Anonymous DoS attacks thwarted with Aikido hip throw
In early December, researchers from security firm Radware were dispatched to repel attacks against a company being targeted by the Anonymous hacking collective and could only be described as fierce and potentially devastating. With junk traffic hitting peaks of 14 Gbps and coming from botnets, Unix machines with massive amounts …
This topic is closed for new posts.
Koshi Nage, then?
Who had the idea to reference Aikido?
Not that I disapprove.
Who?
Probably some LARPer an overimaginative imagination with NFI what a koshi nage is. Probably likely even an aikidoka.
It's a bad reference.
Don't get me wrong. Aikido has many useful techniques. It's just not a complete system nor do most people train realistically. Many people (Many, *NOT* all) think that aikido is some magic defence. This is not often true because few aikidoka train the way O-Sensei probably learnt and perfected his art. Remember O-Sensei truly *fought*. He could probably take hits to his head and still have a clear enough head to continue on. Remember what else O-Sensei actually trained in.
Remember, you get in a fight, it's rare that you'll escape without taking a hit. And most aikidoka (except them that have the sense to train more realistically) do not train to take hits.
Anyway, with relevance to this article, a koshi nage (of any sort) is a very swift movement in which *you* flip your assailant onto the hard ground. This is will usually terminate an engagement, *instantly*.
It's no way anything like making someone open more and more sockets till they crash from lack of resources.
Which is why I fail to see the analogy, in this article. I know I am nitpicking.
But I know...
Been working on it myself for three years now.
title
Isn't this why UDP has typically been the favorite protocol of DDoS'ers? Don't think they make tarpits for UDP ;) Of course UDP can be filtered out a bit easier, but if you have multiple GB/s of bw available it probably wouldn't matter.
re: "Anonymous DoS attacks thwarted with Aikido hip throw"
To be pedantic, I fail to see how this is even remotely similar to any sort of koshi nage (let alone an aikido one). Have you even seen one?
Maybe they wore those pleated trousers
and shouted 'oos' when they did it?
Clever
Wasn't that clever, giving away (at least some of) the secrets of a successful defense to the Low Orbit Ion Cannon. Now it's developers know what to work on to make it more successful and stable. Fail.
@Clever
If that defense is part of the Roboo tool, it's no secret anyway; Roboo is open-source.
@Robert
>Now it's developers know what to work on to make it more successful and stable. Fail.
Makes very good business sense if you think about it.
show your enemy your defenses, so that his attempts at an attack are channeled
A classic move - reveal a problem with the tool they use means they'll first have to fix that problem, which means you'll know where the next problem will be.
@Robert Heffernan
Have another read...
"...the researchers released (the software in question) this week as an open-source tool for warding off DoS attacks and similar kinds of automated assaults..."
No secrets in open source land!
Good lesson there
The roboo thingy seems to have the added advantage of teaching genuine visitors that they should always have Javascript enabled and use the Flash plugin if they want to use the web. I can't help thinking there is a bigger picture here that doesn't look so great.
Pfff
LOIC is as deft as a sledgehammer and just as elegant.
I'm not surprised to see someone has neutered it....
"Aikido Hip Throw"
not so many hip throws in Aikido.
you're thinking of Judo.
HTTP Flood
This tool is only in defence of HTTP flood. This is different to the majority of DDOS attacks that are used such as SYN Flood and UDP Flood which are higher up the protocol stack. They are both harder to detect too.
The dropping of packets is an interesting one though, that could help slow down some DDOS.
Looks like Anon has been outted
According to some news stories today, Anonymous may no longer be just that. Payback can be Hell.
Cleverer than U?
I imagine this was one of several factors weighed up before releasing the info. And it was likely decided the information would be of less help to crackers than to other defenders.
So...
They just started an arms race with Anon and LOIC developers. I wish them luck.
Probably one word wrong here
"In early December, researchers from security firm Radware were dispatched to repel attacks against a company being targeted by the Anonymous hacking collective and could only be described as fierce and potentially devastating."
Is it the Radware researchers that can only be described as fierce and potentially devastating? What about handsome?
If you're referring to a denial-of-service overload attack on the internet, that seems a bit of an abstract thing to be called "fierce". It's just a lot of data.
Virtual Agility Bun Fight? Handbags at Dawn? Ye Olde Worlde MetaPhysical Crooked Cock Fight*?
I wonder who Anonymous will play cat and mouse with now then, .... for a bit of sport at the Application Delivery Servant and Server Levels.
* Or should that be Post Modern?
Inserting javascript is nothing new
F5 and Citrix (Netscaler) web application firewalls have been dropping JS into HTTP responses in order to determine human+browser or bot for a while. I don't know how reliable it is compared to the work done in this article but it's not new.
Good story though.
This topic is closed for new posts.
