France is seeing massive amounts of DDoS traffic going through its networks, thanks to sizeable hits on the country’s popular hosting providers As the UK enjoys a relatively low volume of distributed denial of service (DDoS) attacks, France is seeing deluges of traffic hitting organisations frequently, according to research. Major hosting providers, including the hugely-polular, OVH have attracted DDoSers to France, which was only outdone by the US in terms of the amount of DDoS traffic passing through the countries’ networks, according to Arbor Networks. A record 325Gbps attack hit France this year, but it is not known who was involved. DDoS threat getting bigger and bigger Darren Anstee, director of solutions architects at Arbor, said France was being attacked largely because of the popularity of those hosting providers. “They’ve got a lot of big hosting providers and some of those are used by the gaming industry [which is subject to significant sized attacks],” he told TechWeekEurope . Arbor spotted an unprecedented rise in DDoS attacks over the first quarter of 2014. It saw 72 attacks larger than 100Gbps and 1.5 times the number of attacks over 20Gbps as in the whole of 2013. The epic increase in attack size has come as a result of what’s known as amplification. Protocols such as Network Time Protocol can be used to generate massive DDoS attacks with relatively little effort on behalf of the offenders. They can abuse vulnerable NTP servers by spoofing the IP address of a target, sending small requests and getting massive responses. The target IP is then flooded with that traffic. Even protocols used by popular gaming services, from Quake to the Steam protocol, can be abused for amplification purposes. Source: http://www.techweekeurope.co.uk/news/ddos-france-gaming-hosting-companies-144777
View the original here:
France Getting Battered By DDoS Attacks
A researcher discovered a flaw in the section “notes” of the social network Facebook that could be exploited by anyone to conduct a powerful DDoS attack. The Security researcher Chaman Thapa, also known as chr13, discovered a vulnerability in the section ‘Notes’ of the popular social network Facebook that could be exploited by anyone to launch the distributed denial-of-service (DDoS) attack of more than 800 Mbps Bandwidth on any website. Chaman Thapa demonstrated that simply reading a ‘Note’ created by anyone on the Facebook platform an attacker could automatically generate malicious traffic against a target. The researcher published a blog post to describe the vulnerability, he exploited the possibility to include tags inside the post to allow the creation of notes that have images from any source. The attack scenario is very simple, Facebook downloads external images from the original source for the first time only, to improve the performance it stores them in the cache for successive uses. If the image url has dynamic parameters, Facebook is not able to store the image in cache and practically it download all the images included in a note each time whenever anybody view the note. “Facebook Notes allows users to include tags. Whenever a tag is used, Facebook crawls the image from the external server and caches it. Facebook will only cache the image once however using random get parameters the cache can be by-passed and the feature can be abused to cause a huge HTTP GET flood.” Let’s see the DDoS attack scenario described by Chaman Thapa, let’s chose the target website “ target.com” which include a large image on its server (e.g. 1Mb). The researcher creates a Facebook Note which includes the above image multiple times with dynamic parameters, and some text. Facebook servers are forced to download 1 MB of file 1000 times in one page view (It has been estimated that each note is now responsible for 1000+ http requests). If 100 Facebook users are reading the same note at the same time, then Facebook servers will be forced to download 1 x 1000 x 100 = 100,000 Mb or 97.65Gb bandwidth within few seconds from the targeted servers. In the image below is reported the graph for the 400 Mbps traffic generated from 127 Facebook servers in the proof-of-concept made by Thapa by attacking on his own web server. Following the description provided in the post by the Chaman Thapa. Steps to re-create the bug as reported to Facebook Bug Bounty on March 03, 2014. Step 1. Create a list of unique img tags as one tag is crawled only once .. Step 2. Use m.facebook.com to create the notes. It silently truncates the notes to a fixed length. Step 3. Create several notes from the same user or different user. Each note is now responsible for 1000+ http request. Step 4. View all the notes at the same time. The target server is observed to have massive http get flood. Thousands of get request are sent to a single server in a couple of seconds. Total number of facebook servers accessing in parallel is 100+. The researcher explained that the amplification factor of the DDoS attack depends on the dimension of the image downloaded, it could be even higher if the attacker includes in the note a pdf or a video. “A scenario of traffic amplification: when the image is replaced by a pdf or video of larger size, Facebook would crawl a huge file but the user gets nothing.” “Each Note supports 1000+ links and Facebook blocks a user after creating around 100 Notes in a short span. Since there is no captcha for note creation, all of this can be automated and an attacker could easily prepare hundreds of notes using multiple users until the time of attack when all of them is viewed at once.” noted Chaman Thapa. There is the concrete risk that a bad actor creates hundreds of notes with specially crafted script using multiple users at the same time, resulting a powerful DDoS attack. The alarming news is that the flaw is still unpached and Facebook has no plans to fix it. “ In the end, the conclusion is that there’s no real way to us fix this that would stop attacks against small consumer grade sites without also significantly degrading the overall functionality, ” replied Facebook to the researcher. Click here to read the entire article. Source: http://www.arie.co.za/how-to-abuse-facebook-feature-to-conduct-powerful-ddos-attack/