Home / Blog / Web-based DNS amplification DDoS attack

Web-based DNS amplification DDoS attack

The idea of controlling multiple, high-bandwidth servers for launching DDoS attacks (versus controlling hundreds of thousands of less powerful malware-infected hosts) has always tempted cybercriminals. A recent high-profile example of this futuristic attack vector is Qassam Cyber Fighters, and their attacks against major U.S. financial institutions. A command and control PHP script in its early stages of development—one capable of integrating multiple (compromised) servers for the purpose of launching distributed denial of service attacks (DDoS) while taking advantage of their bandwidth—has been available for purchase for $800.

Takeaway: Techniques using such attacks cannot be easily thwarted; an enterprise must not only deploy multilayered security, but also have robust support from their ISP for fast notification to the ISP with infected DNS servers. Currently, the PHP script supports four types of DDoS attack tactics, namely DNS amplification, spoofed SYN, spoofed UDP, and HTTP+proxy support. The script also acts as a centralized command and control management interface for all the servers where it has been (secretly) installed.

Stephen Coty
About the Author
Stephen Coty

Stephen Coty originally joined Alert Logic as the head of the Threat Research team, where he led the effort to build threat content and deliver threat intelligence. He later became the Chief Security Evangelist for the company. Prior to joining Alert Logic, Coty was the Manager of Cyber Security for Rackspace Hosting, and has held IT positions at multiple companies, including Wells Fargo Bank, Applied Materials, Stanford Medical Center and The Netigy Corporation. He has been in the Information Technology field since 1993. Research has been his primary focus since 2007.

Related Post

Ready to protect your company with Alert Logic MDR?