How hard is it to launch a distributed denial-of-service (DDoS) attack?
Ethical Hactivist Dos Attacks
Sam Bowne Instructor, City College San Francisco
Denial-of-service (DoS) attacks are very common. They are used for extortion, political protest, revenge,
or
just LULz. Most of them use old, inefficient methods like UDP Floods, which require thousands of attackers
to bring down a Web server. The newer Layer 7 attacks like Slowloris and Rudy are more powerful, and can
stop a Web server from a single attacker with incomplete Http requests. The newest and most powerful
attack
uses IPv6 multicasts, and can bring down all the Windows machines on an entire network from a single
attacker.
I will explain and demonstrate these tools: Low Orbit Ion Cannon, OWASP Http DoS Tool, and flood_router6
from the thc-ipv6 attack suite. This deadly IPv6 Router Advertisement Flood attack is a zero-day
attack--Microsoft has known about it since June 2010 but has not patched it yet (as of May 4, 2011).
The Jester: Boondock Saint @th3j35t3r
Hacktivist for good. Obstructing lines of communication for terrorists, sympathizers, fixers,
facilitators.
No botnets here. I'll do my own dirty.
Behind you. · http://th3j35t3r.wordpress.com
Low orbit ion cannon (LOIC) DDoS attack tool provided by
annonymous will not obscure your IP address from the sites you attack. LOIC is just one of many DDoS tools
now available for online use, downloading, or renting.
DDoS tools includes "single user flooding tools, small host booters, shell booters, remote access
Trojans (RATs) with
flooding capabilities, simple DDoS bots, complex DDoS bots, and some commercial DDoS services.Many types
of
threats can be blended into any given tool in order to make the tool more attractive and financially
lucrative"--as in, profitable for whoever's renting out the DDoS capabilities.
Download Encrypted VPN Virtual Private Network
Distributed Denial of Service (DDoS) attack
Software that can help Web sites neutralize Denial of Service attacks
"Details of the tools, techniques and procedures used by the hackers behind the RSA security breach have been revealed in a research paper (PDF) published by Australian IT security company Command Five. The paper also, for the first time, explains links between the RSA hack and other major targeted attacks. This paper is a vendor-neutral must-read for any network defenders concerned by the hype surrounding 'Advanced Persistent Threats.'"