Survive to Amplification
I have been working with the 5 biggest companies in the world. Now my path and PROFESSIONAL carrer took me into Cybersecurity topics with focus in crime and resolving past cases to support local Police in 3 countries and giving a second opinion sort of cases.
It is a tec-compose in the context of DoS/DDoS Distributed Denial of Service, where attacking or executing a pentest the query is pretty small for the server “reflector” weakness (public Memcached) , but false origin IP of victim. The reflector send a big response much biggest than x500 flooding the victim with traffic.
sudo nmap -T4
making invisible something could helps. 60bytes could works as initial pack to a NTP/DNS server just changing the root IP of the victim. Step 2, the server answer with big data amplifying x1000. Efect: victim get thousand packs per 1 of attacking, saturate the band and colapse of the site. Not even CloudFlare can do something about.
Worst enough, the logs are plenty random fake and real taken from random people. Not a way to blame someone, not even a way to search for “who did it”.
Botnets of 10k machines generate arounf 10 Gbps real- DNS port 53 ×50 -100 pretty common. Memcached: 11211 × 51.000 king of chaos.
Resume:
Amplifying is not a DoS, but is like taking a big sound Megahertz x 1000% to say hello a fly burning it by seconds.
