Simple JavaScript DOS attack theory

Posted:
in General Discussion edited January 2014
Just for the sake of "I told you so". Dedicated to Brad.





Denial of Service theory:



Take a bunch of users and have them overload a server with requests that deny normal access to a resource, just like the MyDoom thing is about to.



If you wanted to do this to a web server you might just post a link on slash dot. :-)



But, let's be a little more creative.





Using JavaScript as a DOS attack



Hack or otherwise compromise a popular web server, perhaps a few popular web servers - we all know this can happen, because those stupid admins aren't using MacOS X.



Write a JavaScript that loads cached images (popular technique for roll overs, so that changes do not take place "on demand"). Load this script on popular pages on your compromised popular web servers.



For good measure, have the JavaScript loop a hundred times or so, each time requesting a random graphic or page name - from the site targeted by the attack.



Press "go"





Voila, thousands of users requesting hundreds of graphics... overloading target site and denying the service.



Real source of attack is pretty much untraceable until you can track down at least one of the "users" taking part. And they are going to be fleeting visitors, who have no clue what you are going on about.



The users can be using any browser supporting JavaScript, and they'll know next to nothing about it.





Hey, but don't trust Big Bollocks, ask your JavaScript mates, or just post a friendly question at slash dot.

Comments

Sign In or Register to comment.