Anti-DDoS Services abuse to DDoS at 1.5 Billion Requests per Minute

Till Now the Internet was encountering the traditional Distributed Denial of Service (DDoS) attacks, where a large number of compromised systems use to flood servers with tremendous amount of bandwidth; but in past few months we have noticed massive change in the techniques of DDoS attack. Hackers are using creative, but evil DDoS techniques such as NTP and DNS Amplification DDoS attacks. Last month we have seen that how cybercriminals abused a vulnerability in one of the biggest Chinese video hosting website Sohu.com to convert their millions of visitors to participate into the Layer 7 (Application Layer) DDoS attack with 20 Million requests. According to the new report released by a US based security solutions provider Incapsula, another interesting DDoS attack activities have been noticed by the researchers in which an attacker abused two major anti-DDoS Service providers to perform massive DDoS attack on other websites. Its really EPIC that the services who should protect websites from DDoS attack, itself compromised to perform DDoS on other web services. The researchers at the security firm noticed a surge of massive DNS DDoS attack on one of its client, peaking at approximately 25Mpps (Million packets per second).  “With multiple reports coming from different directions, and with several large scale attacks on our own infrastructure, we are now convinced that what we are seeing here is an evolving new trend - one that can endanger even the most hardened network infrastructures,” reads the report. This time, hacker used the DNS DDoS attack, which is totally different and more responsive from the previously most commonly used DNS amplification attack by the hackers, both in their methods of execution and in the type of trouble they aim to deliver. DNS amplification attack is an asymmetrical DDoS attack in which the attacker set the source address to that of the targeted victim by using spoofed Internet Protocol (IP) of the target, which means the target receives the replies from all the DNS servers that are used, making it the recipient of much larger DNS responses. “With these attacks the offender’s goal is to achieve network saturation by continuously exhausting the target’s bandwidth capacity,” Incapsula wrote. But its totally different in the case of DNS DDoS attack as DNS floods are symmetrical DDoS attacks in which the attacker tries to exhaust the server-side assets (for e.g., memory or CPU) with the large number of UDP requests generated by the malicious scripts running on several compromised botnet machines. The packets sends per seconds are even larger in this case compare to DNS amplification attack. “With DNS amplification, the effectiveness of an attacker’s own resources is increased by anywhere from 300% to 1000%, which means that large attacks could be initiated by relatively small botnets", says the report. “On the other hand, with DNS floods there is no multiplier to speak of at all. This means that, in order to generate a DNS flood at the rate of 25Mpps, the offender needs access to an equally powerful botnet infrastructure.” Full Article