Facebook, Google, Yahoo — How Hackers Can Use Everyday Sites for Reflection & Amplification Attacks

6
577

Reflection and amplification attacks are used to extend DDoS harm. Recently, I discussed how the most recent unwelcome arrival of HTTP-based reflectors and amplifiers have had a more significant impact than past standard floods and I wondered, what would happen if attackers started using Facebook for link “loading” with fake accounts? The possibilities seemed endless and, according to “A Programmer’s Blog,” somebody has already worked on this and created a 400 MB flood using only Facebook Mobile.

This new Facebook attack is similar to how a Google Doc DDoS attack was launched a few years back when Google Docs were being used to create spreadsheets as a weapon for DDoS. Both of these attack types use a web link or a list of web links or URLs. They also can both put variables on the end of the file, so that if the customer uses a CDN, it can punch through the CDN to the origin server. These attacks can also use a real URL on demand in order to drive up the cost of the CDN.

Another factor to consider that could further this reflector/amplifier attack is that it appears that Yahoo is now loading links via their mail program. From the compose feature, one can now start pasting links into the e-mail and their fetcher/crawler will start loading up the pages for preview. During the testing of this concept, I noticed it was very easy to paste a link, hit return, paste another link, hit return — and Yahoo would go fetch and “preview” the link, resize the images, etc. This could easily be scripted with a browser plugin like Grease Monkey or link with the Facebook “notes” exploit in an effort to amplify damage.

How could a hacker put these attacks in a combination? First, create a Facebook Note with 1,000 URL’s. Then, load up a script to hit that note file via a WordPress Pingback. Next, put the same list in Google Docs to load every hour, and then start referencing the links via Yahoo Mail preview and keep the ping going. It wouldn’t be very difficult to daisy chain the attacks and launch combination attacks from various reflectors to keep hitting various online companies.

Attacks like this could easily be implemented from a public Wi-Fi enabled network (an airport, mall, coffee shop) offering anonymity as a great cover for the attacker. No one would black list all of these online services and many web sites and platforms have stated this is not a bug, so they will not be “fixing” this. With this in consideration, some of the solutions suggested to fix this flaw, really aren’t a fix. One recommendation was to block Facebook’s IP range from their loaders. However, this can be more destructive if you set an image source to be some search function in the victim site. It will cause the remote site to do SQL queries itself for searching, and if the content that should be searched for matches is large, the result is clear.

The difficulty in fighting these kinds of attacks is that often the wrong defense is chosen. DDoS services that require you to pass your data center traffic over to them to “clean” the traffic are expensive (and generally) should only be used for emergencies. Network reflection attacks often require this kind of emergency service. HTTP requests coming from Google or Facebook or WordPress tend to be classified as legitimate traffic, so it becomes very challenging to mitigate this and this makes having on premise protection a necessity.

Hybrid DDoS solutions combine to share attack signaling and stop threats. If you’re interested in learning more about an integrated detection and mitigation solution for DDoS attacks, I invite you to register and download a whitepaper on Radware’s new Attack Mitigation Network.

Like this article? Receive similar articles by subscribing to our blog today!

6 COMMENTS

  1. It’s a wonderful shift when kids start teaching parents.

    The better you understand how a quality security plan works and the equipment that ought
    to go into your small business, the safer your
    home will undoubtedly be. One can get good featured handsets in all top brands of mobile but Samsung mobile phones are very cost effective in the sense that one can get updated feature at very low
    price.

  2. シャネルN級品などを豊富なアイテムを取り揃えており ます,日本スーパーコピーブランド時計レプリカ販売店で,送料無料、手数料無料の商品もあります。
    スーパーコピーブランド格安販売店はこちらへ!品々の激安価格に持ったスーパーコピーブランド 代引きの新作はお客様に提供されます。安心、迅速、確実、お客様の手元にお届け致します。★弊社は9年の豊富な経験と実績を持っております。★一流の素材を選択し、精巧な作り方でまるで本物のようなな製品を造ります。★品質を重視、納期も厳守、お客様第一主義を貫きは当社の方針です。★驚きの低価格で商品をお客様に提供致します!★早速に購入へようこそ! http://www.wtobrand.com/lvc1.html

  3. スーパーコピー時計専売店当店は海外安心と信頼のスーパーコピーブライトリング、代引き店です.正規品と同等品質のシャネル コピー代引き,品質が秀逸,値段が激安!ブライトリングコピー,代引きなどの商品や情報が満載!全商品写真は100%実物撮影です! お客様の満足度は業界No.1です!スーパーコピー時計,時計コピー ,ブランド時計コピー販売(n級品)店舗 ブランド腕時計(ロレックス,ブライトリング,タグホイヤー,オメガ,ガガミラノなど)の最新 情報やイベントを紹介する正規販売店と腕時計コピーの専門サイトです。当店はロレックスやパテックフィリップなどの新品スーパーコピー時計の販売と。
    日本最高級スーパーコピーブランド時計激安通販専門店,高品質時計コピー,2015最新作、国際ブランド腕時計コピー、業界唯一無二.世界一流の高品質ブランドコピー時計,当店はスーパーコピー時計専門店,販売以下世界一流ブランドコピー時計:ロレックスコピー、ウブロコピー、オメガコピー、シャネルコピー…ンプルに見えて目を奪われてしまう独創的なブルガリのラインアップです。1884年ブルガリの創始者ソティリオ?ブルガリが銀細工師の一族としてイタリ アにオープン。ブルガリ?ブルガリシリーズ。古代ローマの円形競技場をモチーフにした時計「アンフィテアトロ」、若い世代向けの腕時計「ソロテンポ」を発 表。2000年には新会社ダニエル?ロード&ジェラルド?ジェンダ オート?オルロジュリー社を設立しました。本物ブランド時計に間違える程のスーパーコピー時計通販!スーパーコピーは業界n級品最高品質に挑戦!ロレックスコピー,パネライコピー,ウブロコピー,オメガコピー,ルイ?ヴィトンコピー,エルメスコピーを初め世界中有名なスーパーコピーブランドを激安で通販しております!HERMES(バッグ、時計) CHANEL(バッグ、時計)LOUIS VUITTON(バッグ、時計) BVLGARI時計Christian Dior(バッグ、小物) COACH(バッグ)GUCCI(バッグ、小物) ROLEX(時計)OMEGA(時計) IWC(時計) http://www.gginza.com/bag/prada/index_4.html

  4. ┻┗┛┗┛%品質保証 満足保障。
    ブランドコピー時計大人気を海外激安通販専門店ロレックス、ブルガリ、フランク ミュラー、シャネル、カルティエ、オメガ、IWC、ルイヴィトン、オーデマ ピゲ、ブライトリング、グッチ、エルメス、パネライ、パテックフィリップ偽物(コピー商品)のブランドの腕時計の販売、通販。 http://www.ooowatch.com/tokei/chanel/index_3.html

LEAVE A REPLY

Please enter your comment!
Please enter your name here