HackersOnBoard asked:

Sam Bowne & Matthew Prince August 1st–4th, 2013 Rio Hotel & Casino • Las Vegas, Nevada.

Advertisement
Share →

21 Responses to Defcon 21 – Evil DoS Attacks and Strong Defenses

  1. Senior Grammar Nazi says:

    He handled this very professionally considering the awful faults.

  2. linxus100 says:

    please tell me someone was a giant badass and grabbed the C code

  3. blackneos940 says:

    “If your Client is slow, it can control the rate of flow.”……
    Brilliant….. :D

  4. blackneos940 says:

    “If your Client is slow, it can control the rate of flow.”…….
    Brilliant….. :D

  5. Jeff Martin says:

    these are relatively simple to protect against. i used to work for major
    ISP few years back. we saw DOS attacks daily. once we figured out it was IP
    spoofing we set up access lists with our BGP peers,. we would only accept
    certain prefixes (ones they owned) and those of their BGP customers. we
    also would not accept prefixes/traffic that did not belong to any of our
    customers. if they enforced this policy then spoofing would not be
    possible. Juniper routers made this easy to fix. as for the zero window
    size hack, cisco pix firewalls and juniper routers drop half open tcp/udp
    sessions. the parameters are configurable. here is more info
    and juniper networks
    

  6. Kevin Wagner says:

    self_destruct.c, save the internet by also temporarily destroying it.

  7. Avast Samble says:

    Lesson: Windows sucks
    Linux is beast

  8. 6274ks says:

    good info. thanks

  9. Ian Gorrie says:

    Evil DoS Attacks and Strong Defenses
    Sam Bowne
    Matthew Prince

    Backtrack and SockStress

    19:54 Matthew Prince

    Blackhat dull conference

    Spamhaus

    “annoyance attacks” 10-80Gbps range

    Various DDoS attack examples with throughput graphs

    24:55 DNS amplification attack example
    example case: x50
    BCP38: don’t let spoofed traffic leave your network

    invocation of smurf for historical example

    open resolver project

    1 attacker
    + 5-7 servers on
    + 3 networks that allowed spoof
    + 9Gbps dns requests to
    + 0.1% of open resolvers resulted in
    300Gbps of DDoS traffic

    Please don’t use this code I showed you to DDoS the open resolvers with
    themselves (how responsible)

    Sam Bowne:
    Authorized cookie examples where access is not revoked against logout
    (quiet 10 min logout)

  10. urbex2007 says:

    Sam. You were annoyed when an article was published about you committing
    offences. why refer to twitter users as criminals? I find that offensive.
    Most just have a real interest like you. Maybe you are the same.

  11. Joseph Griffin says:

    Am I the only one who closes his eyes and imagines it’s Sean Connery giving
    the talk?

  12. urbex2007 says:

    Sam. You were annoyed when an article was published about you committing
    offences. why refer to twitter users as criminals? I find that offensive.
    Most just have a real interest like you. Maybe you are the same.

  13. Tareq ElZubi says:

    Huge scary attack, He kill Anything used Tcp routers in service in every
    thing

  14. Anon mem says:

    yea I LOVE IT We are Anonymous We do not forgive We do NOT Forget Expect US

  15. zdrouse99 says:

    So Matthew Prince is CEO for Cloudflare and supposedly handles DoS defense?
    Where was he when multiple game companies were being DDoSed about 5-6
    weeks ago (In specifically League of Legends whose servers are hosted by
    Cloudflare). DoS defense didn’t really work there lol

  16. Thorium Heavy Industries says:

    37:00 Cookie based Online Banking Security … pretty so pretty… I
    laughted my ass off. Brilliant!

  17. justin ethridge says:

    I never see anyone speaking at defcon about Bandwidth Killers? Connecting
    to the server with bots and downloading multiple files. It may not kill
    major websites. But you can knock out an easy one no problem. And the best
    part is some of these sites. Are regulated monthly on how much bandwidth
    use they are allowed. If they go over they get charged. Or in some cases
    shut down for the month. Used to love knocking out a website for a month
    for maybe an hour worth of work.

  18. Mick the mick says:

    never tried ddos ‘ing but seen your last couple of defcon talks ..great
    stuff

  19. aarcher73k says:

    Interesting talk. I’ve written my own implementation of SockStress in C,
    but it doesn’t seem to be working.

  20. solidtemper says:

    love it

  21. urbex2007 says:

    Sam, are you really the Jester?

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

Looking for something?

Use the form below to search the site:


Still not finding what you're looking for? Drop us a note so we can take care of it!

Set your Twitter account name in your settings to use the TwitterBar Section.