Description:
This is the video of the talk titled "
H.....t.....t....p.......p....o....s....t" given at
OWASP DC 2010.Denial-Of-Service is an attempt to make a computer resource unavailable to its intended users and is not new. In recent history such as April 2009, government and financial sites in the U.S. and South Korea were attacked by DDOS and were brought offline for days. This incident followed the and Georgian DDOS attacks in 2008 and Estonian DDOS attacks in 2007. However, the attacks used in these incidents were primarily Layer 4 (TCP) attacks which are already addressed by anti-DDOS solutions.
A NEW and very lethal form of Layer 7 attack technique, which uses slow HTTP POST connections, was discovered by Onn Chee and his team. An attacker will send properly crafted HTTP POST headers, which contains a legitimate "Content-Length" field to inform the web server how much of data to expect. After the HTTP POST headers are fully sent, the HTTP POST message body is sent at slow speeds to prolong the completion of the connection and lock up precious server resources.
They will also demonstrate how an "agentless" DDOS botnet can be created via malicious online games and how a victim website can be brought down in matter of minutes using the HTTP POST DDOS attack.
Onn Chee and Tom Brennan will walk through the details of how this lethal HTTP POST DDOS technique works, other interesting findings in the protocol and the challenges in defending critical infrastructure against targeted attacks.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: