手機廣告網路被用來發動 DDoS 攻擊

這篇文章的起因是因為 CloudFare 發佈了一篇報告,
Mobile Ad Networks as DDoS Vectors: A Case Study (中文的可以看 史無前例!46萬支中國手機發動DDoS洪水攻擊)

這種文章通常加了中國之後腦袋就壞掉了, 我是看到中文標題才跑回去找原文來看的, 果然原文才有有趣的資料

有幾個有趣的點, 我標一下,
The flood was coming from a single country: 99.8% China
攻擊 99.8% 來自中國

During the flood we were able to look at the packet traces and we are confident the attack didn’t involve a TCP packet injection.
確認這次的攻擊不包含 TCP packet injection (就是修改 TCP packet 或是在 TCP packet 內加料)

To recap, we think this had happened:

  • A user was casually browsing the Internet or opened an app on the smartphone.
  • The user was served an iframe with an advertisement.
  • The advertisement content was requested from an ad network.
  • The ad network forwarded the request to the third-party that won the ad auction.
  • Either the third-party website was the “attack page”, or it forwarded the user to an “attack page”.
  • The user was served an attack page containing a malicious JavaScript which launched a flood of XHR requests against CloudFlare servers.

不是 Third-Party 的網頁中標了, 就是被導到中標的網頁.

其實我看到特別標出不是 TCP Packet Injection 那一段就感覺好像在那邊看過.
找了一下網路, 發現還是找自己的 BLOG 最好 (我都忘了這件事情了)
Github 遭受 Baidu JavaScript 的攻擊

簡單的說, 我認為不是 third-party website “attack page” 有問題, 而是被導到 “attack page”
我相信他們己經操作的很純熟了, 只是是在那邊發動攻擊的呢? 這就不得而知了.

如果再搭配前一陣子的新聞, 我相信這群人應該掌握不少 corerouter .
Cisco routers attacked by hackers in four countries

On this day..

Comments

comments

Related Posts

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>