Hack a Day » ddos

Hack a Day 2: Electric Boogaloo

Eliot — Fri, 12 Sep 2008 00:45:08 +0000

Well, that was fun… no, not really, but we’re back from the dead like Steve Jobs. We’ve been getting DDoS’d since essentially the first day we originally came back. After killing a 1G connection, we decided to find a different solution. Since the world didn’t end this week, we brought the site back using WordPress.com as the new host. We now return to our regular blog shenanigans. Here’s to another four years of beta!

Russia vs Georgia, the online front

Nick Caiello — Wed, 13 Aug 2008 17:30:00 +0000

While we’re sure that just about everyone has heard about the conflict between Russia and Georgia, few have probably heard about the role of cyber attacks in the conflict. Shortly before Russia’s armed response, Georgian state web servers were attacked by individuals assumed to be Russian hackers. This attack almost completely obliterated Georgia’s online presence by shutting down the website for the Ministry of Defense, and the Central Government’s main site. The Russian attackers seem to be using some form of sustained DDoS to keep many Georgian sites offline. In an effort to preserve some web presence, the Georgian Government transferred [President Mikheil Saakashvili]‘s site to a US hosting provider in Atlanta. The Ministry of Foreign Affairs even created a BlogSpot page after their website initially went down. While politically motivated DDoS attacks have not been rare in past months, this seems to be the first time where the attacking party can be clearly identified. This seems to be the start of a trend where the unconventional methods of cyber warfare are used to gain an advantage over the enemy.

[photo: somefool]

Phlashing denial of service attack, the new hype

Eliot — Tue, 20 May 2008 23:15:00 +0000

Imagine how surprised we were to discover that by accidentally bricking our router we were executing a brand new attack: Phlashing Denial Of Service (PDOS). This week at EUSecWest, researcher [Rich Smith] will present the theoretical PDOS attack. Instead of taking over control of an embedded system, the attacker turns it into a nonfunctioning brick by flashing it with a broken firmware. Anyone who has flashed a device knows the danger of interrupting the procedure.

Embedded systems, like wireless routers, network cameras, and printers require remote access to be upgraded. This could be over the network or just a USB cable. Unfortunately most devices go unpatched because of this lack of easy access. The upgrade procedure can be very insecure too. The last time we flashed a custom firmware on our La Fonera we had to set up a TFTP server for it to download the firmware from. The TFTP protocol has no authentication, so anyone could pose as the server and offer a bad firmware for download. Many embedded system upgrade tools use TFTP because of its ease of implementation and low hardware overhead.

The PDOS attack hasn’t been seen in the wild and we don’t expect to. Malware is a business and destroying hardware doesn’t seem to have much income potential. The article presents this as an alternative to maintaining a botnet to perform a DDOS. With a DDOS, you deny the service, ask for ransom, and return service when they pay. With PDOS, you threaten to deny their service, they don’t pay, and then you destroy their equipment and get nothing. We agree with [HD Moore] that a more successful attack would be installing your own custom firmware that gives you full control of the system and full access to the network to do as you please.

Outside of griefing, the PDOS attack is not a threat. In any case, firmware upgrade procedures for embedded devices need to be improved.

[via /.]