Biggest Distributed denial of service (DDoS) attack
A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resources. the flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems.
DDoS attacks have been carried out by diverse threat actors, ranging from individual criminal hackers to organized crime rings and government agencies. In certain situations, often ones related to poor coding, missing patches or generally unstable systems, even legitimate requests to target system can result in DDoS - like results.
A few bytes of the request sent to the vulnerable server trigger tens of thousnds of time bigger response against the targeted IP address.
Though amplification attacks are not new, this attack vector evolves thousands of misconfigured Memcached servers, many of which are still exposed on the Internet and could be exploited to launch potentially more massive attacks soon against other targets.
To prevent Memcached servers from being abused as reflectors, administrators should consider firewalling, blocking or rate-limiting UDP on source port 11211 or completely disable UDP support if not in use.
DDoS attacks have been carried out by diverse threat actors, ranging from individual criminal hackers to organized crime rings and government agencies. In certain situations, often ones related to poor coding, missing patches or generally unstable systems, even legitimate requests to target system can result in DDoS - like results.
How DDoS attacks work
In a typical DDoS attack, the assailant begins by exploiting a vulnerability. in one computer system and making it the DDoS master. The attack master system identifies other vulnerable system and gains control over them by either infecting the system with malware or through bypassing the authenticaton control (i.e guessing the default password on a widely used system or device).
A computer or networked device under the control of an intruder is known as a ZOMBIE, or BOT. The attacker creates what is called a command-and-control server to command the network of bots, also called a botnet. The person in control of a botnet is sometime referred to as the botmaster (that tern has also historically been used to refer to the first system "recruited" into a botnet because it is used to control the spread and activity of other system in the botnet).
A computer or networked device under the control of an intruder is known as a ZOMBIE, or BOT. The attacker creates what is called a command-and-control server to command the network of bots, also called a botnet. The person in control of a botnet is sometime referred to as the botmaster (that tern has also historically been used to refer to the first system "recruited" into a botnet because it is used to control the spread and activity of other system in the botnet).
Types of DDoS attacks
There are three types of DDoS attacks.
Network-centric or volumetric attack overload a targeted resource by consuming availabe bandwidth with packet floods. Protocal attacks target network layer or transport layer protocol using flaws in the protocol to overwhelm targeted resources. And Application layer attacks overload application services or databases with a high volume of application calls.
Biggest-Ever DDoS Attack(1.35 Tbs) :
On Wednesday, February 28,2018, GitHub's code hosting website hit with the largest-ever distributed denial of service(DDoS) attack that peaked at record 1.35 Tbps.
Interestingly, attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack.
Earlier that week we published a report detailing hoe attackers could abuse Memcached, popular open source and easily deployable distributed caching system, To launch over 51,000 times powerful DDoS attack than its original strength.
Dubbed Memcrashed, the amplification DDoS attack works by sending a forged request to the targeted Memcrashed server on port 11211 using a spoofed IP address that matches the victim's IP
Interestingly, attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack.
Earlier that week we published a report detailing hoe attackers could abuse Memcached, popular open source and easily deployable distributed caching system, To launch over 51,000 times powerful DDoS attack than its original strength.
Dubbed Memcrashed, the amplification DDoS attack works by sending a forged request to the targeted Memcrashed server on port 11211 using a spoofed IP address that matches the victim's IP
A few bytes of the request sent to the vulnerable server trigger tens of thousnds of time bigger response against the targeted IP address.
"This attack was the largest attack seeen to date by Akamai, more than twice the size of the September 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed," said Akamai, a cloud computing company that helped GitHub to survive the attack.
In a post on this engineering blog, GitHub said," The attack originated from over a thousanad different autonomous systems (ASNs) across tends of thousand of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packet per second."
Expect More Record-Breaking DDoS Attacks
Though amplification attacks are not new, this attack vector evolves thousands of misconfigured Memcached servers, many of which are still exposed on the Internet and could be exploited to launch potentially more massive attacks soon against other targets.
To prevent Memcached servers from being abused as reflectors, administrators should consider firewalling, blocking or rate-limiting UDP on source port 11211 or completely disable UDP support if not in use.
Comments
Post a Comment