Home page logo

bugtraq logo Bugtraq mailing list archives

Re: New DDoS?
From: Alfred Perlstein <bright () WINTELCOM NET>
Date: Tue, 9 Jan 2001 10:51:44 -0800

* nealk <nealk () verinet com> [010109 10:41] wrote:
I think I have stumbled across a new category of distributed denial
of service (DDoS).  (If this is old news, I'm sure I'll be corrected;
it's new to me.)

Traditional DDoS have the follow flow:
  - A host (or few hosts) controls a large number of clients.
  - The clients are directed by the host to attack a single site/server.
    The attack can either be network or service oriented.

Alternate (New) DDoS model:
  - Server 'A' directly prevents all clients from accessing server 'B'.

Here's an example of how it could work:
I recently posted about a Flash plugin risk that can crash or hang a browser.

Let's say that someone placed a corrupt Flash (SWF) file on a web server.
All clients that access the web server and that view the Flash file
(about 90% of all browsers can, so this is a good assumption) will
have their browsers crash or hang.

While this is a possibility, it doesn't make much sense, news would
spread like wildfire and people would drop links to the add service
pretty quickly.  Your attack would need either:
a) a suicidal company.
b) a hacked ad server.
c) widespread DNS poisoning.

Ad services can do other nasties like using 302s to redirect hundreds
or thousands of hits to a particularly system intensive service on
a remote site, that's a nasty DoS but also a good way to get yourself
involved in a nasty lawsuit.

-Alfred Perlstein - [bright () wintelcom net|alfred () freebsd org]
"I have the heart of a child; I keep it in a jar on my desk."

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]