On mySimon: Samsung 55" LED TV
BNET Business Network:
BNET
TechRepublic
ZDNet

April 13th, 2006

Disturbing developments in DDoS attacks

Posted by Richard Stiennon @ 7:23 am

Categories: Security blog, Spyware

Tags:

I had a chat yesterday with someone who is on the front lines in the fight against cyber-extortion. Barrett Lyon is an expert on building the infrastructure and defenses to survive Distributed Denial of Service attacks.  His story is fascinating. You can read more about it in the New Yorker.  

Traditional DDoS of course is when an attacker uses thousands of centrally controlled zombie machines Barrett raises the specter of a new generation of zombies. to direct millions of packets at a single destination.  Most web servers shrivel up and die when subjected to that much attention.  According to Barrett even the upstream infrastructure cannot withstand some of these attacks. The firewalls, routers, sometimes even the ISP go off line.  A recent new technique is for the zombies to all perform DNS look-ups causing a failure of the DNS server for the target to die, effectively taking down a site without even hitting it directly.

But in the podcast I did with Barrett yesterday he raises the specter of a new generation of zombies, Linux zombies, being used to launch attacks against targets.  He says in a recent battle he had to defend a site that was under attack from a Japanese hacker who had been hired by someone to take out their competitor, Barrett’s client.

The hacker used a common mis-configuration in PHP scripts to take over Linux machines and use them for his army of zombies.  What is scary about this is that these machines are typically web servers on broadband connections, unlike the usual collection of PCs on college campuses that are part of a bot-herd. So they are much more deadly, especially when combined into a single force.  The PHP script is easily searchable on Google so the hacker automated his harvesting activity by having each infected machine search for more machines to infect using Google results to seed the search.

Listen to the full interview with Barrett here.   I did the interview flat on my back ( just as I am writing this blog entry) because I pulled a muscle while working out yesterday so my voice is a little muffled but Barrett’s message is loud and clear.  

Richard Stiennon is an industry consultant. See his full profile and disclosure of his industry affiliations.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 171 Talkback(s)
You didnt know? linux/win/DOS
I was really surprised by the comment that ddos nets were primarily WINDOWS machines. This simply isn't true, nor has it been for as long as I can remember.

Back around 1997, there was a distr... (Read the rest)
Posted by: smithjx11 Posted on: 02/24/07 You are currently: a Guest | | Terms of Use
Oh great  Roger Ramjet | 04/13/06
This is the first step to acceptance  ejhonda | 04/13/06
Funny ....  benrob | 04/13/06
As his post pointed out...  jasonp@... | 04/13/06
Security through Complexity???  Da-Man | 04/13/06
Security through Complexity??? NOT!  Colonel Panijk | 04/14/06
The door has been opened for a while ! ####################################  SouthernPride | 04/13/06
GIVE IT A FLIPPING REST!  Shelendrea | 04/13/06
is it so much a windows vs. linux thing?  JoeMama_z | 04/13/06
Yes and No  Shelendrea | 04/13/06
If you don't care for the postings in this forum ...  ShadeTree | 04/13/06
Right back at you  Shelendrea | 04/13/06
Umm..  viking2007@... | 04/14/06
Thanks!!  viking2007@... | 04/14/06
RE: Thanks!!  richdave | 04/14/06
Oh Yes!  Loverock Davidson | 04/13/06
here's a question for you then  Shelendrea | 04/13/06
Of course  Yagotta B. Kidding | 04/13/06
Nope, wrong again ding dong...  Linux User 147560 | 04/13/06
Ding Dong  Shelendrea | 04/14/06
Only in reality  Still Lynn | 04/14/06
Thanks....  viking2007@... | 04/14/06
HOW GREAT IT IS ###### HA HA HA  SouthernPride | 04/13/06
Moron, read some of the other posts...  mdsmedia | 04/14/06
What we should be able to do is use the same ...  ShadeTree | 04/13/06
And that  Shelendrea | 04/13/06
Repeat after me: It's a PHP vulnerability...  chemist109 | 04/17/06
its a linux problem  zzz1234567890 | 04/13/06
it's a reading interpretation problem  Monkey_MCSE | 04/13/06
PHP is NOT Linux people  pescej | 04/14/06
AAAND  viking2007@... | 04/14/06
Hey..  viking2007@... | 04/14/06
Disturbing developments in DDoS attacks  Loverock Davidson | 04/13/06
AND THAT  Shelendrea | 04/13/06
No idea what you are talking about  Loverock Davidson | 04/13/06
Of course you don't  Shelendrea | 04/13/06
So your playing favorites  Loverock Davidson | 04/13/06
I'm equal opportunity  Shelendrea | 04/13/06
I love ya, Shelendrea.  Judas I. | 04/13/06
Hey!  jeanruss | 04/14/06
heh...  viking2007@... | 04/14/06
Of course we all know it would happen sooner or later  darreno1 | 04/13/06
but but but..  viking2007@... | 04/14/06
You're absolutely hilarious!  jolumoar | 04/14/06
Hey Shel!!  viking2007@... | 04/14/06
You didnt know? linux/win/DOS  smithjx11 | 02/24/07
Just the beginning  Loverock Davidson | 04/13/06
Immaturity  Shelendrea | 04/13/06
Immaturity  Loverock Davidson | 04/13/06
I see  Shelendrea | 04/13/06
Wrong on so many levels  Loverock Davidson | 04/13/06
IT Professional?  Shelendrea | 04/13/06
She's right Loverock  I'm Ye, the MS SHILL . | 04/14/06
I'm sure he's a legend....  DCMann | 04/14/06
RE: Wrong on so many levels  richdave | 04/14/06
hahahahahah  mdsmedia | 04/14/06
Hey love..  viking2007@... | 04/14/06
Immature and Mature  Kimbok@... | 04/13/06
Here Here!! Shel...  mdsmedia | 04/14/06
You are the best ,,,  I'm Ye, the MS SHILL . | 04/14/06
I see Shelandra as a modern day  Linux User 147560 | 04/14/06
Uh oh  Shelendrea | 04/14/06
What does this have to do with Linux?  K B | 04/13/06
Everything  Loverock Davidson | 04/13/06
Maybe the article is a bit off - did you ever think about that?  K B | 04/13/06
Or maybe its right on target  Loverock Davidson | 04/13/06
Or Maybee The Application Is Cross Platform  Edward Meyers | 04/13/06
Or maybe its linux being used  Loverock Davidson | 04/13/06
As Is Windows  Edward Meyers | 04/13/06
Loverock believes everything he reads...  mdsmedia | 04/14/06
hello?  viking2007@... | 04/14/06
target?  handydan918 | 04/14/06
As do Solaris servers  Yagotta B. Kidding | 04/13/06
The point has always been  viking2007@... | 04/14/06
The Mind is a terrible thing to waste..  kjgslg@... | 04/13/06
FUD  Tim Patterson | 04/13/06
ohhhh nononono  JoeMama_z | 04/13/06
It does..  viking2007@... | 04/14/06
true...  Arm A. Geddon | 04/13/06
WHERE ARE ALL THE EYES NOW ### HA HA HA HA HA HA HA HA HA  SouthernPride | 04/13/06
Hey there...  viking2007@... | 04/14/06
It could be hay there ...  Still Lynn | 04/14/06
RE: Hey there...  richdave | 04/14/06
Probably  Shelendrea | 04/14/06
Attacked by a Linux ZOMBIE RED ALERT!!!  SouthernPride | 04/13/06
Attacked by a Linux ZOMBIE RED ALERT!!!  SouthernPride | 04/13/06
SouthernPride  Shelendrea | 04/13/06
Hey  Linux User 147560 | 04/13/06
can't  Shelendrea | 04/13/06
can i say it! can i say it ! happy  crocd | 04/13/06
No I will  Shelendrea | 04/13/06
some forum advice,  crocd | 04/13/06
Sometimes I do  Shelendrea | 04/13/06
Hmmm  Linux User 147560 | 04/13/06
SPEW!  Shelendrea | 04/13/06
Oh...  Linux User 147560 | 04/13/06
Good grief!  Loverock Davidson | 04/13/06
Who ME?  Shelendrea | 04/13/06
Well the sisters are all out on their own...  Linux User 147560 | 04/13/06
Grief, yes, but good?  Still Lynn | 04/14/06
Good point, but ...  Still Lynn | 04/14/06
Just goes to show you  Michael Kelly | 04/13/06
Very confusing  SouthernPride | 04/13/06
No  Michael Kelly | 04/13/06
It's PHP  Edward Meyers | 04/13/06
It's funny how the fanboys blame PHP  darreno1 | 04/13/06
The article says, it was caused by a...  zkiwi | 04/14/06
My point was...  darreno1 | 04/14/06
Well yes...  zkiwi | 04/14/06
Sigh....  darreno1 | 04/14/06
FUNNY  viking2007@... | 04/14/06
i just love the morons at ZDnet  Monkey_MCSE | 04/13/06
Yes... it is a real shame...  LazLong | 04/13/06
different characters  Arm A. Geddon | 04/13/06
Nothiig wrong with loving yourself...  No_Ax_to_Grind | 04/13/06
the biggest whiner makes an appearance  Monkey_MCSE | 04/13/06
What are you ranting about fool?  No_Ax_to_Grind | 04/14/06
No_Ax...2 short lines...  mdsmedia | 04/14/06
*clap* *clap*  Shelendrea | 04/14/06
Lets see if I can get this one right.  No_Ax_to_Grind | 04/14/06
Oh I just can't help myself  Shelendrea | 04/14/06
RE: Oh I just can't help myself  richdave | 04/14/06
Hey No Ax  Shelendrea | 04/14/06
and the silly thing is..  mdsmedia | 04/14/06
So I read the story referenced in the article  Linux User 147560 | 04/13/06
Read it again...  SouthernPride | 04/13/06
I did and this time...  Linux User 147560 | 04/13/06
Linux was referenced in the podcast  Joeman57 | 04/13/06
Well since I don't waste my time listening to "podcasts"  Linux User 147560 | 04/13/06
I don't waste my time listening to "podcasts"  Arm A. Geddon | 04/13/06
Doesn't require listening, just reading comprehension  Joeman57 | 04/13/06
Amazing too, that ZDnet references...  mdsmedia | 04/14/06
World of FUD Masters  dragosani | 04/13/06
No Kidding  JimSatterfieldW | 04/14/06
Again...  viking2007@... | 04/14/06
Title says Linux, article talks about PHP  spinits | 04/13/06
I love the hypocrisy of Linux zealots  NonZealot | 04/13/06
uh uh  Shelendrea | 04/13/06
or NonZealots...  Monkey_MCSE | 04/13/06
And that's not Linux's only vulnerability  Michael Kelly | 04/13/06
That last line should say  Michael Kelly | 04/13/06
I'm sorry  tombalablomba | 04/13/06
Exactly my point  Michael Kelly | 04/14/06
This looks like a sysadmin error more than a linux vulnerability.  xode@... | 04/14/06
Really?  JDThompson | 04/14/06
You are a moron!!  mdsmedia | 04/14/06
Hypocrisy and Linux go together like  No_Ax_to_Grind | 04/14/06
The standard low-quality "tech reporting"....  michael_t | 04/13/06
Spoken like a true fanboy  darreno1 | 04/13/06
Well  zkiwi | 04/14/06
Spoken like a true fanboy indeed.  handydan918 | 04/14/06
how come this article is not in the front page  zzz1234567890 | 04/13/06
Simple...It's not a Linux vulnerability!! It's an excuse to troll!!  mdsmedia | 04/14/06
hey..  viking2007@... | 04/14/06
He did specifically say that Linux was involved  chemist109 | 04/17/06
give me some facts!!  Arm A. Geddon | 04/13/06
Ok now...  zkiwi | 04/13/06
Prolexic Technologies - a leading provider of Denial of Service  jmullagh@... | 04/13/06
Barrett Lyon  Free_Thinker | 04/27/06
Mindshare  doxx | 04/30/06
Why so much hatred?  Agnostique | 04/14/06
It's not free as in no monetary cost,  ebrke | 04/14/06
But  Rdewey | 04/14/06
Out of interest  zkiwi | 04/14/06
Because...  JDThompson | 04/14/06
Well  zkiwi | 04/15/06
Which PHP Script  tyoung3 | 04/14/06
From barrett's Digg comments  RStiennon | 04/14/06
Simple Fix - iptables  cyberscan | 04/15/06
It is all SO off the piont  Bob G Beechey | 04/18/06
hmmmm...  doxx | 07/06/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Top Rated

    advertisement

    Archives

    Favorite Links

    ZDNet Blogs

    White Papers, Webcasts, and Downloads

    SmartPlanet

    Click Here