DEFCON 19: Three Generations of DoS Attacks

Denial-of-service (DoS) attacks are very common. They are used for extortion, political protest, revenge, or just LULz. Most of them use old, inefficient methods like UDP Floods, which require thousands of attackers to bring down a Web server. The newer Layer 7 attacks like Slowloris and Rudy are more powerful, and can stop a Web server from a single attacker with incomplete Http requests. The newest and most powerful attack uses IPv6 multicasts, and can bring down all the Windows machines on an entire network from a single attacker.

I will explain and demonstrate these tools: Low Orbit Ion Cannon, OWASP Http DoS Tool, and flood_router6 from the thc-ipv6 attack suite. This deadly IPv6 Router Advertisement Flood attack is a zero-day attack–Microsoft has known about it since June 2010 but has not patched it yet (as of May 4, 2011).

Audience Participation: Bring a device to test for vulnerability to the Router Advertisement Flood! Some cell phones and game consoles have been reported to be vulnerable–let’s find out! If your device crashes, please come to the Q&A room so we can video-record it and arrange disclosure to the vendor.

. . . . . . . .

Leave a Reply