PLXsert issues detailed mitigation rules for itsoknoproblembro DDoS threat
30-page DDoS Threat Advisory analyzes 11 attack signatures, offers free log analysis tool
The multi-tiered itsoknoproblembro DDoS toolkit has been identified in a spate of damaging attacks against the banking, hosting and energy industries. It is considered to be a critical DDoS threat that leverages a unique, two-tier command mode to launch multiple high-bandwidth attack types simultaneously.
Some of these attacks have peaked at 70 Gbps and more than 30 million pps, a magnitude of traffic that typically overwhelms most network infrastructures.
This threat advisory includes:
Details on how the toolkit operates and how it has evolved
Analysis of the toolkit files
Profiles of 11 different attack signatures, with detailed SNORT rules for DDoS mitigation
Detection rules to identify infected web servers (bRobots)
A free log analysis tool (BroLog.py) that can be used to pinpoint which scripts were accessed, by what IP address and for what DDoS targets, to aid sanitization efforts
Register to download the full DDoS threat advisory >>>
Want PLXsert to protect you?
By identifying the sources and associated attributes of individual attacks, the PLXsert team helps organizations like yours adopt best practices and make more informed, proactive decisions about DDoS threats. PLXsert now offers a subscription service that provides current threat intelligence, infrastructure and defense evaluation, as well as post-attack forensics.