這篇文章的起因是因為 CloudFare 發佈了一篇報告,
Mobile Ad Networks as DDoS Vectors: A Case Study (中文的可以看 史無前例!46萬支中國手機發動DDoS洪水攻擊)
這種文章通常加了中國之後腦袋就壞掉了, 我是看到中文標題才跑回去找原文來看的, 果然原文才有有趣的資料
有幾個有趣的點, 我標一下,
The flood was coming from a single country: 99.8% China
攻擊 99.8% 來自中國
During the flood we were able to look at the packet traces and we are confident the attack didn’t involve a TCP packet injection.
確認這次的攻擊不包含 TCP packet injection (就是修改 TCP packet 或是在 TCP packet 內加料)
To recap, we think this had happened:
- A user was casually browsing the Internet or opened an app on the smartphone.
- The user was served an iframe with an advertisement.
- The advertisement content was requested from an ad network.
- The ad network forwarded the request to the third-party that won the ad auction.
- Either the third-party website was the “attack page”, or it forwarded the user to an “attack page”.
- The user was served an attack page containing a malicious JavaScript which launched a flood of XHR requests against CloudFlare servers.
不是 Third-Party 的網頁中標了, 就是被導到中標的網頁.
其實我看到特別標出不是 TCP Packet Injection 那一段就感覺好像在那邊看過.
找了一下網路, 發現還是找自己的 BLOG 最好 (我都忘了這件事情了)
Github 遭受 Baidu JavaScript 的攻擊
簡單的說, 我認為不是 third-party website “attack page” 有問題, 而是被導到 “attack page”
我相信他們己經操作的很純熟了, 只是是在那邊發動攻擊的呢? 這就不得而知了.
如果再搭配前一陣子的新聞, 我相信這群人應該掌握不少 corerouter .
Cisco routers attacked by hackers in four countries
發佈留言