How much does a DOS/DDOS cost to run?

crazyderk

Hi all,

This might seem like a silly question, I'm studying digital forensics at the moment and lately I have started the Cisco security module.

I was thinking about a denial of service attack and a DDOS as well.
I know to defend against them you need systems that will grow alongside the volume of the attack.

My tutor said last night roughly that you would want a system that can grow more than the attack that is being done to it as eventually the attack will stop as it costs money to run a DOS.

Then today it hit me, how much it cost to run a DOS? or does it even cost money to run one?

ifah

if you know where to look you can rent / subscribe to bot clients which can be used to setup the ddos - rent X bots for a period of X minutes ....

for obvious reasons I won't be disclosing any more than this.

crazyderk

Ah cool, that makes sense.
No not looking for exact info on where to go or what to do was just thinking about the cost and how it would work out.

Would the likes of anonymous use these bots to perform their dos attack?

Capt'n Midnight

you could try and slashdot it ?

zero cost if you could troll that hard

claim they have some copyright material :pac:

GarIT

crazyderk wrote: »

Would the likes of anonymous use these bots to perform their dos attack?

No Anonymous just ask people on twitter to do it for them.

You could always do it for free by writing a virus to silently take over a few computers and use them.

900913

crazyderk wrote: »

Ah cool, that makes sense.
No not looking for exact info on where to go or what to do was just thinking about the cost and how it would work out.

Would the likes of anonymous use these bots to perform their dos attack?

Low Orbit Ion Cannon (LOIC)

Project Chanology and Operation Payback

LOIC was utilized by Project Chanology, a project by the Anonymous group, to attack websites from the Church of Scientology,[7] then by Anonymous itself to successfully attack the Recording Industry Association of America's website in October 2010,[8] and again during Operation Payback in December 2010 to attack the websites of companies and organizations that opposed WikiLeaks

Link: http://en.wikipedia.org/wiki/LOIC



There's an online version of Loic out nw.

LOIC: The Tool Anonymous Is Using to Essentially Turn You Into a Botnet.

Anonymous members are distributing a link that ropes internet users into an illegal DDoS attack against these websites simply by clicking it.
...
The link is a page on the anonymous web hosting site pastehtml. It link loads a web-based version of the program Anonymous has used for years to DDoS websites: Low Orbit Ion Cannon. (LOIC). LOIC rapidly reloads a target website, and if enough users point LOIC at a site at once, it can crash from the traffic.

The result? You're helping Anonymous take down sites. And how did the original LOIC work?

LOIC basically turns your computer's network connection into a firehose of garbage requests, directed towards a target web server. On its own, one computer rarely generates enough TCP, UDP, or HTTP requests at once to overwhelm a web server-garbage requests can easily ignored while legit requests for web pages are responded to as normal.
But when thousands of users run LOIC at once, the wave of requests become overwhelming, often shutting a web server (or one of its connected machines, like a database server) down completely, or preventing legitimate requests from being answered.




Link: http://gizmodo.com/5877719/heres-the-tool-anonymous-is-tricking-the-internet-into-using

Mobile/html Loic: http://pastehtml.com/view/bas7xtwyz.html

infodox

Depends on the attack method. Back in the days, someone used to use the following tricks:

Simple perl script to scrape Pastebin for lists of "DoS Shells", load them, and UDP flood the hell out of targets.
Slowloris attacks using multiple proxies, or slow post attacks using same.
Reflected DoS - flood a bunch of "big servers" (google) with spoofed sender IP. Spoofed sender IP is the target IP. Target gets hozed.
And the traditional CISCO boxnet: scan a range for CISCO routers w/ default pass, and script something to load em up and ping flood the poor bugger on the other end.

I can always dig up sample code if you need it for your project, I should have it *Somewhere* around here.

They were the "poor mans botnet" tricks that used to be used. Low cost to preform (free!) and worked magic.

or, of course, you can use the above mentioned trick - googlecode has the d0z.me source somewhere. Also, I did a brief write up w/ links to attack code on my blog here: http://blog.infodox.co.cc/2012/02/denial-of-service-attacks-layer-7.html

I should cover L4 attacks soonish (TCP/UDP). The trick with DoS was always to identify what you were targetting and go for THAT.

infodox

*update to thread* Since I saw Mike Kemps talk at CampusCon I have been writing a whitepaper "The Poor Mans DDoS: Who needs a botnet?" which covers the "poor mans DDoS" techniques in detail. Should have it done soonish, just have to finish putting it down on paper.

Basically it covers "more efficient DoS", "Abusing skidware", the evil link shortener and "instant botnet: router worms!".

Also, see here for a really good writeup on DDoS stuff by Arbor Networks: http://ddos.arbornetworks.com/2012/02/ddos-tools/