This would allow for more than 1 million possible combinations of user agent string/referrer instances. The script contains over 3,200 unique user agent strings and over 300 unique referrer field strings. Saphyra iDDoS Tool Command Line Interfaceįigure 2. Let’s take a look at this relatively simple script to understand how it operates and why it is hard to defend against.įigure 1. The Saphyra iDDoS tool is a Python script that can be run on virtually any device, including mobile phones. An HTTP GET/POST flood is a volumetric attack that does not use malformed packets, spoofing or reflection techniques. What Is an HTTP Flood Attack?Īn HTTP flood attack is a type of layer 7 application attack that utilizes the standard, valid GET/POST requests used to fetch information, as in typical URL data retrievals, during SSL sessions. Other modifications of this tool are called Sadattack, Thor and Hulk. This tool was responsible for taking down the NASA website earlier this year, according to Yahoo Tech. The tool in question, dubbed the Saphyra iDDoS Priv8 Tool, targets network layer 7 (application) and results in an HTTP flood DDoS attack. With this in mind, we decided to take a look at a newer DDoS tactic. We know, however, that attackers are constantly tweaking their techniques. According to IBM Managed Security Services data, the vast majority of DDoS attacks come in one of two flavors: SYN flood attacks, in which bad actors send multiple SYN requests to a victim’s webserver in an attempt to consume enough resources to render the system unresponsive, and UDP/DNS attacks on network layers 3 (network) and 4 (transport), also known as reflection attacks. Distributed denial-of-service (DDoS) attacks have been all over the news in recent months, with hacktivist groups taking major targets completely offline.