DrDOS using normal servers, and response plan

in #security7 years ago

Using agent in normal servers, DrDOS

targeting operational venerability on TCP protocol and routing table, it uses normal server as agent that makes detection very difficult.

  • Increase PPS and BPS
  • victimize DNS, NTP, SNMP and CHARGEN server

using venerability of TCP(3way-hand shaking)  , BGP, reflection server (numbers of router and service).

  • DNS: when DNS inquiry (ANY, TXT), it request huge information record.
  • NTP: Request NTP server list(monlist).
  • SNMP: Request SNMP Agent for huge MIB information.
  • CHARGEN: Request big numbers of strings

Hacker perform spoofing / changing Source IP to Victim IP)

Response Plan

  • Use Staged Egress Filter.
  • Apply Port based ACL
  • Detect unexpected increase of PPS and BPS.
  • Pretend as Hacker, and plan.
  • Protection of Server, client, reflection server.
  • Control by IPS.

DrDOS effect huge loss of company reputation, planning is important before it impacts too big!


Dan K





#drdos #dos #hacking #system
7 years ago in #security by
$0.00
    Reply 0

    Coin Marketplace

    STEEM 0.14
    TRX 0.22
    JST 0.031
    BTC 80409.72
    ETH 2123.70
    USDT 1.00
    SBD 0.64