- Jan 24, 2011
- 9,378
In early December, researchers from security firm Radware were dispatched to repel attacks against a company being targeted by the Anonymous hacking collective and could only be described as fierce and potentially devastating.
With junk traffic hitting peaks of 14 Gbps and coming from botnets, Unix machines with massive amounts of bandwidth, and volunteers using a custom-designed denial-of-service weapon, Yuri Gushin and Alex Behar had their work cut out. Rather than responding with a defense in kind, they adopted a technique straight out of a text from Aikido, the martial art that blunts attacks by redirecting an opponent’s energy, rather than opposing it head on.
“We basically turned the tables here,” said Behar, who spoke at this week's Black Hat security conference.“These kinds of techniques don't necessarily require a lot of bandwidth.” That allowed the target they were defending to repel the attackers without locking out legitimate visitors to the site.
Among the weapons in their arsenal was Roboo, a low-footprint tool the researchers released this week as an open-source tool for warding off DoS attacks and similar kinds of automated assaults. The challenge-and-response software sits in front of a webserver and requires remote machines that want to connect to first respond to simple queries sent in HTTP, HTML, JavaScript, and Adobe Flash
More details - link
With junk traffic hitting peaks of 14 Gbps and coming from botnets, Unix machines with massive amounts of bandwidth, and volunteers using a custom-designed denial-of-service weapon, Yuri Gushin and Alex Behar had their work cut out. Rather than responding with a defense in kind, they adopted a technique straight out of a text from Aikido, the martial art that blunts attacks by redirecting an opponent’s energy, rather than opposing it head on.
“We basically turned the tables here,” said Behar, who spoke at this week's Black Hat security conference.“These kinds of techniques don't necessarily require a lot of bandwidth.” That allowed the target they were defending to repel the attackers without locking out legitimate visitors to the site.
Among the weapons in their arsenal was Roboo, a low-footprint tool the researchers released this week as an open-source tool for warding off DoS attacks and similar kinds of automated assaults. The challenge-and-response software sits in front of a webserver and requires remote machines that want to connect to first respond to simple queries sent in HTTP, HTML, JavaScript, and Adobe Flash
More details - link
