Analysis

Offensive defense – DDoS disruption

A simple method to tarpit and mitigate the Dirt Jumper drive –smart attack

This paper describes a countermeasure for the “-smart” attack. This countermeasure is an example of actionable, offensive security. Security research surrounding Distributed Denial of Service (DDoS) attacks has traditionally examined ways to harden networks against intrusions. This research demonstrates the strategies available for active intervention in the attack process.

Introduction to Dirt Jumper

Modern DDoS attacks are generally executed via a botnet, a large collection of machines that have been infected with a specialized malware that can effectively disable the function of a targeted system or device by flooding it with communication requests. Hosting providers have responded by developing pattern-based detection capabilities to support rapid response. However, malware developers have adjusted with recently developed capabilities to circumvent the measures employed by anti-DDoS hosting providers.

The Dirt Jumper variant, “Drive”, is one of the most harmful strains of DDoS malware specially designed to avoid detection. Drive’s DDoS engine allows for a wide variety of attack commands. This functionality included the ability to send HTTP requests with randomized User Agents, Refers, and Post requests. These changes made Drive a more flexible and resilient DDoS toolkit than many of its predecessors. Download the entire paper to learn more.

Read the introduction to Dirt Jumper
Did you find this useful?