DDoS

DDoS

Updated Jan 21, 2020 at 09:25AM EST by Y F.

Added Jan 09, 2013 at 08:03PM EST by Brad.

PROTIP: Press 'i' to view the image gallery, 'v' to view the video gallery, or 'r' to view a random entry.

About

Distributed Denial of Service (DDoS) is a method of cyberattack that usually involves temporarily blocking access to a website or server by flooding the bandwidth of a targeted network. The most common methods of DDoS include exploiting unprotected server networks, sending massive requests or opening multiple connections with the server.

Origin

The first publicly available DDoS tools Trinoo and Tribe Flood Network were released in 1997 and 1998 respectively.[8] The first well-documented DDoS attack took place in August 1999, which targeted a single University of Minnesota computer and knocked the system offline for more than two days. DDoS came grabbed public's attention months later in February 2000, after a number of high profile search portals and e-commerce sites were taken offline for hours, including Yahoo!, Amazon, Buy.com, CNN, eBay, E*Trade and ZDNet. In addition, several companies reported significant losses due to the downtime, with Yahoo! losing about $500,000 and costing Amazon nearly $600,000.[7]

Spread

According to The Next Web's timeline of DDoS attacks[6], most notable attempts in the first half of the 2000s were made by individuals using botnets and software programs. In 2001, Register.com came under a severe attack using tens of thousands of DNS records from around the world that lasted for an entire week.[9] In October 2002, all 13 Domain Name System root nameservers were targeted by a DDoS attack, which lasted for approximately one hour. In 2003, eBay was taken offline by a DDoS attack involving 20,000 computers, causing damage of at least $5,000.[10]


100 T Growth in DDoS Attacks Over Time Data represents the largest DDoS attack reported each year by 120 ISPs participating in the World Wide Infrastructure Security 70 Survey. Shaded red area is estimate of maximuim Wikileaks retaliatory attack size. Complete numbers for 2010 attacks have 9 not been released yet (light orange) 50 40 E 30 E 20 Σ 10 Wikileaks attacks 2002 2003 2004 2005 2006 2007 2008 2009 2010 Over a Decade of DDoS 1996Ihe F SEPTEMBER 12 19. 1996 ISP PANIX Targeted by Sustained DDos Attack The ISP Panix is struck by a sustained DDoS attack, affecting businesses using Panix as their iSP SEPTEMBER 19, 1996 CERT Advisory CERTICC Releases an advisory on the growing phenomenon of TCP SYN floods using spoofed source IP addresses CA-96.21: TCP SYN Floods DDoS (Distributed Denial of Service) first appeared in the mid '90s as a way of focusing attack traffic on a single site Over the course of the next decade and beyond they have become mainstream events and continue to plague the Internet. 1997 1997 Early DDoS Tools Early DDos tools emerge from the underground using customer protocols to communicate. Tools such as Trinoo, Tribe Flood NEtwork, TFN2k, Shaft, and others appear, often coded by their authors Primitive DDoS networks emerge using IRC and Eggdrop 1998 JANUARY 1, 1998 la Spoofing 1999 | RFC 2267 published, which details how network administrators can defeat DDos attacks via anti-spoofing measures. This would eventually become a best current practice adopted by many networking vendors This timeline highlights key events that demonstrate how early attacks and tools have evolved and gained prominence in recent years AUGUST 5, 1998 Smurf Amplif The Smurf Amplifier Registry is launched to help discover and disable "Smurf" amplifiers, which area abused in DDoS attacks Smurf Attacks use a spoofed broadcast ICMP ping to then reflect back to a victim to create the attack traffic. By 2012 over 193,000 networks have been found and fixed. r Re 2000 FEBRUARY 7 20, 2000 Largest Bandwidth Attacks Reported (Gbps) 2001 Mafiaboy Attacks Yahoo!, Fifa.com, Amazon.com Dell, Inc., E TRADE, eBay, and CNN Mafiaboy launches sustained DDoS attacks on multiple 100 90 80 70 60 50 40 30 20 by the RCMP and U.S. FBI and found bragging about the attacks on IRC. The Montreal Youth Court sentenced him on September 12, 2001, to eight months of "open custody," one year of probation, restricted use of the 2002 9 -21, 2002 OCTOBER 1 Root DNS Server Attack Significant "Smurf" attacks strike the root DNS servers and cause re re Total traffic eventually hit 900 Mbps SEPTEMBER 2003 sive Cybersecurity Legislation Introduced in IDG News: As the U.S. Congress reconvenes this week after month-long break, legislation imposing cybersecurity requirements on private industry, including a proposal that would require public companies to report their cybersecurity efforts, may be on the way 2004 APRIL 7 - MAY 10, 2007 Estonia DDoS Attacks The former Soviet republic of Estonia is hit with sustained DDoS attacks following diplomatic tensions with Russia The issues arise after Estonia moves a statue honoring Soviet forces who served in World War Il agai 2005 JANUARY 21, 2008 of High Profile DDoS Attac Project Chanology was launched in response to the Church of Scientology trying to remove video of a infamous Tom Cruise interview from the Internet. 2006 AUGUST 1 -12, 2008 Ru Attacks on Rus ground offenses against Georgia territories by Russian forces A number of sites are hit, effectively isolating Georgia from the Internet at large r Wa 200 2008ーAik 00.31 DECEMBER 3 5, 2010 WikiLeaks-related DDoS Attac Paypal is hit with DDoS attacks coordinated by supporters of the incudingesne aks website after Paypal suspends money transfers to the site A variety of other financial sites including Visa and Mastercard are nts to the APRIL 20 - 26, 2011 Sony Data Breach Camouflaged With DDoS A DDoS attack on Sony was purportedly used to block detection of a data breach that lead to the exfiltration of millions of customer records for PSN users. JUNE 9, 2011 CIA Director: The Next Pearl Harbor Could Be Speaking to the Senate Armed Services Committee, Harbor that we confront could very well be a cyberattack 2010 etta said that "the next Pearl that cripples America's electrical grid and its security 2011 MARCH canadian Polntcal arty 24, 2012 DDoS Attack Impacts Canadian Political Party Elections Canada's New Democrat Party sees its leadership election impacted by DDos attack that delayed voting and reduced turnout. ARBOR 1 APRIL 16, 2012 U.S. and U.K. Government Sites Knocked Down by Anonymous Anonymous targets included the U.S. Department of Justice, CIA and two MI6 sites Source: Arbor Networks, Inc.

Beginning in the mid-2000s, DDoS tools became widely adopted by hackers, activists and even criminals for personal gains, leading to the creation of cyberattack task forces in law enforcement agences.

Cyberattacks on Estonia

In 2007, several government websites of Estonia were brought down by DDoS attacks originating from Russia, which further added to the diplomatic tension between the two countries building up at the time. The following year, Russian hackers and criminal were once again linked to similar attacks against websites of Georgian, Azerbaijani and Russian governments in the news.

Iranian Green Movement

In 2009, a crowdsourced, PHP-scripted DDoS attack took down several pro-Ahmadinejad websites during the protests of 2009 Iranian election, demonstrating its potential use in political activism.[6]

Operation Payback

Operation Payback is a series of DDoS attacks organized by members of Anonymous against a number of major entertainment websites including Recording Industry Association of America and the Motion Picture Association of America. The attacks began September 19th, 2010 and continued unabated for over a month.

Operation Avenge Assange

Operation Avenge Assange is a series of DDos assaults led by Anonymous against Paypal, Visa and MasterCard’s websites in denouncing their decision to suspend all transactions with WikiLeaks following the 2010 U.S. diplomatic cable leak. Some of the other targeted sites included Amazon, Swiss Postal Finance as well as a number of U.S. government websites and various cybersecurity contractor firms.

Lulzsec Campaign

Lulzsec (Lulz Security) is a hacking collective that carried out a series of DDoS and other hacking attacks against commercial and government websites between May and June 2011. Some of the most notable targets included Sony Pictures’ internal database, Central Intelligence Agency website and Federal Bureau of Investigation's contractor InfraGard.

Operation Antisec

Operation Antisec is an international hacktivist campaign launched by a coalition of Anonymous hackers including former members of Lulzsec. The operation officially began on June 20th, 2011 with DDoS attacks against UK’s Serious Organized Crime Agency (SOCA) and persisted for months targeting high-profile websites in private business, government and even military sectors.

Operation Israel

Operation Israel (also known as #OpIsrael) is an Anonymous hacktivist campaign launched in November 2012 to protest the Israeli Defense Forces’ Operation Pillar of Defense. On November 16th, 2012, as many as seven hundreds Israeli websites reportedly experienced temporary shutdowns and defacements on the homepage, including the Bank of Jerusalem, the Israeli Defense Ministry and the President’s official website.

Cyberbunker vs. SpamHaus

In March 2013, the Dutch web hosting company CyberBunker was added to the anti-spam blacklist maintained by The Spamhaus Project on the grounds that the company was hosting spammers. As early as on March 19th, the Domain Name System (DNS) servers of Spamhaus were targeted by a distributed denial of service (DDoS) attack at an unprecedented scale of 300 gigabits per second, which lasted for over a week. According to cyber-security expert Patrick Gilmore[13], its scale was reportedly sufficient to slow down the Internet around the world and temporarily interrupt streaming services like Netflix, making it the "largest publicly announced DDoS attack in the history of the Internet.”


6 100 G U 80 G t 60 G a 40G 20G 04:00 06:00 08:00 10: 00 12:00 14:00 16:00 18:00 20:00 22:00 00: 00 02:00 Inbound Current 53.01 G Average 46.82 G Maximum: 118.52G Outbound Current 49. 63 G Average 57.51 G Maximum 80.33 G MARCH 27, 2013 09:50:03A Displaed are carsent b deluered by mojor geographi region, as percentoges of globo netuork froffio Highest m regions are colled out belou byfe % ABOVE NORMAL

In a BBC interview article[11] published on March 27th, Spamhaus' chief executive Steve Linford stated that its servers were able to withstand the DDoS attempts and that Cyberbunker, in collaboration with criminal gangs from Eastern Europe and Russia, was responsible for the attacks. The article also reported that the incident is being investigated by at least five different national cyber-police agencies around the world, though Cyberbunker has yet to make any official statements regarding the accusations. That same day, New York Times[12] also reported on the ongoing cyberwar, which included a quote from Sven Olaf Kamphuis, an Internet activist who claims to be a spokesman for the attackers, stating that Cyberbunker was retaliating against Spamhaus for "abusing their influence."

2016 Dyn Attack

On the morning of October 21st, the Dyn DNS Company reported a global DDoS attack against their infrastructure.[22] As a result of the attack, several websites and services across the East Coast United States experienced outages, including Twitter, Spotify, Tumblr and Reddit. That day, Redditor hyperperforator submitted a post about the attack to /r/technology,[23] where Redditor raffraffraff replied with a series of graphs depicting the reported outages (shown below).



Meanwhile, the computer security blog KrebsonSecurity published an article noting that the size of these DDoS attacks had increased due to the widespread hijacking of poorly secured Internet of Things devices.[24] Meanwhile, the internet outage site DownDetector published a live-update map of the outages (shown below).



Tools

In 2008, the Low Orbit Ion Cannon (LOIC) DDoS software gained notoriety online when it was used by members of Anonymous to take down Scientology websites as part of Project Chanology.


Low Orbit Ion Cannon | U dun goofed I v. 1.1.1.25 IRC server Port 6667 Channel #loc . RC Mode (HMelind) Disconmecled. Manual Mode (Do it yourself) 1 . Select your target Low Orbit Ion Cannon _ 3. Ready? URL Lock on MMACHARGIN MAH LAZER IP Lock on Selected target NONE! 2. Attack options TCP/UDP message U dun goofed HTTP Subsite fasterSpeed slower> Wait for reply TCP 80 10 9001 Append random chars to the subsite / message Method Port Threads TimeoutUse Gzp (HTTP) Attack status idle Connecting Reguesting Downloading Dovwenloaded Reapested Fallad gthub.com/NewEraCracker/LOiC

On July 26th, 2010, the UDP flood attack tool UDP Unicorn was released on Sourceforge.[20] On October 29th, 2013, the information security website Infosec[21] published an article listing several different DDoS attack tools.

Lizard Stresser

On December 30th, 2014, the hacking group Lizard Squad announced[15] the released of their Lizard Stresser[14] tool, which allows users to pay a fee to have Lizard Squad DDoS an IP address. The website allows for the purchase of a range of services, including a 100-second attack for $5.99, an 8.5-hour-long attack for $129.99 and a 5-year package for $129.99.


Lizard Squad December 30, 2014 at 9:28am- Currently only accepting bitcoin, paypal is coming soon: http://lizardstresser.su Lizard Stresser Lizard Stresser is the best stresser and top booter on the market today, with a host of features and tools how could you go wrong! LIZARDSTRESSER SU Like Comment - Share 44 32 1

On January 7th, the website 8chan was taken down in what was reported as a DDoS attack.[17] On January 8th, Lizard Squad took responsibility for the DDoS, claiming it was purchased using the Lizard Stresser tool.[18] On January 9th, the security news blog Krebs on Security[19] published an article about the attacks, speculating that the packets were being sent by a botnet made of home routers that had been infected with malware.

Search Interest

External References

Recent Videos 3 total

Recent Images 11 total


Top Comments


+ Add a Comment

Comments (141)


Display Comments

Add a Comment


Yo! You must login or signup first!