Prolexic Uncovers Vulnerabilities in Popular DDoS Toolkits
The security firm found flaws in the Dirt Jumper toolkit family's command and control architecture.
Prolexic Technologies recently published a report on the Dirt Jumper DDoS toolkit family, exposing flaws in its command and control (C&C) architecture.
"Ironically, the developers of the tools -- which are similar to the favored weapons of groups like Anonymous and LulzSec -- appear to have neglected many basic security precautions, including sanitizing user input to prevent so-called SQL injection attacks," writes The Verge's Louis Goddard.
"By targeting SQL injection flaws in the software -- which is sold for thousands of dollars in underground forums -- counter-attackers can commandeer the master control servers used to distribute commands to large numbers of infected computers, which act as foot soldiers in such attacks," writes Ars Technica's Dan Goodin.
"Armed with the identity of the C&C server or infected host, and open source penetration-testing tools, it is possible to gain access to the database in the system used to control the PC army and, more importantly, the server-side configuration files, Prolexic discovered," writes The Register's John Leyden. "'With this information, it is possible to access the C&C server and stop the attack,' explained Scott Hammack, chief executive officer at Prolexic."
"Dirt Jumper and its assorted variants are among the newer wave of do-it-yourself toolkits that enable attackers to stand up their own botnets quickly and with little technical knowledge," writes Threatpost's Dennis Fisher. "Once the user has his little bot army put together, he can begin firing off DDoS attacks at whatever target he chooses. Thanks to the huge amounts of bandwidth available to normal home users and the use of techniques that leverage open DNS servers and other methods for amplifying the volume of traffic, attackers with even small botnets can bring down major sites."