Re: New DDoS?

[Ryan Russell <ryan () SECURITYFOCUS COM>]

On Tue, 9 Jan 2001, nealk wrote:

> Alternate (New) DDoS model:
>   - Server 'A' directly prevents all clients from accessing server 'B'.

I don't see how this is particularly "distributed".

> Let's say that someone placed a corrupt Flash (SWF) file on a web server.
> All clients that access the web server and that view the Flash file
> (about 90% of all browsers can, so this is a good assumption) will
> have their browsers crash or hang.

I.e. if you can hack the server, then the clients will be susceptible to
client holes.  Yes, absolutely.  I've been waiting for this one for some
time... rather that make an obvious defacement when one breaks into a web
site, leave the site up as-is (at a superficial level), but with a browser
hole embedded in the HTML.

The problems with this being terribly effective is that it will be found
relatively quickly (at least, if it's a popular site) and that there is a
central place to fix it quickly.  Even if the defacement sticks around for
a few days, even non-technical users will pretty quickly learn that when
they visit example.com, their browser crashes.

The attack would have to be subtle (i.e. not crash the browser) and the
site would have to be popular, but not very carefully watched by the
administrators.  In fact, given a powerful enough hole, this is a good way
to build an army of traditional zombies.  Or steal loads of personal info
off of clients.

                                        Ryan