[securityaffairs] How to abuse Facebook feature to conduct powerful DDoS attack

A researcher discovered a flaw in the section “notes” of the social network Facebook that could be exploited by anyone to conduct a powerful DDoS attack.

[infosecurity-magazine] China's Google Equivalent, Sohu, Used For Massive DDoS

Sohu.com, China’s eighth-largest website and currently the 27th most-visited website in the world, was the unwitting originator of a massive distributed denial-of-service (DDoS) attack earlier in the month, which was carried out using traffic hijacking techniques. In all, the application-layer attack consisted of more than 20 million GET requests originating from the browsers of 22,000+ internet users – all turned into unwilling accomplices by the offender.

[net-security] Attackers use reflection techniques for larger DDoS attacks

Akamai announced a new global DDoS attack report, which shows that in Q1, DDoS attackers relied less upon traditional botnet infection in favor of reflection and amplification techniques.

[net-security] Blocking DDoS attacks with a cloud-based solution

DDoS attacks are a very important part of attackers' arsenals and they are evolving all the time. Some of the latest DDoS attacks are really old in essence but are being generated in new ways. The latest craze is the NTP attacks, instead of a few hacked servers sending a mass UDP flood, we have thousands of different servers sending a UDP flood using NTP as the vector. At the end of the day it's still a UDP flood, which has been around since the 90’s. These are what we call the “Big and Dumb attacks". It doesn’t mean they can’t be problematic, if your upstream provider lets 10Gb/Sec of UDP to flood your network. Stopping them is fairly straightforward, given that 99% of websites only require TCP ports 80/443, we leverage our upstream provider's network to do this.

[dwaterson] Method of creating a botnet to carry out a DDoS attack

Creating a botnet to carry out Distributed Denial of Service attacks (DDoS), is simpler than many people realise. Recently, Incapsula reported an attack they uncovered that involved a profile image associated with comments on a webpage in order to get the user’s browser to carry out a DDoS attack on a target site.

[securityaffairs] Ukrainian hacktivists hit NATO websites with DDoS attack

The group of hacktivists Cyber Berkut hit several NATO websites with DDoS attacks while in the Crimea is being a referendum on annexation to Russia.

[scmagazine] Mt. Gox hit by DDoS attacks before massive theft, 150,000 per second

Massive distributed denial-of-service (DDoS) attacks plagued Mt. Gox in early February, not long before the former world's biggest Bitcoinexchange was hit by an alleged separate attack that bankrupted the Tokyo-based company, according to a report.

[net-security] Over 162,000 WordPress sites exploited in DDoS attack

DNS and NTP servers are not the only publicly accessible resources that can be misused to amplify DDoS attacks.

[infosecurity-magazine] Meetup Fighting Prolonged DDoS Attack

Meetup has been up and down a lot over the last few days. It was up when this report was started, but down before it was complete. It is fighting a prolonged DDoS attack, supposedly instigated by a competitor. The company was offered a 'protection' fee of $300, but refused to pay – and the modern day gangsters moved in with their baseball bats.

[cio] Attackers Use NTP Reflection in Huge DDoS Attack

IDG News Service — Attackers abused insecure Network Time Protocol servers to launch what appears to be one of the largest DDoS (distributed denial-of-service) attacks ever, this time against the infrastructure of CloudFlare, a company that operates a global content delivery network.

[fortinet] DDoS Through History

In 1974 a 13-year old boy named David Dennis discovered that he could lock up a PLATO terminal by making an external request when no external device was present. This prompted David, a student at University High school in Champaign Illinois, to write a program that could send the request to multiple PLATO terminals at once. He first launched the program on a nearby university computer lab, forcing 31 frustrated students to restart their PLATO terminals. The Denial of Service attack was born.