PLXsert Shares Simple Defense Strategies to Neutralize Attackers
HOLLYWOOD, FL – Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) protection services, today released a threat advisory on the HTTP Unbearable Load King (HULK) denial of service (DoS) script. The script was developed by a network security researcher and shared publicly on his blog. Because of his role, the tool attracted widespread attention – and generated panic – throughout the digital security industry.
Though it was intended as an educational proof-of-concept, it exposed common weaknesses that could be exploited by malicious actors to bring down servers that have not been optimally configured for performance and DDoS resistance.
“What makes HULK dangerous is the fact that a single malicious actor with a single computer could feasibly take down a small, unhardened web server in minutes. We’ve tested the tool internally and it is functional,” said Neal Quinn, chief operating officer at Prolexic.
“Fortunately, this is not a very complex DoS tool,” he added. “We were quickly able to dissect its approach and stop it dead in its tracks. It is fairly simple to stop HULK attacks and neutralize this vulnerability with the proper configuration settings and rules.”
HULK, released May 17, uses randomized header and parameter values to generate a threaded GET flood attack; the randomized requests make it more difficult to distinguish attack threads from legitimate traffic, particularly for automated mitigation solutions. HULK takes advantage of out-of-the-box web server configuration vulnerabilities and spawns 500 threads that collectively stream random GET requests at its website target upon launch, bypassing caching engines to exhaust server resources.
The Prolexic Security Engineering & Response Team (PLXsert) immediately instituted rules to defend against and mitigate HULK attacks and issued a detailed threat advisory to Prolexic customers last week. As a public service, full details of the HULK threat, including recommended mitigation techniques and SNORT rules, are available at www.prolexic.com/threatadvisories.
“There is a lot at stake for businesses online - whether it’s a matter of money, reputation, regulatory compliance or business continuity. No one wants to be down for a second, let alone hours or days,” Quinn noted. “Consequently, any threat can cause panic. While many DDoS threats are very real and severe, in the case of HULK, panic is not necessary. PLXsert is happy to share our practical, effective mitigation method that can be implemented on any WAF or content switch, and transform the HULK back into Dr. Banner.”
Prolexic Threat Advisories
Designed to provide early warnings of new or modified DDoS attack signatures and scripts, recently observed by PLXsert, each threat advisory contains a detailed description of the type of attack, a list of attack signatures, and the specific network infrastructure or application that it targets. In addition, Prolexic’s DDoS mitigation experts also offer insight into the nature of each type of attack, as well as provide specific warnings as to how the attack will affect businesses and enterprises of different sizes and infrastructures. PLXsert also provides threat remediation tips to help subscribers not only recognize the new attack signatures, but also proactively defend against them. The latest threat advisories, including HOIC and Dirt Jumper, are available to the public at www.prolexic.com/threatadvisories.
About the Prolexic Security Engineering & Response Team (PLXsert)
PLXsert monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through data forensics and post attack analysis, PLXsert is able to build a global view of DDoS attacks, which is shared with customers. By identifying the sources and associated attributes of individual attacks, the PLXsert team helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats.
Details of Prolexic’s mitigation activities and insights into the latest tactics, types, targets and origins of global DDoS attacks are provided in quarterly reports published by the company. A complimentary copy of Prolexic's Q1 2012 Global DDoS Attack Report is available at www.prolexic.com/attackreports.
Prolexic is the world’s largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission-critical Internet-facing infrastructures for global enterprises and government agencies within minutes. Ten of the world’s largest banks and the leading companies in e-Commerce, SaaS, payment processing, travel/hospitality, gaming and other at-risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world’s first in-the-cloud DDoS mitigation platform, Prolexic is headquartered in Hollywood, Florida and has scrubbing centers located in the Americas, Europe and Asia. To learn more about how Prolexic can stop DDoS attacks and protect your business, please visit www.prolexic.com, follow us on LinkedIn, Facebook and Google+ or follow @Prolexic on Twitter.