DDoS Attacks & Countermeasures Duong Ngoc Thai <thaidn AT gmail DOT com> http://vnhacker.blogspot.com
DDoS Attacks & Countermeasures
Duong Ngoc Thai<thaidn AT gmail DOT com>
http://vnhacker.blogspot.com
Hello!
OverviewOverview
DDoS Attacks What's new?
DDoS Countermeasures What NOT to do? What to do?
Q & A
Part IPart I
DDoS Attacks – What's new? Botnet Attacks
DRDoS Distributed Reflected DNS Attacks
xFlash Attacks HTTP-based applications Welcome to the brave new world of Flash 9 Socket
What is botnet?
DDoS Attacks through Botnet Traditional DDoS Attacks
DRDoS
DDoS Attacks through Botnet Distributed Reflected DNS Attacks
Okay, botnet is scary.
But wait, there's no botnet in VN,YET!
Bad news: building a botnet is easy!
bot source code is available for free! some even released under GPL!
Bad news: building a botnet is easy!
Gái đẹp online đây bà con ơi!!!! Remember
gaixinh or xRobot?
Bad news: building a botnet is easy!I don't want to pay for software! ever wonder what those keygen.exe or crack.exe
actually do? no license --> no update --> hack me please!
(hint: use Linux)
Bad news: building a botnet is easy!
can't build yourself? buy one online!
Vietnam Botnet Factbook
What's xFlash?
ActionScript in Flash can send HTTP requests to 3rd party sites through the browser which
invoked it.
What's xFlash?
The main DDoS attack mechanism used to attack many websites in VN: hvaonline.net, vietco.com, ddth.com, <insert your sites here>, etc...
xFlash to attack HTTP-based applications
<insert x-flash source code here>
xFlash to attack HTTP-based applications
forging HTTP request headersvar req:LoadVars=new LoadVars();
req.addRequestHeader("Foo","Bar");
req.send("http://www.site.com/index.php","_blank","GET");
xFlash to attack HTTP-based applications
forging HTTP request headersvar req:LoadVars=new LoadVars();
req.addRequestHeader("Foo","Bar");
req.decode("a=b&c=d");
req.send("http://www.site.com/index.php","_blank","POST");
Welcome to The Brave New World of Flash 9 Socket
Quote from Flash 9 documentation “The Socket class enables ActionScript code to make socket connections and
to read and write raw binary data. The Socket class is useful for working with servers that use binary protocols.”
Welcome to The Brave New World of Flash 9 Socket
Quote from Flash 9 documentation “The Socket class enables ActionScript code to make socket connections and
to read and write raw binary data. The Socket class is useful for working with servers that use binary protocols.”
Let's port nmap to ActionScript!
Welcome to The Brave New World of Flash 9 Socket
Quote from Flash 9 documentation “The Socket class enables ActionScript code to make socket connections and
to read and write raw binary data. The Socket class is useful for working with servers that use binary protocols.”
Let's port nmap to ActionScript!
Err wait, how about same origin policy?
Part IIPart II
DDoS Countermeasures DON'T
.htaccess referer checking PHP anti-DDoS script
DOs performance tuning - killing the bottlenecks
start small, think big defense in depth
First thing first:
SHOW ME THE MONEY
Security is always a trade-off
The Art Of Performance Tuning
What is performance?
The Art Of Performance Tuning
What is performance?
rps = requests per second
cu = concurrent users
Howto Find The Bottlenecks
code profiling – xdebugsystem profiling – oprofiledatabase query profiling
Caching's Your Good Friend, Always
opcode caching – APC, Zend Platformobject caching – memcachedhttp request caching - squid
Start Small Think BIG what is scalability?
Start Small Think BIG what is scalability?
readily enlarged what is scalable system?
able to accommodate increased usageable to accommodate an increased dataset
maintainable
Hello, world! Is Very Scalable
<?php
sleep(1);echo “Hello, world!”;
?>
Verizontal vs Horizontal Scaling
Share Nothing Architecture
Scaling The Database With SNA
Scaling The Storage
Amazon S3 anybody?
Wikipedia: a scalable system
The Blueprint of Defense In Depth
The case for the reverse proxy
Recommend ReadingRecommend Reading
Building scalable web sites
Kí sự các vụ DDoS vào HVAOnline.net
DDoS Attacks & Countermeasures
Thank you!
Questions/Comments?
Duong Ngoc Thai