.

Tuesday, June 4, 2019

Raspberry Pi Foundation DDoS Attack

darn Pi Foundation D body politic AttackE CrimeThe perfect E Crime The Raspberry Pi FoundationAssessment The perfect E Crime The Raspberry Pi FoundationTable of Contents1 Introduction1.1 Aim1.2 Methodology1.3 apology2 What is E-Crime?2.1 Types of E-Crime?3 The Raspberry Pi Foundation4 The Attack5 DoS assails5.1 DDoS pom-poms5.2 Botnets5.3 Protocol Attack5.4 SYN Flood6 Tools6.1 naughty domain ion hobonon6.1.1 mellowed eye socket Ion cannon Capabilities6.2 Apache Killer7 Defending DDoS7.1 DDoS Defence System7.2 DDoS Defence System Benefits8 Example of a DoS attack8.1 DoSing a website8.1.1 The Result9 potential Perpetrators9.1 Threat Agents9.2 Who atomic come in 18 the perpetrators?10 end point11 References purpose 1 DDoS Attack general anatomy 2 High Orbit Ion CannonFigure 3 Apache KillerFigure 4 DDoS Defence SystemFigure 5 Command PromptFigure 6 junior-grade Orbit Ion Cannon readyFigure 7 Low Orbit Ion Cannon attackingFigure 8 Low Orbit Ion Cannon URLFigure 9 R esult of a prosperous DoS on a website1 IntroductionIn this fib the education will be based more or less a case study of an e crime against a SME (sm every last(predicate)-medium enterprise) that has taken place during the past 10 years. The paper that has been chosen is the Raspberry Pi Foundation that was hit by DDoS attack on the 7th march 2013. The report will then explain how a cyber-criminal might cede conducted this particular crime and try to assess the method and processes they might have utilized, including the tools, both hardw are and software. While discussing tools, the report will target an example of how the tools are used to commit the crimes used from the story. The report will in addition show how you can defend systems from the attack that was chosen.1.1 AimThe aim of this report is to demonstrate an understanding of cyber-attacks that are used against small, medium enterprises, and the tools (software and hardware) they use to be able to carry out these attacks.1.2 MethodologyThis report was compiled utilising secondary resources, including a phase of books obtained from the library, as well as internet sources such as websites and PDFs.1.3 JustificationE-Crime Wales have documented that a defence force of service attack is one of the roughly common instances of E-crime. (E-Crime Wales, 2012)Denial of service attack was chosen because its one of the most common e-Crimes out there, it is also probably one of the easiest attacks to perform, the tools used for this type of are attack are freely available to find and download, easy to use and very(prenominal) powerful.The company chosen was a SME and the attack was done in the last ten years.2 What is E-Crime?E-Crime is a criminal activity where a computer or computer network is the source, tool, target, or place of a crime. E-Crime is non necessarily just for computing purposes E-Crimes can also be crimes such as fraud, theft, blackmail, forgery and embezzlement. E-Crime is qu ite difficult to become aware of and also punish because of how difficult it is, and also because assaulters are able to hack victims thousands of miles away. Due to E-Crime getting a dish out bigger and technology is becoming more advanced, new(a) brats are rising very quickly and are also quite difficult for companies and people to react to them. (E-Crime Wales, 2011)2.1 Types of E-Crime?According to the UK Government, around 87% of small businesses were victims of a trade protection incident in 2013 up 10% and the average cost of a companys worst incident was 35,000 65,000 (Gov, 2013)In Wales alone it is estimated that attacks from e-criminals cost the economy around one billion. This includes financial loss, interruption of business, theft of valuable data, identity theft and a lot more caused by unauthorized access to systems. (Prior, N, 2013)Types of E-Crime are as followsHardware TheftIdentity TheftPhishingPharmingMalwareVirussCyber Terrorism3 The Raspberry Pi Foundatio nThe Raspberry Pi Foundation is philanthropy that was founded in 2006 which is supported by the University of Cambridge Computer Laboratory and Broadcom. The philanthropy is there to promote computer science in schools, and is the developer of the single board computer the Raspberry Pi. In 2011, the Raspberry Pi Foundation developed a single-board computer named the Raspberry Pi. The Foundations goal was to offer two versions, priced at around 30. The Foundation started evaluate orders for the higher priced model on 29 February 2012. (Raspberry,FAQ, 2009)4 The AttackThe main attack was the third attack of out of seven days. The foundation was attacked on the good afternoon of the 3rd march, where the site was disrupted for about an hour. The foundation was then again attacked two days later on the 5th march, but nothing happened and the attackers gave up after a few hours, finally on the evening of 7th March 2013, the Raspberry Pi Foundation website was attacked by a nasty Distri buted Denial of Service (DDoS) attack. The legions where hit by a SYN flood, a botnet that contained around 1 million nodes. This caused the website to become very slow, especially the forum pages. The website was also down for a few hours. This attack proved to be the worst out of the three attempts.5 DoS attacksDoS refers to Denial of service attack. A DoS attack is an attack that can make a web resource unavailable to its drug users by flooding the target URL with more requests than the server can handle. That heart that regular traffic on the website will be either slowed down or completely interrupted. (Bull Guard, 2012)5.1 DDoS attacksDDos refers to distributed denial of service attack. A Distributed Denial of Service (DDoS) attack is a DoS attack that comes from more than one source at the same time. A DDoS attack is generated employ thousands can be up to hundreds of thousands of living dead machines. The machines used in such attacks are known as botnets in this attack there were around one million nodes in the botnet. The botnets are commonly infected with malicious software, so they can be remotely controlled by the attacker. Attackers usually create the denial-of-service by either consuming server bandwidth or impairing the server itself. Targets are normally web servers, DNS servers, application servers, routers, firewalls and Internet bandwidth. (Verisign, 2012)Figure 1 DDoS Attack5.2 BotnetsCriminals use bots to infect large numbers of computers. These computers form a network, or a botnet. Criminals use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If a computer becomes part of a botnet, then the computer might slow down and whitethornbe unintentionally be helping criminals. (E-CrimeWales, 2011)5.3 Protocol AttackThe attack used against the raspberry pi foundation was a SYN flood from a botnet. This is called a protocol attack. Protocol attacks include at tacks such as SYN floods, fragmented packet attacks ETC. These types of attacks target server resources, firewalls and load balancers, and is measured in Packets per second.5.4 SYN FloodA SYN flood DDoS attack exploits a weakness in the TCP connection sequence which is known as the three way handshake, SYN requests to start a TCP connection with a host must be answered by a SYN-ACK response from that host, and then support by an ACK (ACKnowledge) response from the requester. In a SYN flood attack, the requester sends multiple SYN requests, but sometimes it doesnt respond to the hosts SYN-ACK response, or sends the SYN requests from a spoofed IP administer. Either way, the host system continues to wait for acknowledgement, binding resources until no new connections can be made, and then resulting in a denial of service attack. (Incapsula, 2012)6 Tools6.1 High orbit ion cannonFigure 2 High Orbit Ion Cannon(Breeden, J, 2012)The High Orbit Ion Cannon is a tool used primarily by anony mous but also used by other hacktivists. The High Orbit Ion Cannon is an upgrade of the Low Orbit Ion Cannon, but it discernms that the High Orbit Ion Cannon is mainly used to just DoS websites instead of servers, which you can do on the Low Orbit Ion Cannon. The High Orbit Ion Cannon is able to use custom scripts to target more than just a websites home page. Instead of visiting the site from a fake user, the High Orbit Ion Cannon targets sub-pages. So the attackers try to visit the welcome page, help pages, article pages and anything else a victim site has to offer. This method prevents some firewalls from recognising that the website is being attacked. even so if they do detect whats happening, they will have trouble shutting down because the software is sending multiple fake users to multiple pages within a domain. (Breeden, J, 2012)The High Orbit Ion Cannon is really not that powerful for single users if they want to attack a big organisation, Anonymous say at least(prenomin al) 50 people need to attack a big organisation in order to take the website down. In this instance a single user could of used this type of tool to bring down the Raspberry Pi Foundation website for a few hours, mainly because the Foundation wouldnt have (or very little) Anti DDoS software to have been able to stop the attack. (Breeden, J, 2012)6.1.1 High Orbit Ion Cannon CapabilitiesHigh-speed multi-threaded HTTP FloodingSimultaneously flood up to multiple websites at onceScripted Boosters to handle DDoS counter measures and increase DoS output.Generating Multiple HTTP Header to create the genuine traffic flow scenario.(Avkash, K, 2012)6.2 Apache KillerFigure 3 Apache Killer(Expert Hacker Home, 2012)Apache killer is a DDOS/DOS tool written in Perl which sends HTTP get requests with multiple byte ranges, these byte rangesoccupya wide variety of portions in the memory lacuna. Byte flap helps browsers or downloading applications to download required parts of files. This helps redu ce bandwidth usage. While the script sends dozens of unsorted components in the request header to cause the apacheserver to malfunction. (Rafayhackingarticles, 2012)If the attack is successful the results can be devastating and can end up in rendering the original operating system unusable only if the requests are displace parallel. (Hoffman, S, 2011).7 Defending DDoSThere are a number of ways to defend against DDoS attacksBlack-holing or sinkholing This approach blocks all traffic and diverts it to a black hole, where it is discarded. The downside is that all traffic is discarded good and bad, packet-filtering and rate-limiting measures simply shut everything down, denying access to legitimate users. (ComputerWorld Inc, 2004)Routers and firewalls Routers can be configured to stop simple ping attacks by filtering nonessential protocols and can also stop invalid IP addresses. However, routers are pretty much useless against a more sophisticated spoof attack and application-level att acks using valid IP addresses. Firewalls can shut down a specific flow associated with an attack, but like routers, they cant perform anti-spoofing. (ComputerWorld Inc, 2004)7.1 DDoS Defence SystemFigure 4 DDoS Defence System(Coreo Network Security, 2012)The DDoS Defence System (DDS) prevents DDoS attacks from crippling firewalls, intrusion prevention systems (IPS), switches and targeted web and DNS servers. It stops all types of DDoS attacks and maintains full availability without effecting performance. DDS provides utmost protection for critical IT assets while allowing full access to legitimate users and applications. (Coreo Network Security, 2012)DDS detects and blocks all forms of DDoS attacks, includingApplication layerNetwork layer floodingSpecially crafted exploits ponderingOutbound attacks7.2 DDoS Defence System BenefitsDetects and mitigates both traditional network-layer DDoS attacks and more advanced application-layer attacksProtects your network, allowing legitimate c ommunications to pass without delayprovides automated real-time defence against determine DDoS attack sources8 Example of a DoS attackThe following attack was performed in a virtual environment using DoS and DDoS software. In the example the DoS tool that was used was the Low Orbit Ion Cannon and Windows server 2008.Figure 5 Command PromptAs you can see in figure 5, it shows a simple IPconfig command to show the IP address for the attack.Figure 6 Low Orbit Ion Cannon readyIn Figure 6 you can see that the Low Orbit Ion Cannon is ready to set off. As you can see the Server 2008 IP address has been locked on ready for it to be DoSed. Just underneath the address you can see the speed of the attack, the faster it is the more requests that are sent to the server, underneath that it then shows the method, port, thread and timeout for the attack.Figure 7 Low Orbit Ion Cannon attackingAs from figure 6 you can see all the things are the same and ready to go. After clicking IMMA CHARGIN MA H LAZER you can see the attack is working by looking at the bottom of Figure 7 where it is showing the number of requests being sent. That number was just after around one minute of the server being attacked, so the amount requested would be a lot higher after around five minutes time which would probably be enough time. The purpose of Dosing a server is so that it stops any requests to that server, it sends multiple fake requests to the server stopping anything else being connected to it.8.1 DoSing a websiteFigure 8 Low Orbit Ion Cannon URLThe Low Orbit Ion Cannon can also be used to DoS a website, by simply typing in the website you want to DoS in the URL tab, click lock on and then fire the cannon. The purpose of DoSing a website is by flooding the target URL with more requests than the server can handle causing the website to crash and to be temporarily unavailable.8.1.1 The ResultFigure 9 Result of a successful DoS on a websiteIf a DoS/DDoS attack is successful on a website t hen this is normally what youll see when you try to access the website, the DoS attack has clearly crashed the website and caused it to offline.9 Possible PerpetratorsThe Possible perpetrators could be a number of people or organised crime. Even though there is no evidence from the foundation on who was so-and-so the attack or the location it came.9.1 Threat AgentsThe possible threat agents that could have been behind this attack are as followsEmployeesGovernment agenciesHacktivists companys e.g. AnonymousOrganised criminals9.2 Who are the perpetrators?From conducting the research there is no evidence of who was behind the attack and where that attack had come from. Looking at the possible threat agents its very marvellous that the attack could of come from a government agency or a type of hacktivist group such as anonymous, Lulzsec etc, if the attack came from one of them two types of threat agents the attack could have been a lot more sophisticated and could have caused a lot m ore damage. The Raspberry Pi Foundation quote that the attacker was probably an angry confused kid which is easy to believe considering the attack was attempted multiple times throughout that week, but its possible that the attack may not be linked to the same person, it could also be the same attacker with help from others to make sure the attack was successful or it could have been another attacker. The foundation says that the attack was probably for financial gain but there is no comment of any data being stolen.10 ConclusionThroughout the report it shows how frightening it is that any sorts of hacker or hacktivist group are willing to attack anyone. Its scary to think that even charity websites are vulnerable to attacks. Looking at this attack the foundation is lucky that it wasnt attacked by a bigger threat agent from a hacktivist group which could have caused a lot more damage. The report also shows how easy it is to get your hands on the tools that are commonly used, how ea sy they are to use and how powerful they actually are. The examples of the attacks show how powerful the tools can be, the Low Orbit Ion Cannon sends a high amount of requests to servers and websites in a short space of time.11 ReferencesRaspberry, FAQ. (2009). About Us. usable http//www.raspberrypi.org/about. termination accessed 19/03/2014.E-Crime Wales. (2011). What is e-Crime?. Available http//www.ecrimewales.com/server.php?show=nav.8856. determination accessed 17/03/2014.Breeden, J. (2012). Hackers new firepower adds firepower to DDOS. Available http//gcn.com/Articles/2012/10/24/Hackers-new-super-weapon-adds-firepower-to-DDOS.aspx?Page=2. Last accessed 18/03/2014.Expert, Hacker Home. (2012). Latest Methods of DDoS attacks. Available http//experthackershome.blogspot.co.uk/2012/07/ddos-attacks-in-2012-latest-method-of.html. Last accessed 18/03/2013.E-Crime, Wales. (2011). Botnets Explained. Available http//www.ecrimewales.com/server.php?show=nav.9390. Last accessed 26/03/2014. Coreo Network Security. (2012). How to stop DDoS Attacks. Available http//www.corero.com/en/products_and_services/dds. Last accessed 27/03/2014.ComputerWorld Inc. (2004). How to defend against DDoS attacks. Available http//www.computerworld.com/s/article/94014/How_to_defend_against_DDoS_attacks. Last accessed 27/03/2014.Bull Guard. (2012). What are DoS and DDoS attacks?. Available http//www.bullguard.com/bullguard-security-center/internet-security/internet-threats/what-are-dos-and-ddos-attacks.aspx. Last accessed 20/03/2014.Verisign. (2012). What is a DDoS attacks?. Available http//www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/ddos/ddos-attack/index.xhtml. Last accessed 20/03/2014.Incapsula. (2012). DDoS Attack Types. Available http//www.incapsula.com/ddos/ddos-attacks. Last accessed 20/03/2014.rafayhackingarticles. (2012). Apache Killer. Available http//www.rafayhackingarticles.net/2011/08/zero-day-dos-vulnerability-in-apache.html. Last accessed 23/03/2014.Hoffman, S. (2011). Apache Killer Tool Exploits DoS Flaw. Available http//www.crn.com/news/security/231600200/apache-killer-tool-exploits-dos-flaw.htm. Last accessed 23/03/2014.1

No comments:

Post a Comment