In our increasingly network-reliant age, distributed denial of service attacks can have massive real-world consequences, so defending against -- and perpetrating! -- DDoS attacks are both big businesses. Black Hat USA 2013 has three stellar DDoS-related Briefings lined up, covering the topic from multiple angles.
Commercial DDoS-mitigation technologies range from malformed traffic checks to traffic profiling/rate limiting to CAPTCHA-based authentication, but Tony Miu, Albert Hui, and Wai Leng Lee seem to have poked holes in all of them. In Universal DDoS Mitigation Bypass the trio will reveal how they emulate legitimate traffic characteristics to bypass all current DDoS mitigators, and will release a potent tool that translates all of their ideas into real-world DDoS attacks. They'll wrap by proposing a next-generation mitigation technique that might be effective against their tool's powerful exploits.
Next up, so-called "booter" services allow anyone with a bit of money to DDoS any other person or website off the Internet. These shady enterprises are so mainstream that many accept PayPal. In Spy-Jacking the Booters Brian Krebs and Lance James will take a deep dive into the booters' world, revealing what they've learned about their functioning and exposing both booter proprietors and the customers who use them. They'll also discuss vulnerabilities they've found in many booter websites, as well as lessons we can draw about how booter targets can defend themselves.
Finally, the largest DDoS attack yet climaxed on March 23, 2013, when the anti-spam organization Spamhaus was allegedly barraged with over 300 gigabits per second of traffic that simultaneously targeted Layer 3, 4, and 7. Join Matthew Prince for Lessons from Surviving a 300Gbps Denial of Service Attack, where he will share the story of what happened that day, from his perspective. How did they measure this much traffic? How did they pick apart and mitigate the attacker’s methodologies? How did Spamhaus remain online? Join Prince to see how, and what key vulnerabilities were exposed by the massive DDoS attack that will have repercussions in future, inevitably larger attacks.