Recently, the number of registered DDoS attacks has skyrocketed. Many users worry about these most common attacks on web sites and services, during which the so-called attackers (there are multiple sources participating) overwhelm your web with an unreasonable amount of requests or overload servers and make the web inaccessible to regular visitors.
Protection against these attacks is not easy which is why we asked some specific questions of one of Czech and Slovak Republics‘ top experts in penetration testing and web app security, Roman Kümmel. Roman is the creator of SOOM.cz, the best-known Czech hacker web, and has also authored one of the best publications on Cross Site Scripting and related attacks.
1. Is it easy to organize web attacks? How are such attacks carried out?
“Organizing a mass attack on any web server is relatively simple. You just need to create a website which uses javascript to send a large amount of requests from a visitor’s web browser to the target system. The link to such a website is then distributed e.g. through social media where anyone wanting to participate in the attack can visit it. If such a website receives a large number of visitors who leave the page open for a long period of time, it may become too difficult for the targeted server to respond to all the requests. The website then becomes inaccessible to regular visitors.
Attackers can enhance the impact of the attack by directing individual requests at a web site which is difficult and time-consuming for the server to generate (e.g. due to the necessity to load data from a database). In such cases, a relatively small number of dedicated visitors of the attack web site is sufficient for success.”
2. Can anyone participate in these attacks?
“Among the advantages of this type of attack (for the attackers) is the fact that basically anyone can join in without the slightest knowledge or the need to install an attack tool. On the other hand, the disadvantage is that it is not aimed at a specific vulnerability which could be exploited in order to deny access to a server using a single attack machine, as is the case with e.g. Slowloris-type attacks. To perform such an attack, one needs to run a specific attack machine. However, using this type of attack, it is possible to deny access to a larger amount of servers using as few as a single attack machine.”
3. Would the person participating open themselves up to any kind of danger?
“Any attacker should be aware that by deliberately visiting a website in order to participate in a DDoS attack, they are committing a crime. In the US, for example, quite a lot of people have been convicted of leading similar attacks against American banks. I don’t assume anyone would charge users for similar attacks under the current circumstances, especially if they occurred in mass. However, one needs to be aware of these facts and not presume that joining an attack like this is just fine and there will be no consequences. Users need to realize that the internet is not as anonymous an environment as they might believe and that any participation in attacks will most likely be logged and could be traced back to its source.”
4. Which courses would you recommend as good preventative measures against hacker attacks?
“You can learn more about DDoS attacks in the Web Application Vulnerabilities - Attacks on servers (GOC542) and Hacking in Practice II (GOC32) courses.”
Roman Kümmel
Roman has been interested in IT ever since his childhood and since 2003 he has mainly specialized in web app security. He is the operator of soom.cz, a web server focused on hacking and IT security. He authored a book called XSS: Cross-Site Scripting v praxi (XSS: Cross-Site Scripting in Practice) and published many articles in expert magazines.
Roman is a penetration tester, consultant and IT security instructor at GOPAS.
Na programu konference usilovně pracujeme a brzy Vám přineseme bližší informace, které naleznete na webu www.teched.cz
