Tag: ddos

On DNS and DDoS

The global DNS infrastructure provides the critical function of mapping seeming random sets of numbers in IP addresses (like 1.1.1.1) to a name that an Internet consumer may recognize (like www.myfavoritestore.com).   To scale to a global level, the DNS system was designed as a multi-level reference network that would allow any user on the Internet to query a set of servers that will iteratively find where a specific domain is owned and get the name to IP address mapping from that location.  To accomplish this, it is made up of root servers controlling top level domains such as .com, .gov, and .org, Global Top Level Domains (TLDs) controlling regional domains such as .br, .fr and .uk, authoritative servers controlling specific domains such as myfavoritestore.com and a very large group of recursive resolvers that end user systems connect to.  A query from a user for a domain name would be sent to a recursive resolver and that resolver would work with the root, GTLD and varying levels of authoritative servers to track down the DNS authoritative server responsible for the domain from which it would receive a DNS reply.  This is a very high level and simplified representation of the most common way that DNS is used.

Read more

Not just a one-trick PonyDOS

Reversing the crypto used by the PonyDOS attack bot This blog post is the third installment in our ongoing series of articles exploring the crypto systems commonly found in various DDoS malware families.  In previous articles we covered the reversing of the Armageddon and Khan […]

Read more

Reversing the Wrath of Khan

Analysis of the crypto used by the Trojan.Khan DDoS bot  A recent blog post described our analysis of the crypto algorithm used by the Armageddon DDoS malware.  This article continues our ongoing series on reversing the crypto mechanisms used by contemporary DDoS botnets; our guest […]

Read more

It’s 2012 and Armageddon has arrived

Breaking Armageddon’s latest and greatest crypto reveals some interesting new functionality Armageddon is one of several notable Russian malware families that are designed exclusively for DDoS attacks; it has been on our radar screens for some time now. Its primary competitors within the market of […]

Read more