Feeds

Anonymous DoS attacks thwarted with Aikido hip throw

War stories from 'Operation Avenge Assange'

The Power of One eBook: Top reasons to choose HP BladeSystem

In early December, researchers from security firm Radware were dispatched to repel attacks against a company being targeted by the Anonymous hacking collective and could only be described as fierce and potentially devastating.

With junk traffic hitting peaks of 14 Gbps and coming from botnets, Unix machines with massive amounts of bandwidth, and volunteers using a custom-designed denial-of-service weapon, Yuri Gushin and Alex Behar had their work cut out. Rather than responding with a defense in kind, they adopted a technique straight out of a text from Aikido, the martial art that blunts attacks by redirecting an opponent’s energy, rather than opposing it head on.

“We basically turned the tables here,” Behar, who spoke at this week's Black Hat security conference in Barcelona, told The Reg by Skype. “These kinds of techniques don't necessarily require a lot of bandwidth.” That allowed the target they were defending to repel the attackers without locking out legitimate visitors to the site.

Among the weapons in their arsenal was Roboo, a low-footprint tool the researchers released this week as an open-source tool for warding off DoS attacks and similar kinds of automated assaults. The challenge-and-response software sits in front of a webserver and requires remote machines that want to connect to first respond to simple queries sent in HTTP, HTML, JavaScript, and Adobe Flash.

Because it's technically inefficient for most attack tools to be fluent in those web languages, the DoS packets never reach their targets, even as legitimate users experience few if any perceptible delays. Roboo can also be used to weed out other types of bots, such as those that automatically register accounts or leave comment spam on websites, making it a possible substitute for Captchas, the puzzles designed to verify a real human is behind a web request that real humans often love to hate.

The Radware security specialists, who are regularly called on to defend e-commece companies and gambling sites against DoS attacks, also employed another technique that proved effective against the Anonymous attacks. It's called session disruption, and it works by dropping a single packet sent from a DoS agent shortly after an internet session has begun.

Internet protocols require both sides to reduce the amount of traffic being sent when packet loss is experienced. This “congestion time out mode” caused major problems for users of the Low Orbit Ion Cannon, the open-source tool Anonymous volunteers use to direct torrents of traffic at sites they disapprove of. LOIC responded to the slow-down by opening an increasing number of connections to the targeted site. Eventually, so many sockets were established that memory allocations were exhausted and the program crashed.

“It was very frustrating for them,” said Behar, who was monitoring internet relay chats where the attackers were congregating during the attacks. “They were really pissed off.”

To prevent session disruption from affecting legitimate connections, the researchers dropped a special form of packet that was unique to LOIC.

Gushin and Behar employed other defenses including one called tarpit that shrinks the amount of data a computer can send to a website to zero before an acknowledgement is required.

“The idea is to suffocate the attacker, to exhaust all its resources,” Gushin said.

The attacks, which Anonymous called "Operation Avenge Assange," came in retaliation to Visa, MasterCard, PayPal and other companies after they disrupted fundraising efforts by WikiLeaks by cutting off payment processing services to the whistle-blower website. The attacks involved floods of syn packets, Slowloris assaults, and at one point the use of hijacked Unix machines from a US state board of education, which delivered 8 million packets per second to the intended target. (The Reg agreed not to name the state or the target the researchers were defending.)

“The sophistication came from the fact that there was such a diversity of attacks,” Behar said. “It was very hard to figure out how to provide proper uptime.” ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.