#DDOS ATTACK TOOL VERY GOOD CODE#
The CSFI team tested the tool in question and was able to "kill" an Apache2 patched Ubuntu 9.10 in less than 20 minutes, including a testing run that took 15 minutes."Īccording to CSFI's code review, the program has a default timeout of 5 seconds and also includes code that will try to figure out the target connection timeout. Knowing how many servers running on Apache there are, this makes the tool very dangerous since it doesn't require absolutely any knowledge from the attacker - all he/she has to do is run the tool and the target site goes down." Besides Apache (both versions 1.x and 2.x), Squid is also affected. "The tool works by exhausting Apache processes this is done by sending incomplete request headers so Apache keeps waiting for the final header line to arrive, the tool instead just sends a bogus header to keep the connection open.
The paper also points to some findings on the SANS Internet Storm Center site, which explains it this way: The attacks are also being enabled by a hacker tool one hacker site described as a "low-bandwidth yet greedy and poisonous HTTP client" that "essentially keeps an HTTP session alive indefinitely (or as long as possible) and repeating that process a few hundred times," leading to a sustained DDoS.Īt the request of CSFI, the name of the attack tool in question is not mentioned here. This variation of L7DA was claimed to have been discovered by our source in Singapore where their Beijing, China branch collected intelligence about Chinese hackers implementing a new Layer 7 DDOS attack," the paper continued. "This type of attack would focus on the HTTP Post method of the IIS and Apache applications. Specifically, the attack exploits a system design in both IIS and Apache applications and can crash the targeted servers within minutes. According to our source, this new L7DA targets IIS and Apache servers."Īlso see DDoS Returns: What Researchers Are Learning About Targets, Tactics "It is said to have been deployed to Chinese-owned botnets at this time. "The attack has been found in the wild and possibly created by Chinese hackers," the paper states.
0 kommentar(er)
