Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics

Pellegrino, Giancarlo and Rossow, Christian and Ryba, Fabrice J. and Schmidt, Thomas C. and Wählisch, Matthias
(2015) Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics.
In: 9th USENIX Workshop on Offensive Technologies (WOOT 15).

[img]
Preview
 Text
woot15.pdf
Download (576kB) | Preview

Abstract

The Great Cannon DDoS attack has shown that HTML/JavaScript can be used to launch HTTP-based DoS attacks. In this paper, we identify options that could allow the implementation of the general idea of browser-based DDoS botnets and review ways how attackers can acquire bots (e.g., typosquatting and malicious ads). We then assess the DoS impact of browser features and show that at least three JavaScript-based techniques can orchestrate clients to send thousands of HTTP requests per second. Seeing the vats potential, we evaluate the economics of browser-based botnets and show that their cost are about as high as traditional DDoS botnets—while giving far less flexibility in terms of attack features and control over the bots. Finally, we discuss victim- and browser-side countermeasures.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Additional Information: pub_id: 1024 Bibtex: 191940 URL date: None
Uncontrolled Keywords: botnets,DDoS,web security
Divisions: Christian Rossow (System Security Group, SysSec)
Depositing User: Sebastian Weisgerber
Date Deposited: 26 Jul 2017 10:28
Last Modified: 18 Jul 2019 12:10
Primary Research Area: NRA3: Threat Detection and Defenses
URI: https://publications.cispa.saarland/id/eprint/206

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.