02/world-largest-ddos-attack-of-400gbps.html
  13. Versus71

    d0z-me

    Malicious URL Shortener + HTML5 DDoS PoC This project demonstrates the serious consequences of the Internet's increased reliance upon URL shortners, as well as how easy it is to create an unwitting DDoS botnet using new HTML5 features without actually exploiting a single computer. It is intended only for demonstration and testing purposes; if you target a site that is not yours, you are responsible for the consequences. Download: http://d0z-me.googlecode.com/files/d0z-me-0.2.tar.gz
  14. Thirteen US defendants last week pleaded guilty to taking part in attacks by Anonymous against PayPal. The US Department of Justice (DoJ) said the accused had all admitted to carrying out a Distributed Denial of Service (DDoS) cyber-attack against PayPal in December 2010 in protest against the payment processing firm's decision to stop handling donations to WikiLeaks over the Cablegate affair. One of the defendants also pleaded guilty to a separate cyber-attack on the website of Santa Cruz County. In a plea agreement, the accused admitted using the Low Orbit Ion Cannon tool, Anonymous's favourite website flooding utility, to hit PayPal as part of “Operation Avenge Assange”. The 13 defendants pleaded guilty to computer hacking offences. In a DoJ statement, the accused were named as: Christopher Wayne Cooper, 26 (AKA Anthrophobic), from Elberta, Alabama; Joshua John Covelli, 28, (AKA Absolem) from Fairborn, Ohio; Keith Wilson Downey, 29, from Jacksonville, Florida; Mercedes Renee Haefer, 22, (AKA No) from Las Vegas, Nevada; Donald Husband, 32, (AKA Ananon) from Fairfield, California; Vincent Charles Kershaw, 29, (AKA Trivette, Triv, and Reaper) from Fort Collins, Colorado; Ethan Miles, 36, from Flagstaff, Arizona; James C. Murphy, 39, from Baldwin Park, California; Drew Alan Phillips, 28, (AKA Drew010) from Santa Rosa, California; Jeffrey Puglisi, 30, (AKA Jeffer) from Clinton Township, Michigan; Daniel Sullivan, 24, from Camarillo, California; Tracy Ann Valenzuela, 44, from Napa, California; and Christopher Quang Vo, 24, from Attleboro, Massachusetts. Covelli also pleaded guilty to executing a DDoS attack (with another defendant, presently a fugitive) against the Santa Cruz County web server, which the Feds reported him as saying was "in retaliation" for the break-up of a local protest camp by the City of Santa Cruz. Covelli and others, calling themselves the “People’s Liberation Front” or “PLF” and claiming to allegiance to Anonymous, launched a DDoS against Santa Cruz County’s website as part of “Operation Peace Camp 2010”. All 13 defendants were released on bail pending sentencing hearings scheduled for November and December 2014. Last week eBay chairman Pierre Omidyar called for leniency in the prosecution of those accused of playing a part in DDoSing PayPal. He pointed out that the accused are part of thousands who took part in the protest. There's no particular suggestion that any of the accused can be properly described as ringleaders in the protest but despite this and even after their guilty pleas, the suspects are still at risk of finding themselves behind bars for a prolonged stay at Club Fed. The PayPal DDoS prosecution follows an investigation by the Federal Bureau of Investigation, along with cooperation from PayPal. Authorities in the Netherlands, Germany and France have also taken their own investigative and enforcement actions. The National Cyber-Forensics and Training Alliance also provided assistance in investigating the high profile case. Source: PayPal 13 plead guilty to launching DDoS attacks • The Register
  15. In a recent cyber attack on a Forum site, thousands of outdated legitimate WordPress blogs were abused to perform DDOS attacks using previously known vulnerabilities. After analyzing the Log file from the victim's server, we have noticed many Wordpress CMS based educational (.EDU) and Government (.GOV) websites from where the attack was originated. In the past we have reported about many such cyber attacks, where attackers hacked into the Wordpress blogs using password brute-force attack or they used the PINGBACK vulnerability in older versions of Wordpress without compromising the server. WordPress has a built in functionality called Pingback, which allows anyone to initiate a request from WordPress to an arbitrary site and it can be used for a single machine to originate millions of requests from multiple locations. We have seen more than 100,000 IP addresses involved in the recent DDOS attack and the victim's Forum website received more than 40,000 requests in 7 minutes from different Wordpress blogs and IP addresses. In this recent attack, we have noticed more than 4000 .EDU and .GOV sites along with thousands of other abused sites, including following: These large servers can cause much more damage in DDoS attacks because the servers have the large network bandwidth and are capable of generating significant amounts of traffic. At this time it's not clear that either these Wordpress blogs are compromised or the Pingback vulnerability was used to perform the attack. But It’s always wise to learn from other’s mistake. If you still use 'admin' or common name as a user name on your blog, change it, use a strong password. There are also security plug-ins available, two-factor authentication options available for WordPress and of course make sure you are up-to-date on the latest version of WordPress. Source: DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs - The Hacker News My opionion: looks like a lame http flood ;-)
  16. Content delivery network (CDN) specialist Akamai Technologies is acquiring Prolexic in a bid to extend its web optimization and security offerings. Prolexic is a natural extension for Akamai, as the hybrid CDN/security model has been on the rise. Akamai will acquire all of the outstanding equity of Prolexic in exchange for a net cash payment of approximately $370 million, after expected purchase price adjustments, plus the assumption of outstanding unvested options to purchase Prolexic stock. Prolexic gives Akamai (AKAM) further cloud-based security for protecting data centers and enterprise IP applications from distributed denial of service (DDoS) attacks. DDoS attacks can temporarily cripple a organization, preventing legitimate users from accessing a service. “Any company doing business on the Internet faces an evolving threat landscape of attacks aimed at disrupting operations, defacing the brand, or attempting to steal sensitive data and information,” said Tom Leighton, CEO of Akamai. “By joining forces with Prolexic, we intend to combine Akamai’s leading security and performance platform with Prolexic’s highly-regarded DDoS mitigation solutions for data center and enterprise applications protection. We believe that Prolexic’s solutions and team will help us achieve our goal of making the Internet fast, reliable, and secure.” Companies like CloudFlare that provide a hybrid of CDN and security services have captured a lot of the consumer market, and stand as a possible future threat to Akamai’s business. Akamai needs to evolve, and it is doing so here. Akamai is firmly rooted in the higher end of the market and will maintain its position by expanding its portfolio of security solutions, in addition to content delivery services. The acquisition means businesses can acquire performance and DDoS mitigation from a single vendor. “Today, business is defined by the availability, security and latency of Internet-facing applications, data and infrastructure,” said Scott Hammack, CEO at Prolexic, which has been a pioneer in DDoS defense. “Being able to rely on one provider for Internet performance and security greatly simplifies resolution of network availability issues and offers clients clear lines of accountability. We believe that, together, we will be able to deliver an unprecedented level of network visibility and protection.” Akamai intends to provide customers with a comprehensive portfolio of security solutions designed to defend an enterprise’s Web and IP infrastructure against application-layer, network-layer and data center attacks delivered via the Internet. Source: Akamai Acquires Prolexic to Protect Customers From DDoS Attacks | Data Center Knowledge
  17. Hello Guys , I am looking for list of Public DNS server which like powerful one and I find a list like that : (powerful means that I like to have DNS server which should be fast ,reliable ,high speed and always available) but I want more, anybody has idea how can I find more? 4.2.2.4 216.52.65.1 216.83.236.227 216.54.2.10 216.250.190.144 216.215.19.4 216.211.191.9 8.8.8.8 216.211.191.3 64.136.173.5 64.136.164.77 64.135.2.250 37.143.9.90 68.87.85.102 68.87.78.134 85.38.28.86 85.38.28.84 91.218.228.249 91.186.192.3 91.185.6.10 91.185.2.10 I am looking forward to hearing from you guys Thank you so much Yohann
  18. MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day > MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day MySQL Remote Preauth User Enumeration Zeroday > MySQL Remote Preauth User Enumeration Zeroday MySQL Denial of Service Zeroday PoC > MySQL Denial of Service Zeroday PoC MySQL (Linux) Database Privilege Elevation Zeroday Exploit > MySQL (Linux) Database Privilege Elevation Zeroday Exploit MySQL (Linux) Heap Based Overrun PoC Zeroday > MySQL (Linux) Heap Based Overrun PoC Zeroday http://www.exploit-db.com/exploits/23075/ > MySQL (Linux) Stack Based Buffer Overrun PoC Zeroday MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot) > MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot) Vulnerabilitatiile au fost publicate pe 1 dec, iar incepand cu 2 dec au aparut POC-urile. Atentie mare tot sysadmini, faceti update la mysql au aparut patchuri deja, sau provizoriu blocati portul.
  19. Incapsula security study reveals how a simple neglect in managing the administrative password of a small UK site was quickly exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. If you've been following the news, you are probably aware of a wave of DDoS attacks that recently hit several major U.S. banks. Izz ad-Din al-Qassam, a hacker group that claimed responsibility for these attacks, declared them to be a retaliation for an anti-Islam video that mocked the Prophet Muhammad and a part of the on-going “Operation Ababil.” As the reports of the attack started to roll in, Incapsula security team was able to uncover one of the secret foot-soldiers behind the assault: a compromised general-interest UK-based website that was trying to hurl large chunks of junk traffic at three of the world's largest financial institutions (PNC, HSBC and Fifth Third Bank). At On the eve of the attack, this website suddenly became a focal point of a rapidly -increasing number of security events, caused by numerous requests with encoded PHP code payload. Incapsula was able to intercept these requests and traced them back to a backdoor shell that was used to hijack the site. The backdoor was installed before the website on-boarded Incapsula, and yet the cause of security breach was clear. The administrative password was...you guessed it: admin / admin. After decoding the incoming PHP requests, the security team could clearly identify them as DDoS attack commands, originating from a Turkish web design company website which was used as a remote Botnet C&C. From the looks of it, the Turkish website was also compromised and used as an additional buffer between the real hacker and its U.S. based targets. Further investigation showed that the UK website was a part of a Botnet for Hire which was working in “shifts” to produce HTTP and UDP flood attacks. As Incapsula team continued to block and monitor incoming DDoS commands, they saw that the list of targets went beyond American banks, also including e-commerce and commercial websites from several other countries. Incapsula published the full description of the DDoS attack in the company blog, concluding it by saying that this was just another demonstration of how security on the Internet is always determined by the weakest link. Simple neglect in manage the administrative password of a small UK site, can very quickly be exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. Incapsula Security Analyst, Ronen Atias said: “This is a good example of how we are all just a part of a shared ecosystem where website security should be a shared goal and a shared responsibility.” Via: Under the hood of recent DDoS Attack on U.S. Banks - Hacking News
  20. Mai jos, o sa va prezint majoritatea tipurilor de atac dos/ddos cat si ce anume vizeaza ele. Am omis din lista atacurile ce tineau de anii 95 (igmp, nuke, windows 95 based. Subiectul este ocolit de multi pentru ca sunt foarte putine companiile care ofera solutii reale de filtrare a atacurilor (de regula este bullshit de marketing), iar cele care ofera astfel de solutii, este logic ca le tin private, pentru ca preturile sunt extrem de mari iar tehnologiile de filtering sunt putine si de multe ori ineficiente in fata atacurilor “moderne”. Cam atat despre asta pentru moment, si sa trecem la subiectul acestui tutorial. [*] UDP Flood Congestia conexiunii. Este un atack ce 'consuma' latimea de banda. [*] ICMP Flood Congestia conexiunii. Este un atack ce 'consuma' latimea de banda. [*] TCP Flood (SYN) Congestia conexiunii. De asemenea, consuma ciclii de procesare (Epuizarea resurselor CPU). Poate face inoperabil OS si poate folosi toti socketii disponibili. Incarca tabelele de conexiuni si face sistemul sa nu accepte conexiuni noi, pentru ca lista de asteptare (queue) devine plina. Daca este cu sursa spofata si numarul de pachete este considerabil, este aproape imposibil de filtrat. Poate fi ameliorat efectul doar cu echipamente specializate sau distribuirea serviciilor in clustere. FreeBSD are un sistem relativ bun de protectie pentru acest lucru (synproxy), insa la foarte multe sesiuni tcp noi pe secunda, acesta nu face fata cu un singur sistem folosit pentru filtrare. De asemenea, pe FreeBSD exista mai multe mecanisme pentru acest lucru. Unul dintre acestea este syncache. O alta metoda de a ameliora efectele sale, sunt reducerea timpilor de acceptare a conexiunilor. Este cel mai 'profi' atac (D)DoS. [*] Smurf attack Congestia conexiunii. Atacurile smurf se mai numesc si 'ICMP amplification attack' sau 'Reflection Attack'. Acest tip de atack vizeaza adresa broadcast. [*] Fraggle attack Congestia conexiunii. Fraggle este un tip de flood asemanator cu Smurf, insa pachetele trimise sunt UDP. Acest tip de atack vizeaza adresa broadcast, DST PORT 7 (echo) [*] Papasmurf attack Congestia conexiunii. Acest tip de flood este un hibrid rezultat din combinarea atacurilor Fraggle+Smurf. [*] Land attack Daca serverul vizat este linux, in majoritatea cazurilor kernelul da crash. Sursa atacului este alterata, astfel incat devinde identica cu destinatia, fapt pentru care, kernelul incepe sa-i(si) raspunda cu 'ack'. (war ack) Nota: Nu am idee daca mai functioneaza la kernel 2.6.x ; La FreeBSD nu functioneaza pentru ca are un sistem de protectie ce face sa nu accepte pachete din afara cu adresa ip configurata pe interfata. [*] Eyenetdee Acest tip de atack este foarte asemanator cu 'Land attack', diferenta este ca sunt folosite pachete SYN. Tinta acestui atac sunt aplicatiile, in special pop3, imap si ftp. (probabilitatea de a bloca aplicatiile) [*] DNS Amplification Attack Congestia conexiunii. De asemenea, consuma ciclii de procesare (Epuizarea resurselor CPU) Aceste atacuri se bazeaza pe baza 'amplificarii' in intensitate, din cauza folosirii interogarilor recursive. Din moment ce vizeaza doar serviciul DNS (bind/named), in cazul in care este bine configurat si nu accepta interogari recursive, acest atac nu are randament. [*] TCP Fin Flood (spoofed) Acest tip de flood consuma ciclii de procesare (Epuizarea resurselor CPU), in cazuri rare genereaza si congestiunea conexiunii. Sursa pachetelor este alterata (spoofata) iar pachetele tcp au flag-ul FIN setat. Este usor de filtrat, in special pe FreeBSD. [*] TCP RST flood (spoofed) Acest tip de flood consuma ciclii de procesare (Epuizarea resurselor CPU) si genereaza congestiunea conexiunii. Sursa pachetelor este alterata (spoofata) iar pachetele tcp au flag-ul RST setat. Este relativ usor de filtrat. [*] TCP ACK (spoofed) Acest tip de flood consuma ciclii de procesare (Epuizarea resurselor CPU) si genereaza congestiunea conexiunii. Sursa pachetelor este alterata (spoofata) iar pachetele tcp au flag-ul ACK setat. [*] SIP Flood Acest tip de atac are ca tinta echipamentele VoIP si vizeaza blocarea lor. Se bazeaza pe trimiterea de mesje 'INVITE' catre porturile 5060, 5061 (in general) Nota: o sa fie alt subiect despre atacurile dos/ddos low-bandwidth based.
  21. La un tutorial ASM facut de @c0unt3rlog1c despre un udp flooder au fost ceva intrebari puse de @Zatarra; Pentru a nu altera threadul omului, am deschis discutia asta. Sunt sigur ca sunt multi care au astfel de intrebari. Va astept aici cu orice intrebare legata de atacurile (D)DoS, efectele acestora cat si metodele de inlaturare ale efectelor. Din exemplul meu din acel thread: 21:07:38.225850 IP 172.16.0.4.37438 > 172.16.0.3.80: UDP, length 1 21:07:38.225855 IP 172.16.0.4.37438 > 172.16.0.3.80: UDP, length 1 21:07:38.225857 IP 172.16.0.4.37438 > 172.16.0.3.80: UDP, length 1 21:07:38.225867 IP 172.16.0.4.37438 > 172.16.0.3.80: UDP, length 1 21:07:38.225869 IP 172.16.0.4.37438 > 172.16.0.3.80: UDP, length 1 21:07:38.225994 IP 172.16.0.4.37438 > 172.16.0.3.80: UDP, length 1 21:07:38.225996 IP 172.16.0.4.37438 > 172.16.0.3.80: UDP, length 1 21:07:38.225998 IP 172.16.0.4.37438 > 172.16.0.3.80: UDP, length 1 21:07:38.225999 IP 172.16.0.4.37438 > 172.16.0.3.80: UDP, length 1 Se pot observa urmatoarele caracteristici ale acestui atac (profilul): - Srcaddr este static (172.16.0.4) - Srcport este static (37438) - Dstport este static (80) ; Avand port 80, tinta atacului este serviciul web. - Lungimea pachetului nu este variabila (length 1) - Atacul este de tip UDP / Non spoofed. Nota: Atacurile udp vizeaza congestia conexiunii. Este un atack ce 'consuma' latimea de banda. Deci, chiar daca filtrati atacul (caz in care pachetele nu mai sunt procesate), latimea de banda o sa fie utilizata. O sa luam intrebarile puse in threadul celalalt (le folosim ca scenarii): - Solutia in ambele scenarii, avand in vedere exemplul de atac de mai sus este filtrarea pachetelor UDP ce au ca tinta portul 80. Acesta fiind folosit de HTTP, comunicarea client->server se face doar pe TCP.
  22. Botnet DC++ Vand botnet'ul meu pe dc++ ( dns,160-180 boti,exe fud ) Bot'ul are asa : TCP UDP KEY Attack Mirror ( un gen de proxy ) Este destul de stabil si puternic,nu poate fi spart de nimeni ( botul poate fi controlat doar daca ai cont pe hub-ul dc++ ) Pretul este de 50 $ Paypal,Western Union,Transfer pe card Accept si teste,dar nu veniti cu target gen microsoft,google,yahoo sau ceva de genul asta Spreading Garantez 4-5K logs pe zi sau 100-150 de boti pe zi Metoda: Upload pe principalele trackere din Romania ( Filelist,ExtreameShare,Xplor,etc ) Pret 50 $ / luna , 25 $ 2 saptamani, 15 $ 1 saptamana Contact : PM
×
×
  • Create New...