Mobile Ad Networks as DDoS Vectors: A Case Study

CloudFlare servers are constantly being targeted by DDoS'es. We see everything from attempted DNS reflection attacks to L7 HTTP floods involving large botnets.

Recently an unusual flood caught our attention. A site reliability engineer on call noticed a large number of HTTP requests being issued against one of our customers.

The request

Here is one of the requests:

POST /js/404.js HTTP/1.1  
Host: www.victim.com  
Connection: keep-alive  
Content-Length: 426  
Origin: http://attacksite.com  
User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.4; zh-cn; MI 4LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/42.0.0.0 Mobile Safari/537.36 XiaoMi/MiuiBrowser/2.1.1  
Content-Type: application/x-www-form-urlencoded  
Accept: */*  
Referer: http://attacksite.com/html/part/86.html  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,en-US;q=0.8

id=datadatadasssssssssssssssssssssssssssssssssssssssssssassssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssadatadata

We received millions of similar requests, clearly suggesting a flood. Let's take a deeper look at this request.

First, let's note that the headers look legitimate. We often see floods issued by Python or Ruby scripts, with weird Accept-Language or User-Agent headers. But this one doesn't look like it. This request is a proper request issued by a real browser.

Next, notice the request is a POST and contains an Origin header — it was issued by an Ajax (XHR) cross Continue reading

PlexxiPulse—The Key to Hyperconverged Success

Earlier this week, my colleague Bob Noel wrote a blog post on converged networking. As industry buzz surrounding hyperconvergance gets louder and louder, it is important to take into account the network that underpins these hyperconverged systems of tomorrow. Here at Plexxi we know that the network has to be more dynamic, innovative and agile to deliver on the promise of hyperconverged infrastructure and we’re thrilled to be a part of the conversation and the solution. Take a look at Bob’s blog post to learn more about our converged networks and why the network is so important for successful converged deployments.

Below please find a few of our top picks for our favorite news articles of the week. Enjoy!

CBR: What does hyper-converged infrastructure mean for the future of enterprise application delivery?
By Gary Newe
Hyper-convergence is an extension of a converged infrastructure, where compute, server, storage, networking resources and software are pooled together on commodity hardware. They are usually systems from separate companies but designed to work very well together. The benefits of this include massively simplified management, which makes things faster, more agile and more efficient. It’s one of the foundations of virtualisation, but hyper-convergence allows for even Continue reading

Researchers tout technology to make electronics out of old tires

Researchers are working with a process that turns old tires – and there are some 300,000 tossed yearly – into electrodes for supercapacitors that would be used on the grid or in cars and other electronics applications.+More on Network World: Real Jobs for Real Robots+ The technology developed at the Department of Energy’s Oak Ridge National Laboratory and Drexel University produces carbon composite papers through a process described like this: “the researchers soaked crumbs of irregularly shaped tire rubber in concentrated sulfuric acid. They then washed the rubber and put it into a tubular furnace under a flowing nitrogen gas atmosphere. They gradually increased the temperature from 400 degrees Celsius to 1,100 degrees. After several additional steps, including mixing the material with potassium hydroxide and additional baking and washing with deionized water and oven drying, researchers have a material they could mix with polyaniline, an electrically conductive polymer, until they have a finished product.”To read this article in full or to leave a comment, please click here

Researchers tout technology to make electronics out of old tires

Researchers are working with a process that turns old tires – and there are some 300,000 tossed yearly – into electrodes for supercapacitors that would be used on the grid or in cars and other electronics applications.+More on Network World: Real Jobs for Real Robots+ The technology developed at the Department of Energy’s Oak Ridge National Laboratory and Drexel University produces carbon composite papers through a process described like this: “the researchers soaked crumbs of irregularly shaped tire rubber in concentrated sulfuric acid. They then washed the rubber and put it into a tubular furnace under a flowing nitrogen gas atmosphere. They gradually increased the temperature from 400 degrees Celsius to 1,100 degrees. After several additional steps, including mixing the material with potassium hydroxide and additional baking and washing with deionized water and oven drying, researchers have a material they could mix with polyaniline, an electrically conductive polymer, until they have a finished product.”To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For September 25th, 2015

Hey, it's HighScalability time:


 How long would you have lasted? Loved The Martian. Can't wait for the game, movie, and little potato action figures. Me, I would have died on the first level.

  • 60 miles: new record distance for quantum teleportation; 160: size of minimum viable Mars colony; $3 trillion: assets managed by hedge funds; 5.6 million: fingerprints stolen in cyber attack; 400 million: Instagram monthly active users; 27%: increase in conversion rate from mobile pages that are 1 second faster; 12BN: daily Telegram messages; 1800 B.C: oldest beer recipe; 800: meetings booked per day at Facebook; 65: # of neurons it takes to walk with 6 legs

  • Quotable Quotes:
    • @bigdata: assembling billions of pieces of evidence: Not even the people who write algorithms really know how they work
    • @zarawesome: "This is the most baller power move a billionaire will pull in this country until Richard Branson finally explodes the moon."
    • @mtnygard: An individual microservice fits in your head, but the interrelationships among them exceeds any human's ability. Automate your awareness.
    • Ben Thompson~ The mistake that lots of BuzzFeed imitators have made is to imitate Continue reading

Cookie handling in browsers can break HTTPS security

Cookies, the files that websites create in browsers to remember logged-in users and track other information about them, could be abused by attackers to extract sensitive information from encrypted HTTPS connections.The issue stems from the fact that the HTTP State Management standard, or RFC 6265, which defines how cookies should be created and handled, does not specify any mechanism for isolating them or checking their integrity.As such, Web browsers don't always authenticate the domains that set cookies. That allows malicious attackers to inject cookies via plain HTTP connections that would later be transmitted for HTTPS connections instead of those set by the HTTPS sites themselves, the CERT Coordination Center (CERT/CC) at Carnegie Mellon University said in an advisory Thursday.To read this article in full or to leave a comment, please click here

How Encryption of Network Traffic Works?

How does Internet work - We know what is networking

I recently started studying again, this time as an attempt of deep-diving into some security concepts for one of my PhD courses. It’s interesting how, as much as you try to escape from it, mathematics will sooner or later catch you somewhere and you will need to learn a bit more of it. At least that happened to me… In this process I realised that if you go beyond simple security theory and network device configuration all other stuff is pure mathematics. The reason behind my unplanned course in mathematics is explained through the rest of this text. It will

How Encryption of Network Traffic Works?

QOTW: Genius

“Genius is long patience,” but it must be organized and intelligent patience. One does not need extraordinary gifts to carry some work through; average superiority suffices; the rest depends on energy and wise application of energy. It is as with a conscientious workman, careful and steady…
Sertillanges, The Intellectual Life

LinkedInTwitterGoogle+FacebookPinterest

The post QOTW: Genius appeared first on 'net work.

10 cutting-edge security threats

New tech, new bugs, new headachesWhen you think of security vulnerabilities, the first thing that likely comes to your mind are flaws in Windows or apps like Adobe Reader that let hackers wreak havoc on your PC. But computers are everywhere these days, and with more computers come more security headaches.Join us as we look at ten hacks and vulnerabilities that take threats to the next level. Somehow, things have gotten even crazier since our last look at shocking security exploits.To read this article in full or to leave a comment, please click here

Cumulus Linux Base Technologies

Dinesh Dutt started his part of the Data Center Fabrics Update webinar with “what is Cumulus Linux all about” and “what data center architectures does it support” and then quickly jumped into details about the base technologies used by Cumulus Linux: MLAG and IP routing.

Not surprisingly, the MLAG part generated tons of questions, and Dinesh answered all of them, even when he had to say “we don’t do that”.

Watch the video

Embedded packet capture and interface ACLs and Zone Based Firewall

Cisco IOS Embedded packet capture is a great tool for trouble shooting. Very similar to the ASA capture command.

It could be better, as it won't parse the packets as good as tpcdump, but it is way better than nothing.

However I couldn't figure out what the order of operation, with regards to ACLs and ZBF.

So I labbed it up, with IOU 15.4, and here are the results:

  • For incoming ACL, packets are captured before ACL is evaluated
  • For incoming ZBF policy, packets are captured before the policy is checked.

So it looks like the embedded packet capture is placed at the right place, right before incoming ACL/ZBF check. However more testing needed to be done: NAT, outgoing ACL/ZBF, IPS drops,  encryption, sanity checks

I wish Cisco would have published an official and full "order of operation". Here is the best I have found so far.

FYI....

MikroTik CCR1072-1G-8S+ Review – update on Part 3 – Throughput

[adrotate banner=”4″]

Breaking the 80 Gbps barrier!!!

799px-Bell_X-1_46-062_(in_flight)

The long wait for real-world 1072 performance numbers is almost over – the last two VMWARE server chassis we needed to push the full 80 Gpbs arrived in the StubArea51 lab today. Thanks to everyone who wrote in and commented on the first two reviews we did on the CCR-1072-1G-8S+.  We initially began work on performance testing throughput for the CCR1072 in late July of this year, but had to order a lot of parts to get enough 10 Gig PCIe cards, SFP+ modules and fiber to be able to push 80 Gbps of traffic through this router.

Challenges

There have been a number of things that we have had to work through to get to 80 Gbps but we are very close. This will be detailed in the full review we plan to release next week but here are a few.

  • VMWARE ESXi – LACP Hashing – Initially we built LACP channels between the ESXi hosts and the 1072 expecting to load the links by using multiple source and destination IPs but we ran into issues with traffic getting stuck on one side of the LACP channel and had to move to Continue reading

MikroTik CCR1072-1G-8S+ Review – update on Part 3 – Throughput

[adrotate banner=”4″]

Breaking the 80 Gbps barrier!!!

799px-Bell_X-1_46-062_(in_flight)

The long wait for real-world 1072 performance numbers is almost over – the last two VMWARE server chassis we needed to push the full 80 Gpbs arrived in the StubArea51 lab today. Thanks to everyone who wrote in and commented on the first two reviews we did on the CCR-1072-1G-8S+.  We initially began work on performance testing throughput for the CCR1072 in late July of this year, but had to order a lot of parts to get enough 10 Gig PCIe cards, SFP+ modules and fiber to be able to push 80 Gbps of traffic through this router.

Challenges

There have been a number of things that we have had to work through to get to 80 Gbps but we are very close. This will be detailed in the full review we plan to release next week but here are a few.

  • VMWARE ESXi – LACP Hashing – Initially we built LACP channels between the ESXi hosts and the 1072 expecting to load the links by using multiple source and destination IPs but we ran into issues with traffic getting stuck on one side of the LACP channel and had to move to Continue reading
1 3,311 3,312 3,313 3,314 3,315 3,845