DDoS Blog

How To Stress Test Your Website? Invite the Pope to Visit !

Two of our long time customers that are responsible for 911memorial.org, Radha Nagaraja, Dir. Software Development and Marc Cima, CTO contacted us about 10 days ago to inform us that they would be having a major event on September 25th that may stress the website and wanted to know what we could do [...]

Sep 26th 2015

More

How Visual Basic Broke Modern Python Welcome to the World of High Orbit Ion Cannon

In 2012, Anonymous introduced HOIC (high orbit ion cannon) as a replacement to LOIC (low orbit ion cannon). Unlike its predecessors, that were built upon C, and later java. This new DDoS player was built upon the unsuspecting language of Visual Basic. Taught in high school classrooms, Visual Basic [...]

May 27th 2015

More

Invalid TCP Flags Attacks Gaming the System

Figure 1: The TCP connection cycle.Packets with malicious intent encompass a diverse ecosystem of TCP behaviors. However network layer attacks that seek to be the most powerful are the ones that work within the expected connection cycle (see above: figure 1). For example one could launch a flood o[...]

Apr 30th 2015

More

How to use a CDN properly and make your website faster

It's one of the biggest mysteries to me I have seen in my 15+ years of Internet hosting and cloud based services. The mystery is, why do people use a Content Delivery Network for their website yet never fully optimize their site to take advantage of the speed and volume capabilities of the CDN. Just[...]

Apr 27th 2015

More

Freak Attack Vulnerability CVE-2015-0204

We have a had a number of enquiries today about the Freak Attack Vulnerability.First off, if you are customer using our service your data is not vulnerable to this attack as we have disabled support for these, lower grade encryption protocols in October 2014. Our service will not accept RSA_EXPORT c[...]

Mar 4th 2015

More

Oh Oh Oh, Tis the season for DDoS attacks

It’s that time of the year where some websites become extremely high valued targets. It happens every year around this time, this year has proven to be no exception. We have seen in the past where some online merchants were completely devastated by DDoS attacks that can sometimes force them out of[...]

Nov 27th 2014

More

Understanding POODLE SSL v3 Vulnerability

SSL is in the news again with another vulnerability.What Is and how does POODLE work?POODLE stands for Padding Oracle On Downgraded Legacy Encryption. How the newly announced POODLE attack works is by interfering with the protocol negotiation. An attacker can force your encryption to downgrade to a [...]

Oct 15th 2014

More

Bash Vulnerability AKA Shellshock

September 24th 2014 marked the announcement of a remote code execution vulnerability(CVE-2014-6271) for the Linux Bourne-Again SHell (BASH). Since vulnerability announcements are a daily occurrence, how much should you be concerned?The answer is very.There are three factors you need to consider:How [...]

Sep 24th 2014

More

Are your servers secure from hackers

As the Reuters headline read this week“Hackers break into server for Obamacare website”It was about hackers who uploaded malicious code onto a development server, which is part of ObamaCare. The code installed on the government website was said to be part of a larger operation and used primarily[...]

Sep 4th 2014

More

Top Ten Hosting/ISP’s with servers infected by Brobot

Since our run-in with Brobot a couple of weeks ago (See blog piece). We have had some requests to see if we had a list of what IPs are being used by Brobot. We do have a list of the offending IPs and its in the thousands, no surprise given its total power and to operate within TCP port 80 parameters[...]

Jul 10th 2014

More

DDoS Blog

DDoS Article Categories