Black Hat USA 2013 - Denying service to DDOS protection services

24:27 1146 views 100% Published 8 years ago

By: Allison Nixon

In this age of cheap and easy DDOS attacks, DDOS protection services promise to go between your server and the Internet to protect you from attackers. Cloud based DDOS protection suffers from several fundamental flaws that will be demonstrated in this talk. This was originally discovered in the process of investigating malicious websites protected by Cloudflare- but the issue also affects a number of other cloud based services including other cloud based anti-DDOS and WAF providers. We have developed a tool -- called No Cloud Allowed -- that will exploit this new cloud security bypass method and unmask a properly configured DDOS protected website. This talk will also discuss other unmasking methods and provide you with an arsenal to audit your cloud based DDOS or WAF protection.

Watch on YouTube

Black Hat USA 2013

Black Hat USA 2013

From 06/02/2014 to 06/02/2019 in Las Vegas, United States