![]() ![]() Technical Analysis List of User Agent used by HULK 'Mozilla/5.0 (X11 U Linux x86_64 en-US rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3' It worth to mention that HULK attack demands many resources for client side as well, therefore a single node will not be able to run high attack rates. When the servers’ limits of concurrent connections are reached, the server can no longer respond to legitimate requests from other users. Unique Transformation of URL – to eliminate caching and other optimization tools, crafting custom parameter names and values and they are randomized and attached to each request, rendering it to be unique, enable the request to bypass many CDN systems.no-cache – this is a given, but by asking the HTTP server for no-cache, a server that is not behind a dedicated caching service will present a unique page.Stickiness – using some standard HTTP command to try and ask the server to maintain open connections by using Keep-Alive with variable time window.Reference Forgery – the referrer that points at the request is obfuscated and points into either the host itself or some major prelisted websites.Obfuscation of Source Client – this is done by using a list of known User Agents, and for every request that is constructed, the User Agent is a random value out of the known list.The principle behind the HULK flood is that a unique pattern is generated at each and every request, with the intention of increasing the load on the servers as well as evading any intrusion detection and prevention systems. ![]() ![]() HULK flood differs from most available DDoS attack tools which produced predictable repeated patterns that could easily be mitigated. HULK flood, is a DDoS attack named by its creators “HTTP Unbearable Load King” is similar to an HTTP flood and is designed to overwhelm web servers’ resources by continuously requesting single or multiple URL’s from many source attacking machines. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |