Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [Insert Catchy Intro Here]
- First:
- This is no disrespect to J. I wish he would unblock me so we could have fine afternoon chats about security and our personal life. But, I understand if he doesn't like me cuz I can take down xbox live and he can't.
- Background:
- So @th3j35t3r is a hacker who performs mostly DoS attack from his tool he calls XerXes.
- He still claims the attack is NOT done via a layer 7 DoS attack and does NOT use amplification.
- So, I decided to make disproving this a little project.
- First I noticed Jester was going to be targeting http://www.presidencia.gob.ve/
- He announced this via Twitter. https://twitter.com/th3j35t3r/status/353330504898064384 & http://gyazo.com/bd8c8538963d0b196e72799b7e5a19d2
- So I decided to perform a "surprise adoption" on the website and server to check out some of the logs.
- I also posted the server details on the main page as proof. https://twitter.com/ChannelZeroYT/status/355373699525910528 & http://gyazo.com/4acaf2a090a8f468ef52a25eab135022
- As I was viewing the logs I saw this:
- 190.202.83.24 - - [06/Jul/2013:22:50:34 +0330] "HEAD / HTTP/1.0" 200 4011 "-" "XerXes - Jihad Down. TANGO DOWN
- 190.202.83.24 - - [06/Jul/2013:22:50:34 +0330] "HEAD / HTTP/1.0" 200 4011 "-" "XerXes - Jihad Down. TANGO DOWN
- 190.202.83.24 - - [06/Jul/2013:22:50:34 +0330] "HEAD / HTTP/1.0" 200 4011 "-" "XerXes - Jihad Down. TANGO DOWN
- Well, the logs are from the same time Jester attack the site. Check his tweet http://gyazo.com/bd8c8538963d0b196e72799b7e5a19d2
- The HTTP request sends the info "XerXes" & "Jihad Down"
- Hmm... who do we know who would be that arrogant to put his tools name in the request and who hates Jihad?
- Oh yea.. Jester
- And proof that 190.202.83.24 is the website:
- http://gyazo.com/b443c91fe1c4eb12af4735556fa272d7
- Plus notice how 3 requests were sent at the very same second.
- A Layer 7 DoS attack is not a fast attack.
- So server logs should not have requests sent at that speed. Well unless...
- Jester is using multiple machines or other servers as amplification.
- Conclusion:
- So what have we learned?
- Jester uses a Layer 7 DoS attack to send HTTP requests through an amplification technique.
- All of which he denies.
- Also IP logs reveled that he routes traffic through TOR and other servers such as host.146.ipoe3.subnets.khb.ttkdv.ru
- PS: I'm not just Anon skid who should stay out of your way. If you would like to chat you can always unblock me.
- Or just keep chatting with my sock account. I enjoy that as well.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement