The Mirai botnet was significant in that, unlike most DDoS attacks, it leveraged vulnerable IoT devices rather PCs and servers, It’s especially scary when one considers that by 2020, according to BI Intelligence, there will be 34 billion internet connected devices, and the majority (24 billion) will be IoT devices.
SYN flood. This volumetric attack prevents a server from handling new connection requests by manipulating the standard way TCP connects a client to a server. Normally, in what is known as a three-way handshake, a client connects to a website by sending a SYN (synchronize) packet, the server replies with a SYN-ACK (synchronize-acknowledge) packet, and then waits for an ACK (acknowledge) packet from the client. However, in a SYN flood attack, the attacker intentionally never sends the ACK packet but instead continues to flood the server with more SYN requests. This ties up the server’s resources with “half-open” connections to the point that it cannot respond to new, legitimate connection requests.
Unfortunately, Mirai won’t be the last IoT-powered botnet. An investigation across security teams within Akamai, Cloudflare, Flashpoint, Google, RiskIQ and Team Cymru uncovered a similarly sized botnet, dubbed WireX, consisting of 100,000 compromised Android devices within 100 countries. A series of large DDoS attacks that targeted content providers and content delivery networks prompted the investigation.
More Info: what happens during a ddos attack
SYN flood. This volumetric attack prevents a server from handling new connection requests by manipulating the standard way TCP connects a client to a server. Normally, in what is known as a three-way handshake, a client connects to a website by sending a SYN (synchronize) packet, the server replies with a SYN-ACK (synchronize-acknowledge) packet, and then waits for an ACK (acknowledge) packet from the client. However, in a SYN flood attack, the attacker intentionally never sends the ACK packet but instead continues to flood the server with more SYN requests. This ties up the server’s resources with “half-open” connections to the point that it cannot respond to new, legitimate connection requests.
Unfortunately, Mirai won’t be the last IoT-powered botnet. An investigation across security teams within Akamai, Cloudflare, Flashpoint, Google, RiskIQ and Team Cymru uncovered a similarly sized botnet, dubbed WireX, consisting of 100,000 compromised Android devices within 100 countries. A series of large DDoS attacks that targeted content providers and content delivery networks prompted the investigation.
No comments:
Post a Comment