Post on 08-Jun-2015
description
Open Source Incidents David Hobbs Director of Security Solutions Emergency Response Team DavidH@Radware.com
September 2014
Radware Confidential September 2014
DDoS is the Most Common Cyber Attack
2
of all cyber attacks in 2013 involved a DDoS attack 28%
Source: 2013 Cyber A1acks Trends, Hackmagedon
The Network Topology and DDoS Attacks
5c Server components that are likely to be a1acked by DDoS A1acks
Bash Exploit
• This still works with the latest bash update • (X='() { (a)=>\' bash -c "echo ls /etc; cat echo") • As does this: • env X="() { :;} ; echo busted" /bin/sh -c "echo stuff”
• The following commands will implement a signature in ‘Report Only’ mode in our DefensePro.
• • dp signatures-protection filter basic-filters user create ERT-bash2-CVE-2014-6271 -p
tcp -c \\x28\\x29\\x20\\x7b -ct "Normalized URL" -ce "Case Sensitive" -dp http • dp signatures-protection filter advanced-filters user create group_ERT-bash2-
CVE-2014-6271 ERT-bash2-CVE-2014-6271 • dp signatures-protection attacks user create 0 -n ERT-bash2-CVE-2014-6271 -f
group_ERT-bash2-CVE-2014-6271 -am 0 • dp update-policies set 1 • • The customer should carefully inspect false positive rates of this signature and only
afterwards to move it to ‘Block and Report’ mode.
Slide 8
Booter DDOS Tools are Cheep
Slide 9
h"p://ragebooter.net/members/plans Can be run from any device anywhere - Can be used to create huge dos floods, and more!