Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

How much does a DOS/DDOS cost to run?

  • 03-02-2012 9:58am
    #1
    Registered Users, Registered Users 2 Posts: 1,059 ✭✭✭


    Hi all,

    This might seem like a silly question, I'm studying digital forensics at the moment and lately I have started the Cisco security module.

    I was thinking about a denial of service attack and a DDOS as well.
    I know to defend against them you need systems that will grow alongside the volume of the attack.

    My tutor said last night roughly that you would want a system that can grow more than the attack that is being done to it as eventually the attack will stop as it costs money to run a DOS.

    Then today it hit me, how much it cost to run a DOS? or does it even cost money to run one?


Comments

  • Registered Users, Registered Users 2 Posts: 576 ✭✭✭ifah


    if you know where to look you can rent / subscribe to bot clients which can be used to setup the ddos - rent X bots for a period of X minutes ....

    for obvious reasons I won't be disclosing any more than this.


  • Registered Users, Registered Users 2 Posts: 1,059 ✭✭✭crazyderk


    Ah cool, that makes sense.
    No not looking for exact info on where to go or what to do was just thinking about the cost and how it would work out.

    Would the likes of anonymous use these bots to perform their dos attack?


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,581 Mod ✭✭✭✭Capt'n Midnight


    you could try and slashdot it ?

    zero cost if you could troll that hard

    claim they have some copyright material :pac:


  • Registered Users, Registered Users 2 Posts: 8,671 ✭✭✭GarIT


    crazyderk wrote: »
    Would the likes of anonymous use these bots to perform their dos attack?

    No Anonymous just ask people on twitter to do it for them.

    You could always do it for free by writing a virus to silently take over a few computers and use them.


  • Registered Users, Registered Users 2 Posts: 367 ✭✭900913


    crazyderk wrote: »
    Ah cool, that makes sense.
    No not looking for exact info on where to go or what to do was just thinking about the cost and how it would work out.

    Would the likes of anonymous use these bots to perform their dos attack?



    Low Orbit Ion Cannon
    (LOIC)

    Project Chanology and Operation Payback

    LOIC was utilized by Project Chanology, a project by the Anonymous group, to attack websites from the Church of Scientology,[7] then by Anonymous itself to successfully attack the Recording Industry Association of America's website in October 2010,[8] and again during Operation Payback in December 2010 to attack the websites of companies and organizations that opposed WikiLeaks

    Link: http://en.wikipedia.org/wiki/LOIC



    There's an online version of Loic out nw.

    LOIC: The Tool Anonymous Is Using to Essentially Turn You Into a Botnet.
    Anonymous members are distributing a link that ropes internet users into an illegal DDoS attack against these websites simply by clicking it.
    ...
    The link is a page on the anonymous web hosting site pastehtml. It link loads a web-based version of the program Anonymous has used for years to DDoS websites: Low Orbit Ion Cannon. (LOIC). LOIC rapidly reloads a target website, and if enough users point LOIC at a site at once, it can crash from the traffic.
    The result? You're helping Anonymous take down sites. And how did the original LOIC work?
    LOIC basically turns your computer's network connection into a firehose of garbage requests, directed towards a target web server. On its own, one computer rarely generates enough TCP, UDP, or HTTP requests at once to overwhelm a web server-garbage requests can easily ignored while legit requests for web pages are responded to as normal.
    But when thousands of users run LOIC at once, the wave of requests become overwhelming, often shutting a web server (or one of its connected machines, like a database server) down completely, or preventing legitimate requests from being answered.




    Link: http://gizmodo.com/5877719/heres-the-tool-anonymous-is-tricking-the-internet-into-using

    Mobile/html Loic: http://pastehtml.com/view/bas7xtwyz.html


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    Depends on the attack method. Back in the days, someone used to use the following tricks:

    Simple perl script to scrape Pastebin for lists of "DoS Shells", load them, and UDP flood the hell out of targets.
    Slowloris attacks using multiple proxies, or slow post attacks using same.
    Reflected DoS - flood a bunch of "big servers" (google) with spoofed sender IP. Spoofed sender IP is the target IP. Target gets hozed.
    And the traditional CISCO boxnet: scan a range for CISCO routers w/ default pass, and script something to load em up and ping flood the poor bugger on the other end.

    I can always dig up sample code if you need it for your project, I should have it *Somewhere* around here.

    They were the "poor mans botnet" tricks that used to be used. Low cost to preform (free!) and worked magic.

    or, of course, you can use the above mentioned trick - googlecode has the d0z.me source somewhere. Also, I did a brief write up w/ links to attack code on my blog here: http://blog.infodox.co.cc/2012/02/denial-of-service-attacks-layer-7.html

    I should cover L4 attacks soonish (TCP/UDP). The trick with DoS was always to identify what you were targetting and go for THAT.


  • Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    *update to thread* Since I saw Mike Kemps talk at CampusCon I have been writing a whitepaper "The Poor Mans DDoS: Who needs a botnet?" which covers the "poor mans DDoS" techniques in detail. Should have it done soonish, just have to finish putting it down on paper.

    Basically it covers "more efficient DoS", "Abusing skidware", the evil link shortener and "instant botnet: router worms!".

    Also, see here for a really good writeup on DDoS stuff by Arbor Networks: http://ddos.arbornetworks.com/2012/02/ddos-tools/


Advertisement