Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Complex DDoS Threat Signatures Overcome Mitigation Methods

Prolexic Technologies : 02 October, 2012  (Technical Article)
A new wave of Distributed Denial of Service attacks demonstrate increased sophistication and size of threats which are designed to overcome existing mitigation technology
Complex DDoS Threat Signatures Overcome Mitigation Methods

Prolexic Technologies has warned of an escalating threat from unusually large and highly sophisticated DDoS attacks.

The DDoS attacks have been launched in the last week using the so-called itsoknoproblembro DDoS toolkit. The malicious actor(s) behind the attacks have used this potent tool in conjunction with sophisticated attack methods that clearly demonstrate knowledge of common DDoS mitigation methods. The attack signatures are extremely complex and Prolexic has recorded sustained floods peaking at 70 Gbps and more than 30 million pps against some of its customers. Most mitigation providers would struggle to combat DDoS attacks with these characteristics.

“What we are experiencing is a dramatic uptick in the size and sophistication of DDoS attacks to a level not previously observed,” said Prolexic Chief Executive Officer Scott Hammack. “Only a handful of companies around the world could survive a hit of 70 Gbps in conjunction with the complex blend of attack vectors we have witnessed.”

The itsoknoproblembro toolkit includes multiple infrastructure and application-layer attack vectors, such as SYN floods, that can simultaneously attack multiple destination ports and targets, as well as ICMP, UDP and SSL encrypted attack types. A common characteristic of the attacks is a large UDP flood targeting DNS infrastructures. Uniquely, the attacking botnet contains many legitimate (non-spoofed) IP addresses, enabling the attack to bypass most anti-spoofing mechanisms.

“The size and sophistication of this threat has created a high-alert within various industries and with good reason,” said Hammack. “I’m proud to say we’ve successfully mitigated multiple itsoknoproblembro campaigns throughout the year, even when attack vectors have continuously modulated during the course of the assault.”

The Prolexic Security Engineering & Response Team (PLXsert) has been monitoring the itsoknoproblembro suite and issued an internal threat advisory to Prolexic customers earlier this month. A case study with more details about the toolkit will be included in Prolexic’s quarterly attack report, which will be published in mid-October, along with a public threat advisory that includes fingerprinted attack signatures for recommended detection and mitigation strategies.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo