Presented at ToorCon San Diego 13 (2011)
Oct. 9, 2011, 4 p.m.
Lately, hackers know as "Anonymous Group" are reacting to decisions and actions of companies and governments compromising availability of their web sites with DDoS attacks. With the rise of DDoS attacks on popular sites like sony, weakleeks, visa and others, CISO's have been worried with this no new, but asleep threat. The Anonymous group are using LOIC (Low Orbit Ion Cannon) to attack their targets. LOIC uses HTTP DoS technique to exhaust server resources of these targets.
Recently, many security measures like modsecurity were adopted trying to mitigate attacks like that. This presentation will show a new security tool called "Nirvana HTTP DDoS/DoS" to demonstrate that these security actions are still ineffective. Nirvana creates complex attacks for different HTTP Servers and bypass these security defenses. It works minimizing the ability of security mechanisms to mitigate attacks and using low consumption of computer and network resources.
"Nirvana HTTP DDoS/DoS" simulates legitimate users with polite requests, creating random user-agents, random low-bandwidth network traffic, and random URLs, and uses multiples proxy servers simultaneously. The tool aims to demonstrate how coordinate offensive HTTP DDoS attacks can be indefensible and how it can be used as a Framework for HTTP DDoS attacks.
Furthermore, we show a comparative analysis of the tools: slowloris, r-u-dead-yet, LOIC, and Nirvana. Beyond the presentation of the tool and the concepts, we propose some actions to reduce undesirable effects of these attacks. All talk is about HTTP protocols and Servers environment and the attendees have to know about that.
Emanuel Rodrigues has performing network and application security assessments, including network penetration testing, blackbox application testing, and code reviews. His security expertise also includes provide guidance in an enterprise security architect role, and building security into organizations existing software development. Emanuel Rodrigues currently works in Roraima State Government of Brazil and is EC-Council Official Instructor at Latin America. Emanuel Rodrigues currently holds the following certifications: CEH, Security+, LPIC-304