Prolexic Security Engineering & Response Team (PLXsert) Threat Advisories

New! Itsoknoproblembro DDoS Toolkit Threat Advisory

The multi-tiered itsoknoproblembro DDoS toolkit has been identified in a spate of damaging attacks against the banking, hosting and energy industries. It is considered to be a critical DDoS threat that leverages a unique, two-tier command mode to launch multiple high-bandwidth attack types simultaneously.

This threat advisory includes profiles of 11 different attack signatures, with detailed SNORT rules for DDoS mitigation; detection rules to identify infected web servers (bRobots), and a free log analysis tool (BroLog.py) that can be used to pinpoint which scripts were accessed, by what IP address and for what DDoS targets, to aid sanitization efforts.

Recent Threat Advisories:

• Dirt Jumper Vulnerability Disclosure Report
  The Dirt Jumper family of DDoS Toolkits is considered one of the most popular attack tools on the market today. This vulnerability report exposes key weaknesses in the command and control (C&C) architecture that could neutralize would-be attackers.
• Pandora
  This Russian-origin toolkit offers five DDoS attack modes and appears to be authored by the same individual responsible for the popular and destructive Dirt Jumper family of tools.
• HULK (HTTP Unbearable Load King)
  This script takes advantage of common weaknesses with out-of-the-box web server functionality by launching 500 threads, which each spawn an additional 500 threads at the target web server.
• Booter Shell Scripts
  These sophisticated, easy-to-use DDoS attack scripts make it possible to bring down web servers without vast networks of infected zombie computers.
• High Orbit Ion Cannon (HOIC)
  This stealth DDoS attack tool targets up to 256 URLs simultaneously and randomizes attack signatures.
• Dirt Jumper
  Learn about the dangers of the Dirt Jumper DDoS Toolkit for application layer attacks and download Prolexic’s free Dirt Dozer scanning tool to protect your sites.

Want PLXsert to protect you?

By identifying the sources and associated attributes of individual attacks, the PLXsert team helps organizations like yours adopt best practices and make more informed, proactive decisions about DDoS threats. PLXsert now offers a subscription service that provides current threat intelligence, infrastructure and defense evaluation, as well as post-attack forensics. To learn about other advantages of being a Prolexic subscriber, please contact sales@prolexic.com or call +1 (888) 368 2923.