DoS Attack Campaign Against a Country - January 2012 Bypassing CDN


August 20, 2012 02:00 PM

Background

This attack report describes an attack campaign against a country (Israel) and how several sites in this country were attacked simultaneously over a full week. A Pro Palestinian hackers group, the “Nightmare group” and 0xomar, a Saudi hacker member of the Saudi Arabian Anonymous collective, have disclosed credit card information of thousands of Israeli citizens, later leading to retaliation action by Israeli hackers. Prior to the attack, the media reported that few Israeli websites, both in public and private sectors, were about to be attacked.

The Attack Campaign

On Day 1, a cyber attack campaign started against various Israeli websites lasting for several days. The first victims were as announced in the media while another target was attacked as well. The attack was a dynamic HTTP flood (Attack Vector I), in which the URL is changed at each HTTP request packet to bypass any proxy or CDN on the way. It caused serious outage that lasted for several hours. Nevertheless and as explained below, the sites were eventually able to overcome the attack.

On Day 2, more Israeli websites were attacked – one of them was attacked with a UDP flood on port 443 (Attack Vector II) where the attacker sent very large packets.

On Day 3, another massive HTTP flood was launched against an additional Israeli website. This static HTTP flood (Attack Vector III) was different from the first one. On one hand it was simpler as it used the same URL again and again, but about 800 attackers came from a local host proxy which may be a new technique to bypass challenge-based mitigation technologies. The attack peak reached 50K concurrent connection which is 10 times more the sites normal activity.

On Day 4, the victim’s website attacked on Day III was hit again with the same attack vector. Later, it was attacked with a UDP flood on port 80 (Attack Vector V).

Additional Information

For additional information regarding the threat, read the full Attack Report.

Download Now

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center