HTTP Robot Mitigator Roboo defends against DDoS attacks

The rather disorganized group on online individuals known as Anonymous uses DDoS attacks as their primary weapon to get the attention of corporations, governments, and antipiracy organizations that they believe have infringed on the digital and human rights of citizens. Those attacks may not be as effective as they once were, however, as security researchers find new ways to defend against them.

Yuri Gushin and Alex Behar, both researchers with security firm Radware have now developed a new method of dealing with the flood of internet traffic that can sometimes involve several thousands of botnets targeting a website during a DDoS attack.

ADVERTISEMENT

Whereas many current defense measures work by throttling data rates or blocking connections to get through, they can be ineffective against a major attack. Gushin and Behar have figured out a way to actually degrade the performance of the attack rather than simply attempting to block it while weathering the storm.

“The pair's more sophisticated technique manipulates an attacker's connection in order to make botnet computers work harder,” explains Jacob Aron of New Scientist. “By intentionally ignoring part of the intended connection request they are able to trick the attacker's computer into making a very slow connection to the server as it continues to try to make contact. This lasts for around 5 minutes. When the attacking botnet computer is slowed down in this way it will automatically try to send new connection requests, badly affecting its performance. Eventually the botnet computers making the attack will be forced to give up, depending on the instructions given to them by the botmaster who launched the attack.”

ADVERTISEMENT

Gushin and Behar tested their new defense method late last year as Anonymous launched massive attacks against corporations like MasterCard and PayPal for their refusal to process payments to support WikiLeaks. "We were able to really turn the tide on the attack," says Behar.

Their technique also evaluates incoming traffic, and uses JavaScript and Flash to provide a sort of “security key” that will allow real people to connect with a server while keeping the botnets out. "Unless it's a real browser on the other side with a real human behind it, the bots usually wouldn't render that content," explains Behar.

Of course you can only outsmart a hacker for so long before they find a way to crack new types of defense, but until that happens, potential victims of DDoS attacks now have a tool to defend themselves. Gushin and Behar unveiled their HTTP Robot Mitigator, Roboo, last week at the Black Hat Europe conference, and it is now available as a free download on github.

ADVERTISEMENT

No posts to display