Iframe DDOS bandwidth attack explained

1,273

Sign in or sign up now!

Uploaded by systemerror11 on Jun 29, 2011

I thought that this old (march of 2007) video I did may be relevant in a way to explain how DDOS attacks work and show an old method of attack that robs websites of their bandwidth using "legitimate" web traffic.
Obviously, this is for educational purposes only, and you should not attempt this.
You will note that I didnt distribute the attack method described in this video thus limiting its effectiveness, nor did I attack a site. I used a site I owned and carefully watched the results to ensure that there were no detrimental effects. I also did not take several steps that would normally be used in an attack of this nature to conceal the identity and/or location of the attack, nor did I mention them in the video.
That's right. I covered my butt.

Before anyone asks:
1. Yes, you can anonymize yourself using proxies and other methods doing this.
2. Yes, I know that many sites and forums do not allow html code in them. Many did when this was made. Its old.
3. Yes, I know that there are other far more effective ways to do this. This was a simple working explanation.
4. Yes you apparently CAN get into trouble by visiting a site a few thousand times. Ask the FBI, Im sure they would be happy to explain it to you in detail.
5. No, I have no idea whose site that was. Dont hurt it, or anyone elses website, this is simply an explanation.
6. Yes, simply running this off of one machine probably isnt going to do anything since it becomes a bandwidth (up vs down stream) battle. This is just an example.

That being said, please enjoy and be smart and safe.

Category:

Howto & Style

License:

Standard YouTube License

24 likes, 0 dislikes

Uploader Comments (systemerror11)

so how do you do this to a IP adress from a person?

w00dm1st3r 1 week ago
@w00dm1st3r You really dont. I mean, theoretically, using this method even if the user isnt running a web server the dropped packets attempting to connect to a service that doesnt exist COULD cause a lag on a users end given enough traffic being driven, but this example is not designed to target individual machines.

systemerror11 1 week ago
Hou could you know If that is traffic generated by a common users or someone trying to make a DOS attack?

ferperoro 8 months ago
@ferperoro with this method, usually its a matter of noticing a pattern in traffic within the logs or a lot of traffic from a single source - the same page being visited every X time by the same IP address usually means something is automated, and likely an attack.

systemerror11 8 months ago

see all

All Comments (18)

great lesson!! thx so much!!

MrTifihoho 6 months ago
So you just want to find a XSS vulnerable site, make a few (or a lot) of these iframes and every user visiting the vulnerable site will help you DDOS some other website? That's crazy! I don't think there are to many high trafficked websites out there any more with XSS vluns, but that would be BAD!

xKargatx 8 months ago
@bmw2go11 Just wanted to point out that youtube DOES have bandwidth limitation, it just happens to be astronomical.

systemerror11 8 months ago
@12169413 If its done in a short period of time, yes, it could be considered a DDOS attack, which is punishable in the USA and UK with jail time.

If you think going to jail for the equivalent of hitting the F5 key a bunch of times is silly, I suggest you contact your representatives about it.

systemerror11 8 months ago
Good point. Remember theoretically speaking if this is distributed enough u could push a lot data concurrently - presumably enough to overwhelm the upstream of a server - 10 or 100 mbps or more, considering that each page probably isnt going to load at precisely the same time, that 'could' be measured in mbps...

If not its like wave after wave of being overwhelmed.

systemerror11 8 months ago

Iframe DDOS bandwidth attack explained

Category:

Tags:

License:

Link to this comment:

Uploader Comments (systemerror11)

All Comments (18)