DDoS Attacks

There is a flaw in the way a process works, an exploit takes advantage of this,

Distributed Denial-of-Service (DDoS)

• Same goal as DoS Attacks
• Resource Exhaustion
  • Use a Botnet, a network of devices that can be leverage to attack other systems
• Disabled Organization
• Usage Botnets
  • Tons and tons of compromised devices requiring resources to overwhelm one system and take it offline

Joining a Botnet

Pirated Warez

• VMware Keygen.exe
  • Whoever writes that key.gen has to be smart enough to reverse engineer the key
  • In relativity you got your key, it did something evil to your system, maybe downloaded an agent for joining the botnet.

Botnet Commend and Control

• Once an agent is installed it needs to listed for commands
• HTTP request
• DNS
  • You should be looking at your DNS
• IM (Instant Messenger)
  • Malicious software talking to the hacker
• ICMP
  • Use for ping, but when we do that ping, we are sending data, we can actually put anything on it.
• IRC / Facebook / Twitter DM etc.

Components to botnet Architecture

• Botmaster
  • The one actually responsible for the botnet
  • A technical person/hacker
• TOR/VPN
  • The Onion Router, gives you some privacy for where the sources of communications are coming from
• Zombies
  • Zombie has to talk to the Botmaster
  • The Botmaster logs in through TOR, it comes out through a TOR Exit node and get to IRC.
  • All communications came from a TOR exit node, not actually from where it originated
• C2 channel
• DDoS attack method
• Target

DDoS Botnet Example

• June 2020
• Akamai
• Volume 1.44 Tbps
  • Tb per second!
• Packets 312 million packets per second
• Duration 2 hours
• 9 simultaneous vectors ACK Flood, CLDAP Reflection, NTP Flood, RESET Flood, SSDP Flood, SYN Flood, TCP Anomaly, UDP Flood, UDP Fragment