Inter-actief presentation
0 likes163 views
The document discusses distributed denial of service (DDoS) attacks, focusing on the growing market for 'booter' services that allow users to conduct such attacks for a fee. It outlines various types of DDoS attacks, their economic impact, and lists several online services offering DDoS for hire. Additionally, it touches upon payment systems used by these services and the ethical implications surrounding DDoS attacks and mitigation strategies.
![# Booter URL
Offer
[Gbps]
1 http://booter.tw ?
2 http://restricted-stresser.info 5
3 http://anonymous-stresser.net 5
4 http://destressbooter.com 25
5 http://flashstresser.net ?
6 http://dejabooter.com 10
7 http://rebel-security.com Up to 3
8 http://grimboot.com 6
9 http://quantumbooter.net 1,5
10 http://olympusstresser.org Up to 3
11 http://ebooter.5gbfree.com ?
12 http://vdoss.net ?
13 http://respawn.ca 8
14 http://onionstresser.com ?
Price [€]
10,90
1,95
3,12
3,89
3,89
3,89
3,00
3,90
8,00
4,90
free
3,11
3,90
3,90
€58,35
Unique IPs
8281
7369
6075
4486
3779
2970
281
78
54
Protocol
*DNS
*DNS
*DNS
*DNS
*Chargen
*DNS
*Chargen
*DNS
*DNS
Attacks](https://image.slidesharecdn.com/20161011interactief-161011120210/85/Inter-actief-presentation-36-320.jpg)
![0
1.5
3
4.5
6
7.5
0 20 40 60 80 100
Trafficrate[Gbps]
Time [s]
CharGen-based attacks DNS-based attacks
0
0.4
0.8
1.2
1.6
2
0 20 40 60 80 100
Trafficrate[Gbps]
Time [s]
NTP
CharGen
SSDP
Quake P.
Steam P.
QOTD
BitTorrent
Kad
NetBIOS
SNMP
DNS
556.9x
358.8x
108x](https://image.slidesharecdn.com/20161011interactief-161011120210/85/Inter-actief-presentation-42-320.jpg)
![Booters [market]
[under-revision]](https://image.slidesharecdn.com/20161011interactief-161011120210/85/Inter-actief-presentation-50-320.jpg)
![Booters [market]
0
50
100
150
200
250
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
#Booters
Time
Registration Date
Expiration Date
Registration Interval
First Passive DNS
10
50
100
200
300
wif...com
exr....nl
ips...com
ano...comano...netone...netres...nfo
boo....in
rou...comsta...com
pow...comboo...orgboo....mlboo...xyzexp...orgnet....ec
qua...netspb...netstr...com
smo...comuns...comnet...com
dat...com
cst...net
str...net
evi...net
str....in
ddo...ity
abs...netpar...comdow...orgexi....to
vdo...cominb....me
the...com
boo...xyzyou...net
Gbits/sec
Max. Advertised Attack Rate](https://image.slidesharecdn.com/20161011interactief-161011120210/85/Inter-actief-presentation-51-320.jpg)
![30k
100k
1M
3M
10M
0 10 20 30 40 50
AlexaRank(logscale)
Top 50 Booter
Booter Rank
exr..b.nl
boo...xyz
ips...comnet...com
exo..s.inorc...com
vbo...org
ddo..cityboo...com
cst...netaur...com
inb..t.me
vdo...com
str..e.ioque...com
pow...com
you...net
exi..s.tostr..clubstr..r.instr...netweb..r.co
boo...org
k-s..s.pwpar...com
qua...net
rag...net
spb...net
syn...net
tit...netalp...comhor..s.me
raw...com
ano...net
rek...com
vbo...com
rou...com
dar..r.fridd...net
ave...com
fra..g.nlddo...com
con...com
ddo...com
ips...comust..s.coxpl..r.pwjit...comnet..k.ec
rag...com
There are 300M registered domain names in the Internet
Booters [market]](https://image.slidesharecdn.com/20161011interactief-161011120210/85/Inter-actief-presentation-52-320.jpg)
![Ethical implications
[under-revision]
& civil disobedience](https://image.slidesharecdn.com/20161011interactief-161011120210/85/Inter-actief-presentation-58-320.jpg)
![[under-revision]
Mitigation?at the access level ?!
http://booterblacklist.com](https://image.slidesharecdn.com/20161011interactief-161011120210/85/Inter-actief-presentation-62-320.jpg)
Inter-actief presentation
- 1. Booters Things that you already know and beyond Jair Santanna jairsantanna.com 11/10/2016
- 2. José Jair Cardoso de Santanna
- 5. Distributed Denial of Service attack a.k.a. DDoS attack
- 6. DDoS attackHow many calls can you handle?
- 7. DDoS attack
- 9. Operation Payback Amazon, PayPal, MasterCard, Visa and the Swiss bank PostFinance
- 10. LOIC
- 11. Who can preform a DDoS attack?
- 12. 12
- 13. Anyone!
- 14. Booter"DDoS as a $ervice" "DDoS for Hire" Stresser
- 15. 15
- 17. No more opponents!! No more ONLINE exams!! Economic Impact!!
- 18. Booter"DDoS as a $ervice" "DDoS for Hire" Stresser ?????
- 20. It is not my fault!
- 22. Clear?!
- 23. 2013
- 27. 2013
- 35. Attacks
- 36. # Booter URL Offer [Gbps] 1 http://booter.tw ? 2 http://restricted-stresser.info 5 3 http://anonymous-stresser.net 5 4 http://destressbooter.com 25 5 http://flashstresser.net ? 6 http://dejabooter.com 10 7 http://rebel-security.com Up to 3 8 http://grimboot.com 6 9 http://quantumbooter.net 1,5 10 http://olympusstresser.org Up to 3 11 http://ebooter.5gbfree.com ? 12 http://vdoss.net ? 13 http://respawn.ca 8 14 http://onionstresser.com ? Price [€] 10,90 1,95 3,12 3,89 3,89 3,89 3,00 3,90 8,00 4,90 free 3,11 3,90 3,90 €58,35 Unique IPs 8281 7369 6075 4486 3779 2970 281 78 54 Protocol *DNS *DNS *DNS *DNS *Chargen *DNS *Chargen *DNS *DNS Attacks
- 37. It is not my fault!
- 38. Reflection Attack & How the Internet works?
- 40. How attackers control the distributed source of attacks? Reflected Server (UDP) Client Jair Attacker “Jair” "Spoofed" Request Response "Amplified" & "Reflect"
- 41. Reflection Attack
- 42. 0 1.5 3 4.5 6 7.5 0 20 40 60 80 100 Trafficrate[Gbps] Time [s] CharGen-based attacks DNS-based attacks 0 0.4 0.8 1.2 1.6 2 0 20 40 60 80 100 Trafficrate[Gbps] Time [s] NTP CharGen SSDP Quake P. Steam P. QOTD BitTorrent Kad NetBIOS SNMP DNS 556.9x 358.8x 108x
- 46. CN US KR RU IN TR UA FR TH DE Top 10 1755 630 275 192 105 81 76 56 55 530 1755 US JP DE RU CN NL GB CA FR TW 5822 1986 1909 1871 825 731 716 603 561 459 Top 10 0 5822 CharGen-based attacks DNS-based attacks
- 49. Timeline Domain Registration First attack Passive DNS 15 Databases Clients
- 51. Booters [market] 0 50 100 150 200 250 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 #Booters Time Registration Date Expiration Date Registration Interval First Passive DNS 10 50 100 200 300 wif...com exr....nl ips...com ano...comano...netone...netres...nfo boo....in rou...comsta...com pow...comboo...orgboo....mlboo...xyzexp...orgnet....ec qua...netspb...netstr...com smo...comuns...comnet...com dat...com cst...net str...net evi...net str....in ddo...ity abs...netpar...comdow...orgexi....to vdo...cominb....me the...com boo...xyzyou...net Gbits/sec Max. Advertised Attack Rate
- 52. 30k 100k 1M 3M 10M 0 10 20 30 40 50 AlexaRank(logscale) Top 50 Booter Booter Rank exr..b.nl boo...xyz ips...comnet...com exo..s.inorc...com vbo...org ddo..cityboo...com cst...netaur...com inb..t.me vdo...com str..e.ioque...com pow...com you...net exi..s.tostr..clubstr..r.instr...netweb..r.co boo...org k-s..s.pwpar...com qua...net rag...net spb...net syn...net tit...netalp...comhor..s.me raw...com ano...net rek...com vbo...com rou...com dar..r.fridd...net ave...com fra..g.nlddo...com con...com ddo...com ips...comust..s.coxpl..r.pwjit...comnet..k.ec rag...com There are 300M registered domain names in the Internet Booters [market]
- 53. Payment Systems
- 57. “it is really tricky when private organisations act as law enforcement“ https://www.youtube.com/watch?v=wW5vJyI_HcU DDoS Protection Companies
- 58. Ethical implications [under-revision] & civil disobedience
- 59. Mitigation?
- 61. Mitigation? at the Target ?! http://ddosdb.org Big + Open
- 62. [under-revision] Mitigation?at the access level ?! http://booterblacklist.com
- 63. at the access level ?! TOR node
- 64. What I’m working now?
- 66. On What I have assignment?
- 68. Booters Things that you already know and beyond Jair Santanna jairsantanna.com 11/10/2016