back to article Hacktivists, blackhats snatch sixguns from whitehats' holsters

Tools designed for testing server and network defences are being snapped up by hacktivists to launch denial-of-service attacks on websites. More and more assaults are concentrating on knackering web apps and the HTTP server software running it, rather than simply flooding the underlying stack with bogus traffic to exhaust …

COMMENTS

This topic is closed for new posts.
  1. Destroy All Monsters Silver badge
    Big Brother

    LOIC?

    Nothing to write home about, really.

    Also, verboten to download in the UK I hear.

    1. Kit-Fox

      Re: LOIC?

      I see no reason why either possessing LOIC or using it against a target you either own or have permission to stress is against the law.

      In fact it would be a rather depressing & dire state of affairs if that were true, as it would make other penetration & stress testing tools illegal too, many of which are used for a variety of legal purposes.

      1. Ben Tasker

        Re: LOIC?

        IIRC it was something they discussed though, and ISTR have actually implemented in Germany. Certain tools require a license.

        Of course, it only really affects those who are using the tools legitimately. If you're potentially at risk of being done under the Computer Misuse Act anyway, why would you care about what the Naughty Boy Tools Act anyway?

        Not to mention that if the only people who have them are the bad-guys, the good-guys can't check their networks so are actually more at risk.

        To be honest this article sounds half like a puff piece for Imperva, and half like someone trying to give the Govt another excuse to foolishly try and outlaw testing tools for our 'own safety'

        1. amanfromMars 1 Silver badge

          Surely not? Whatever are they using for brains?

          To be honest this article sounds half like a puff piece for Imperva, and half like someone trying to give the Govt another excuse to foolishly try and outlaw testing tools for our 'own safety'.... Ben Tasker Posted Thursday 20th September 2012 17:02 GMT

          Do some folk still listen to corrupt self-serving governments today and expect them to be looking out for their better interests and working for them, BT? How very weird and sad and mad and bad. Don't they follow the news and trash television?

          1. Ben Tasker

            Re: Surely not? Whatever are they using for brains?

            Its not always a case of being corrupt and self-serving. In fact when it comes to the more technical areas it seems to be more of a case of politicians writing bills without any understanding of the subject matter. Much like you writing about the population of Venus, if certain books are to be believed.

            Those watching the truly trashy TV on anything but a day off sick probably don't have much interest in what the govt does or doesn't do, aside from the odd DM style rant about immigration or similar imho.

            As for what they're using for brains, I do sometimes wonder if its an approximate mix of treacle and mashed potato. Not that the two should ever meet mind.

            1. paulll
              Happy

              Re: Surely not? Whatever are they using for brains?

              I don't remember Dangermouse ever ranting about immigration.

  2. Anonymous Coward
    Anonymous Coward

    "organisations can mitigate these effects by learning how to identify and protect against malicious traffic."

    Can they really escape a DDoS attack just by doing that? Last time I checked you needed to spread your infrastructure across different upstreams. Not the kind of resources available to your run-of-the-mill website.

    1. Ben Tasker

      Indeed, unless you're able to filter upstream from your infrastructure a big attack can still saturate your bandwidth even if you're then dropping every single packet that's received.

      Where it can be of use, though, is where the DDoS isn't just about swamping the server with packets. Some 'smaller' DDoS attacks (in terms of the amount of traffic) work by opening numerous connections to the server in an attempt to exhaust the available resources. Filtering these can be really effective, but you do still run the risk of bandwidth saturation if the number of bots trying to connect is too high.

      What makes it worse is that you don't even really need a botnet nowadays. There are 'cloud' based organisations that will allow you to run your own DDoS load test using their services. One of our customers got hit hard by 80legs a while back. Despite claims on their website of obeying this, that and the other the only way we managed to mitigate the effects was to create a rule that would identify their UA and redirect the traffic back to 80legs. Being cloud based, the connections came from a shit-load of different IP's and as soon as you'd blocked one another sprang up. Never did hear back from the snot-o-gram I sent them suggesting that they implement a mechanism to verify the 'customer' owned the tested domain before they could launch a test (create a file with this name would be sufficient in most cases IMHO).

      It's interesting seeing the different targets of attacks (even if it is a pain in the arse dealing with the attack itself). Sometimes it's bad luck, other times the victim is targeted along with others in a similar category (say games sites for example).

  3. NoneSuch Silver badge
    Black Helicopters

    Well, that explains why I have bollards and yellow/black safety tape around my desk. Hi-visibility jacketed people everywhere controlling the scene so it does not get out of hand.

    Oh, look. A modified speed camera pointing at my desk that goes off whenever I send out more than 1000 SYN requests per second.

  4. Anonymous Coward
    Anonymous Coward

    IIS, Apache, Sharepoint - all I needed to hear

    directed at specific flavours of web servers such as IIS or Apache, or to specific applications, such as SharePoint

    flavours = "flavors" (US conversion) like colours = colors

    nginx reports?

  5. Steven Burn
    Thumb Down

    Bah

    Neither the tools, nor the blackhats use of them, is anywhere near "new" - it's been going on for years, since the tools were first published online.

    As for mitigating them, unless you can spread your servers and such over a ton of different upstreams, you've got no hope of ever stopping such an attack, either saturating them to the point of uselessness, or taking them down completely.

  6. koolholio
    Holmes

    I believe this is news from approximately 12 years ago, back in the days of Sasser, Netbus etc.

    How can an antivirus determine the difference between legitimate or illegitimate access? Some anti-viruses could even be labelled as illegitimate themselves, as they have provenly damaged systems before?

    Wheres the line... Application based injection is an attack method... and isnt anything new (refer to the OSI model)

    DDoS is purely a culmatively widespread exhaustion of resources...

This topic is closed for new posts.

Other stories you might like