Scant Brain Power Behind Massive DDoS Attack

It may be the most disturbing thing about last week’s historic denial of service attack on a Dutch anti-spam organization — the fact that the technology involved wasn’t that complicated. That’s one of the findings of security professionals studying the attack methods used on Spamhaus, along with the knowledge that the hackers used the Internet‘s own structure to extend their assaults on the group.

One of the largest denial of service attacks in the history of the Internet didn’t take rocket science to execute. The offensive was conducted over several days last week after the anti-spam group Spamhaus placed a Dutch hosting service, located in a former NATO bunker, on a blacklist reserved for spammers.

A group calling itself STOPhaus is claiming responsibility for the series of attacks which, at their height, reached bandwidths of 300 Gbps. A 10 Gbps attack will bring most websites down.

To reach those bandwidth levels, the attackers exploited the Internet’s architecture and the Domain Naming System to expand the scope of their assaults. They essentially used open servers used to resolve DNS addresses on the Internet like megaphones to amplify their attacks.

The technique was used earlier this year in a series of attacks on U.S. financial websites.

Perl Used By Swine?

Despite the magnitude of the onslaughts, security experts said they can be launched with a relatively low level of technical knowledge. “The technique isn’t particularly difficult,” said Matthew Prince, co-founder and CEO of Cloudflare. Prince’s company came to Spamhaus’s aid when the attacks threatened to overwhelm its website.

“The amount of code you’d need to write to launch this attack can almost be done in a line of Perl,” Prince told TechNewsWorld. The most difficult part of the campaign is finding open resolvers to use in your attack because it requires scanning billions of IP addresses.

“It takes a lot of reconnaissance, but not a whole lot of technology itself,” Henry Stern, a threat researcher with Cisco told TechNewsWorld. That reconnaisance may have gotten easier. A group calling itself the Open DNS Resolver Project has published a list of 27 million open or semi-open resolvers on the Net. The group’s intentions are good ones; it wants server operators to check their IP addresses at the site and restrict access to any of their servers they find on the list.


Blowfish12@2013 blowfish12.tk Author: Sudharsun. P. R.

Advertisements

Android Powered $99 Ouya Games Console Shipped To First Supporters

ouya-android

A new games console which industry experts say could disrupt the industry has begun shipping to kickstarter backers who helped the Android-based project get going last year. For the rest of us, there’s an official retail release date: June 4.

Games on the system will be a fraction of the cost of traditional console games, more comparable to those found on mobiles and tablets. However, it may struggle to muscle in on a market dominated by big players such as PlayStation and Xbox, one analyst predicted.

The Ouya was financed using crowdfunding website Kickstarter, where it attracted over $8m (£5.3m) in funding from 63,416 backers.

Ouya_android_game_Console

The company has begun sending out consoles to the first supporters of the project – while other interested gamers can pre-order the device.

About 55 games will be available with today’s release, according to [Ouya founder Julie] Uhrman. The cube-shaped player uses a version of Android that requires developers to create applications and games just for the device. Games must be free, offer a free trial or have free add-ons, the company said. … Ouya plans to keep 30 percent of game sales, with developers getting the rest.


Blowfish12@2013 blowfish12.tk Author: Sudharsun. P. R.

Fact for the day: 2.4.2013

Can openers invented 48 years after cans

Cans were opened with a hammer and chisel before the advent of can openers. The tin canister, or can, was invented in 1810 by a Londoner, Peter Durand.


Blowfish12@2013 blowfish12.tk Author: Sudharsun. P. R