SlideShare a Scribd company logo

Web under pressure: DDoS as a Service

Download as PPTX, PDF
D
Denis Makrushin

Any web project has one important efficiency metric: maximum load. This talk will utilize a nontrivial look at stress testing services: we will see how a harmless instrument can be turned into a DDoS tool.

Technology
1 of 16
WEB UNDER PRESURE DDoS as a Service Denis Makrushin (@difezza) Kaspersky Lab http://defec.ru/
It was like that 2
Nowadays : application layer 3
Piece of the WEB-bot 4
Nowadays: IaaS 5
Nowadays: DNS Amplification Disadvantages: • Short life cycle of infected machines • Support clouds with a lot of instances • Trivial generators of traffic 6
Burst in tomorrow: SaaS 7
DoS, DDoS, stress… 8
Load testing as a Service • Legitimate traffic • The load is not limited by owners of service • Cheap load • Many services do not verify actions • User-owned scenarios • Analysis of a victim for a “heavy" content 9
Proof of Concept: Loadimpact.com 10
Analytics 11
Without registration and SMS: loaddy.ru 12
SaaS Amplification 13
SaaS 4 DDoS • • • • Traffic exchange Whois-services Monitoring services All that "disturbs" the victim 14
If you have conscience 15
Thanks! Any questions? condifesa@gmail.com twitter.com/difezza http://defec.ru/

Recommended

How a Proxy Server Works
How a Proxy Server WorksHow a Proxy Server Works
How a Proxy Server Works
Mer Joyce
 
Proxy server
Proxy serverProxy server
Proxy server
Dlovan Salih
 
Firewall with proxy server.
Firewall with proxy server.Firewall with proxy server.
Firewall with proxy server.
stableproxies
 
Http Proxy Server
Http Proxy ServerHttp Proxy Server
Http Proxy Server
Sourav Roy
 
Reverse proxy
Reverse proxyReverse proxy
Reverse proxy
Proxies Rent
 
Group18_Awesome4some:Proxy server.ppt
Group18_Awesome4some:Proxy server.pptGroup18_Awesome4some:Proxy server.ppt
Group18_Awesome4some:Proxy server.ppt
Anitha Selvan
 
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
Jan Löffler
 
Proxy server
Proxy serverProxy server
Proxy server
Proxies Rent
 

Recommended

How a Proxy Server Works
How a Proxy Server WorksHow a Proxy Server Works
How a Proxy Server Works
Mer Joyce
 
Proxy server
Proxy serverProxy server
Proxy server
Dlovan Salih
 
Firewall with proxy server.
Firewall with proxy server.Firewall with proxy server.
Firewall with proxy server.
stableproxies
 
Http Proxy Server
Http Proxy ServerHttp Proxy Server
Http Proxy Server
Sourav Roy
 
Reverse proxy
Reverse proxyReverse proxy
Reverse proxy
Proxies Rent
 
Group18_Awesome4some:Proxy server.ppt
Group18_Awesome4some:Proxy server.pptGroup18_Awesome4some:Proxy server.ppt
Group18_Awesome4some:Proxy server.ppt
Anitha Selvan
 
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
Jan Löffler
 
Proxy server
Proxy serverProxy server
Proxy server
Proxies Rent
 
Web proxy server
Web proxy serverWeb proxy server
Web proxy server
Vikas Merugu
 
Proxy Server
Proxy ServerProxy Server
Proxy Server
guest095022
 
Web Proxy Server
Web Proxy ServerWeb Proxy Server
Web Proxy Server
Mohit Dhankher
 
Proxy
ProxyProxy
Proxy
Triad Square InfoSec
 
Proxy servers
Proxy serversProxy servers
Proxy servers
Kumar
 
Firewall & Proxy Server
Firewall & Proxy ServerFirewall & Proxy Server
Firewall & Proxy Server
LakshyaArora12
 
Javaee7 jsr356-websocket
Javaee7 jsr356-websocketJavaee7 jsr356-websocket
Javaee7 jsr356-websocket
Jini Lee
 
CloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - WebinarCloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - Webinar
Cloudflare
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012
Cloudflare
 
KILLME NOWITSELF
KILLME NOWITSELFKILLME NOWITSELF
KILLME NOWITSELF
Shehab Imam
 
ZaloPay Merchant Platform on K8S on-premise
ZaloPay Merchant Platform on K8S on-premiseZaloPay Merchant Platform on K8S on-premise
ZaloPay Merchant Platform on K8S on-premise
Chau Thanh
 
Reverse proxy
Reverse proxyReverse proxy
Reverse proxy
tim4911
 
Proxy Presentation
Proxy PresentationProxy Presentation
Proxy Presentation
primeteacher32
 
Proxy Servers
Proxy ServersProxy Servers
Proxy Servers
Sourav Roy
 
Experience lessons from architecture of zalo real time system
Experience lessons from architecture of zalo real time systemExperience lessons from architecture of zalo real time system
Experience lessons from architecture of zalo real time system
Zalo_app
 
zigbee
zigbeezigbee
zigbee
mahamad juber
 
HWIOS Websocket CMS explained
HWIOS Websocket CMS explainedHWIOS Websocket CMS explained
HWIOS Websocket CMS explained
phrearch
 
Advantages of proxy server
Advantages of proxy serverAdvantages of proxy server
Advantages of proxy server
greatbury
 
SOAP vs REST
SOAP vs RESTSOAP vs REST
SOAP vs REST
Mário Almeida
 
NServiceBus introduction
NServiceBus introductionNServiceBus introduction
NServiceBus introduction
Boris Tveritnev
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
Brian A. McHenry
 
Reblaze Web Application Firewall
Reblaze Web Application FirewallReblaze Web Application Firewall
Reblaze Web Application Firewall
Jason Newell
 

More Related Content

What's hot

Proxy servers
Proxy serversProxy servers
Proxy servers
Kumar
 
CloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - WebinarCloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - Webinar
Cloudflare
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012
Cloudflare
 
KILLME NOWITSELF
KILLME NOWITSELFKILLME NOWITSELF
KILLME NOWITSELF
Shehab Imam
 
Reverse proxy
Reverse proxyReverse proxy
Reverse proxy
tim4911
 
Experience lessons from architecture of zalo real time system
Experience lessons from architecture of zalo real time systemExperience lessons from architecture of zalo real time system
Experience lessons from architecture of zalo real time system
Zalo_app
 
NServiceBus introduction
NServiceBus introductionNServiceBus introduction
NServiceBus introduction
Boris Tveritnev
 

What's hot (20)

Web proxy server
Web proxy serverWeb proxy server
Web proxy server
 
Proxy Server
Proxy ServerProxy Server
Proxy Server
 
Web Proxy Server
Web Proxy ServerWeb Proxy Server
Web Proxy Server
 
Proxy
ProxyProxy
Proxy
 
Proxy servers
Proxy serversProxy servers
Proxy servers
 
Firewall & Proxy Server
Firewall & Proxy ServerFirewall & Proxy Server
Firewall & Proxy Server
 
Javaee7 jsr356-websocket
Javaee7 jsr356-websocketJavaee7 jsr356-websocket
Javaee7 jsr356-websocket
 
CloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - WebinarCloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - Webinar
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012
 
KILLME NOWITSELF
KILLME NOWITSELFKILLME NOWITSELF
KILLME NOWITSELF
 
ZaloPay Merchant Platform on K8S on-premise
ZaloPay Merchant Platform on K8S on-premiseZaloPay Merchant Platform on K8S on-premise
ZaloPay Merchant Platform on K8S on-premise
 
Reverse proxy
Reverse proxyReverse proxy
Reverse proxy
 
Proxy Presentation
Proxy PresentationProxy Presentation
Proxy Presentation
 
Proxy Servers
Proxy ServersProxy Servers
Proxy Servers
 
Experience lessons from architecture of zalo real time system
Experience lessons from architecture of zalo real time systemExperience lessons from architecture of zalo real time system
Experience lessons from architecture of zalo real time system
 
zigbee
zigbeezigbee
zigbee
 
HWIOS Websocket CMS explained
HWIOS Websocket CMS explainedHWIOS Websocket CMS explained
HWIOS Websocket CMS explained
 
Advantages of proxy server
Advantages of proxy serverAdvantages of proxy server
Advantages of proxy server
 
SOAP vs REST
SOAP vs RESTSOAP vs REST
SOAP vs REST
 
NServiceBus introduction
NServiceBus introductionNServiceBus introduction
NServiceBus introduction
 

Similar to Web under pressure: DDoS as a Service

Couchbase and Apache Kafka - Bridging the gap between RDBMS and NoSQL
Couchbase and Apache Kafka - Bridging the gap between RDBMS and NoSQLCouchbase and Apache Kafka - Bridging the gap between RDBMS and NoSQL
Couchbase and Apache Kafka - Bridging the gap between RDBMS and NoSQL
DATAVERSITY
 

Similar to Web under pressure: DDoS as a Service (20)

Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
 
Reblaze Web Application Firewall
Reblaze Web Application FirewallReblaze Web Application Firewall
Reblaze Web Application Firewall
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
 
Protect Websites against DDoS attacks with Reblaze
Protect Websites against DDoS attacks with ReblazeProtect Websites against DDoS attacks with Reblaze
Protect Websites against DDoS attacks with Reblaze
 
Monitoring Network Performance in China
Monitoring Network Performance in ChinaMonitoring Network Performance in China
Monitoring Network Performance in China
 
Couchbase and Apache Kafka - Bridging the gap between RDBMS and NoSQL
Couchbase and Apache Kafka - Bridging the gap between RDBMS and NoSQLCouchbase and Apache Kafka - Bridging the gap between RDBMS and NoSQL
Couchbase and Apache Kafka - Bridging the gap between RDBMS and NoSQL
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and Security
 
What You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS Attack
 
Alexei vladishev - Open Source Monitoring With Zabbix
Alexei vladishev - Open Source Monitoring With ZabbixAlexei vladishev - Open Source Monitoring With Zabbix
Alexei vladishev - Open Source Monitoring With Zabbix
 
Implementation Of real testbed of DDOS
Implementation Of real testbed of DDOSImplementation Of real testbed of DDOS
Implementation Of real testbed of DDOS
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
Information Security Systems
Information Security SystemsInformation Security Systems
Information Security Systems
 
Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application Security
 
Ransomware-Recovery-as-a-Service
Ransomware-Recovery-as-a-ServiceRansomware-Recovery-as-a-Service
Ransomware-Recovery-as-a-Service
 
Redis & MongoDB: Stop Big Data Indigestion Before It Starts
Redis & MongoDB: Stop Big Data Indigestion Before It StartsRedis & MongoDB: Stop Big Data Indigestion Before It Starts
Redis & MongoDB: Stop Big Data Indigestion Before It Starts
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Surrogate dependencies (in node js) v1.0
Surrogate dependencies (in node js) v1.0Surrogate dependencies (in node js) v1.0
Surrogate dependencies (in node js) v1.0
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Web under pressure: DDoS as a Service