Open Source Incidents David Hobbs Director of Security Solutions Emergency Response Team DavidH@Radware.com

September 2014

Radware Confidential September 2014

DDoS is the Most Common Cyber Attack

2

of all cyber attacks in 2013 involved a DDoS attack 28%

Source:  2013  Cyber  A1acks  Trends,  Hackmagedon  

2013 Attack Motivation - ERT Survey

Slide 3 Radware Confidential Jan 2012

DDoS Ring of Fire

4

The Network Topology and DDoS Attacks

5c Server  components  that  are  likely  to  be  a1acked  by  DDoS  A1acks  

What are we talking about?

6

ShellShock Demo

Slide 7

Bash Exploit

•  This still works with the latest bash update •  (X='() { (a)=>\' bash -c "echo ls /etc; cat echo") •  As does this: •  env X="() { :;} ; echo busted" /bin/sh -c "echo stuff”

•  The following commands will implement a signature in ‘Report Only’ mode in our DefensePro.

•  •  dp signatures-protection filter basic-filters user create ERT-bash2-CVE-2014-6271 -p

tcp -c \\x28\\x29\\x20\\x7b -ct "Normalized URL" -ce "Case Sensitive" -dp http •  dp signatures-protection filter advanced-filters user create group_ERT-bash2-

CVE-2014-6271 ERT-bash2-CVE-2014-6271 •  dp signatures-protection attacks user create 0 -n ERT-bash2-CVE-2014-6271 -f

group_ERT-bash2-CVE-2014-6271 -am 0 •  dp update-policies set 1 •  •  The customer should carefully inspect false positive rates of this signature and only

afterwards to move it to ‘Block and Report’ mode.

Slide 8

Booter DDOS Tools are Cheep

Slide 9

h"p://ragebooter.net/members/plans Can be run from any device anywhere - Can be used to create huge dos floods, and more!

Thank You www.radware.com

Radware Confidential Jan 2012