dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3
share rss forum feed


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

1 recommendation

reply to Link Logger

Re: In Cyberattacks on Banks, Evidence of a New Weapon

said by Link Logger:

Not even close to being a state-sponsored attack, just a run of the mill DDOS attack by hacker group with an agenda, not like there aren't a ton of those about.

Blake

A group claiming Middle Eastern ties, the Izz ad-Din al-Qassam Cyber Fighters, took credit for the attacks online. They claimed to have taken the Web sites down using basic online applications. But security researchers said those methods were far too amateur to have been effective.

Indeed, representatives for PNC, U.S. Bank and Wells Fargo all said that while they had systems in place to fend off such “denial of service, or DDoS attacks
in which hackers bombard a site with traffic until it falls offline;....


Apparently, the banks say they could defend against simple DDoS attack, but this was something more. That's what I get out of it anyway.
--
The Alien in the White House

19,694 DEADLY TERROR ATTACKS SINCE 9/11


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3

The deal is more bots, and more bots with fatter pipes equals better DDOS attack, so the first issue here isn't that they attacked and dropped banks, the first issue is this bot crew was able to comprise and add to their bot army sites with bigger pipes which tends to indicate their initial attacks have gotten better as they are owning more commercial/active sites sites. Toss in some aspects around smarter proxy usage and bingo better and more difficult to stop DDOS attacks.

Years ago you would dream of owning a University because they had nice fat juicy pipes, but now just about every Tom, Dick and Jane has a ample pipe connecting them from home such that even if nothing else changed (ie number of systems involved etc), DDOS attacks will only ever get bigger.

I would be very entertaining to track back the systems involved in the attack and see how many are in China for example (only implying that systems are easier to own in China then elsewhere and not that that this is a Chinese state sponsored attacks).

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool



KodiacZiller
Premium
join:2008-09-04
73368
kudos:2

said by Link Logger:

The deal is more bots, and more bots with fatter pipes equals better DDOS attack, so the first issue here isn't that they attacked and dropped banks, the first issue is this bot crew was able to comprise and add to their bot army sites with bigger pipes which tends to indicate their initial attacks have gotten better as they are owning more commercial/active sites sites. Toss in some aspects around smarter proxy usage and bingo better and more difficult to stop DDOS attacks.

Yeah, since many of these higher end servers are running Linux or another Unix variant, sometimes the admins get complacent with security. The truth is, you don't need root access to utilize the box for a DDOS. All you need to do is compromise the server software (Apache) or some other unprivileged process. From there you just put your bot code in userspace and you're good to go.

This is why I think MAC systems should be mandatory on a server, especially a high value server. If you are a Linux server admin and aren't running SELinux or AppArmor you're stupid. These days it is not about getting root, thus you have to secure userspace too.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999