Absent Member.
Absent Member.

Interesting new technique for DDOS attack

Dear All,

Found this new technique for DDOS attack for one of our SOC customers.

DDOS technique

1. Attackers registers the new domain abcd.tk. provides a CNAME mapping for www.abcd.tk to www.target_domain.com

2. They buy a cloud service to do load testing for www.abcd.tk. When load testing starts , all load is send to www.target_domain.com

Some of the use cases that we are using to combat these are:

1. Any HTTP request to www.target_domain.com with host: field NOT equal to www.target_domain.com

2. Any HTTP request with useragent: loadrunner,io

3. Detecting a 10x spike in HTTP requests for the Internet facing sites , using an active list

Have you faced these attacks? Any other suggestions to prevent these type of attacks?

What use cases have you implement to detect DDOS in general?



Labels (1)
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.