@ferperoro with this method, usually its a matter of noticing a pattern in traffic within the logs or a lot of traffic from a single source - the same page being visited every X time by the same IP address usually means something is automated, and likely an attack.
So you just want to find a XSS vulnerable site, make a few (or a lot) of these iframes and every user visiting the vulnerable site will help you DDOS some other website? That's crazy! I don't think there are to many high trafficked websites out there any more with XSS vluns, but that would be BAD!
Good point. Remember theoretically speaking if this is distributed enough u could push a lot data concurrently - presumably enough to overwhelm the upstream of a server - 10 or 100 mbps or more, considering that each page probably isnt going to load at precisely the same time, that 'could' be measured in mbps...
If not its like wave after wave of being overwhelmed.
if you visit youtube 2000 times in 1 sec or less,yes you will be in trouble.They will see the request of the page came from the same ip and they can trace you
This has been flagged as spam show
so were you trying to tell us that we should dos that website?
w4rr3np34c3 5 days ago
great lesson!! thx so much!!
MrTifihoho 5 months ago
Hou could you know If that is traffic generated by a common users or someone trying to make a DOS attack?
ferperoro 7 months ago
@ferperoro with this method, usually its a matter of noticing a pattern in traffic within the logs or a lot of traffic from a single source - the same page being visited every X time by the same IP address usually means something is automated, and likely an attack.
systemerror11 7 months ago
So you just want to find a XSS vulnerable site, make a few (or a lot) of these iframes and every user visiting the vulnerable site will help you DDOS some other website? That's crazy! I don't think there are to many high trafficked websites out there any more with XSS vluns, but that would be BAD!
xKargatx 8 months ago
The only time I find this to be a practical attack is when the victim gets charged extra by the host for using too much bandwidth.
catapaultpenguin 8 months ago
Good point. Remember theoretically speaking if this is distributed enough u could push a lot data concurrently - presumably enough to overwhelm the upstream of a server - 10 or 100 mbps or more, considering that each page probably isnt going to load at precisely the same time, that 'could' be measured in mbps...
If not its like wave after wave of being overwhelmed.
systemerror11 8 months ago
ahaha time to mess with my schools website XD
The009975 8 months ago
@The009975 play nice!
systemerror11 8 months ago
wait so if i visit youtube lets say 2000 times i'll get in trouble? :O
12169413 8 months ago
@12169413
if you visit youtube 2000 times in 1 sec or less,yes you will be in trouble.They will see the request of the page came from the same ip and they can trace you
cobtheend 8 months ago
@12169413 no, youtube doesn't have a bandwidth limitation.
if your isp catches you doing this, you could get put on a watch list
bmw2go11 8 months ago
@bmw2go11 Just wanted to point out that youtube DOES have bandwidth limitation, it just happens to be astronomical.
systemerror11 8 months ago
@12169413 If its done in a short period of time, yes, it could be considered a DDOS attack, which is punishable in the USA and UK with jail time.
If you think going to jail for the equivalent of hitting the F5 key a bunch of times is silly, I suggest you contact your representatives about it.
systemerror11 8 months ago
nice post easy yet effective
killco555 8 months ago