Security experts are downplaying the significance of a new denial-of-service (DoS) attack tool. The HTTP Unbearable Load King (HULK) program was developed by a white-hat network security researcher, who shared it on his blog as a proof-of-concept demonstration of how to effortlessly knock over web servers. Nonetheless there is …
Acronyms make me angry, here are a few that make me less angry.
Cannon Utility Network Trauma
Wide Access Network Kaboomer
Force uniformed Collision Kontroller
Penetrate Entry Nodes Internet Server
Doesn't that make it a plain old DoS attack?
Unless bits of that computer are sat round the room linked by long wires...
To be fair on Shteiman, his original blog post calls it a DoS tool. It is everyone else commenting and reporting on it who seems to have forgotten that the second D means "distributed", presumably because DDoS is still such a hot buzzphrase that they felt the need to use it without really thinking it through.
"Barry Shteiman, the developer of the HULK python script..."
Someone tell me I wasn't the only one to have to check I hadn't misread the name (I had...)
Surely all you have to do is start ignoring requests from a specific IP address if there's too many of them?
HAHAHAHAHAHAHAHAHAHA this is absolutely hilarious and about 20 years too late to be anything new! Holy crap why is anyone even reporting on it? All it does is generate random gets... look at it... it's absolutely pathetic and shouldn't have been reported on by anyone.
I just ran this against an Apache installation locally and I can still bring up web pages with cache disabled without any delay. Epic FAIL.
Having read the HULK author's blog a couple of weeks ago, he already stated that it was easy to recognise HULK's attacks because they come in a specific order. He also went on to say that he developed THOR which recognises and nullifies HULK. What research did Prolexic do more-so than just reading the blog about HULK and THOR? Did they even get down to the THOR part? Doesn't sound like it.
My bad, wasn't the author of HULK that wrote / reviewed THOR. That comparison blog is here:
Still, the above blog post is a couple of weeks old...
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...