[BreachExchange] DDoS Attack Unleashed – 500 Million packets-per-second

Destry Winant destry at riskbasedsecurity.com
Mon Feb 4 07:24:03 EST 2019


https://gbhackers.com/ddos-500-million-packets/

DDoS attacks are launched aiming to exhaust the resources of network,
application or service so that the legitimate users unable to access
the resource.

Imperva mitigated a high-intensity DDoS attack for one of their
customers which crossed 500 million packets per second (Mpps) mark
which 4 times higher than the DDo attack on Github happened last year.
The Attack against Github peaked at 1.35Tbps via 126.9 million packets
per second.

It’s not the amount of bandwidth that matters – “it’s the absolute
number of packets directed at a network or web site. Packets per
second are the true measure of the attack intensity,” reads Imperva
report.

The targeted large syn flood attack originated from random source
ports and IP address, the packers are highly randomized and spoofed.

Imperva confirms the attackers not used any special tools and used to
common older ones, one tool for the syn attack and another one for a
larger syn attack.

Both the mimic the packets coming from a legitimate operating system
and both the tools having certain differences.

“One tool randomizes various parameters but accidentally malforms the
packet. The other tool uses a legitimate, almost identical packet, for
the entire attack.”

Nowadays, the process of organizing the attack is not complicated.
There is no reason for writing special software for that when
everything can be found online. A big percent of such software is sold
on the darknet and has clear and simple instructions of use for its
owners.

Services like webstresser[.]org allows anyone to launch DDoS attacks,
DDoS-for-hire Service webstresser[.]org was seized by authorities on
April 26, 2018, it is considered as one of the biggest marketplace for
the DDOS and it has over 136,000 registered users and they conducted 4
million attacks.

As the services have been taken down, now the authorities tracking
down the users enrolled for the DDoS-for-hire service. The users of
DDoS-for-hire Services services are high risk.


More information about the BreachExchange mailing list