open source incidents
DESCRIPTION
A presentation for the Innovation in the Post Heartbleed Era session at the 2014 Cyber Summit by David Hobbs, Director of Security Solutions at Radware.TRANSCRIPT
Open Source Incidents David Hobbs Director of Security Solutions Emergency Response Team [email protected]
September 2014
Radware Confidential September 2014
DDoS is the Most Common Cyber Attack
2
of all cyber attacks in 2013 involved a DDoS attack 28%
Source: 2013 Cyber A1acks Trends, Hackmagedon
The Network Topology and DDoS Attacks
5c Server components that are likely to be a1acked by DDoS A1acks
Bash Exploit
• This still works with the latest bash update • (X='() { (a)=>\' bash -c "echo ls /etc; cat echo") • As does this: • env X="() { :;} ; echo busted" /bin/sh -c "echo stuff”
• The following commands will implement a signature in ‘Report Only’ mode in our DefensePro.
• • dp signatures-protection filter basic-filters user create ERT-bash2-CVE-2014-6271 -p
tcp -c \\x28\\x29\\x20\\x7b -ct "Normalized URL" -ce "Case Sensitive" -dp http • dp signatures-protection filter advanced-filters user create group_ERT-bash2-
CVE-2014-6271 ERT-bash2-CVE-2014-6271 • dp signatures-protection attacks user create 0 -n ERT-bash2-CVE-2014-6271 -f
group_ERT-bash2-CVE-2014-6271 -am 0 • dp update-policies set 1 • • The customer should carefully inspect false positive rates of this signature and only
afterwards to move it to ‘Block and Report’ mode.
Slide 8
Booter DDOS Tools are Cheep
Slide 9
h"p://ragebooter.net/members/plans Can be run from any device anywhere - Can be used to create huge dos floods, and more!