EH-Net

Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).

The video release follows an earlier announcement that The Jester has been working to improve and automate aspects of the attack method, which unlike a DDoS attack, requires only one low spec machine to implement. Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).

The video release follows an earlier announcement that The Jester has been working to improve and automate aspects of the attack method, which unlike a DDoS attack, requires only one low spec machine to implement.

https://www.infosecisland.com/blogview/2990-Exclusive-Video-of-XerXeS-DoS-Attack.html (https://www.infosecisland.com/blogview/2990-Exclusive-Video-of-XerXeS-DoS-Attack.html)

Pretty cool vid .. and tool  ;)

Looks quite fancy. Would be more interested on how it is implemented and achieving what it does though.

No doubt.  I'm wondering how he manages to 'effective' DDoS the box, using only one machine, unless he somehow IS bouncing the attack off of multiple boxes along the way.  I'd like more detail, if he ever releases it, as to how this works.

Yea quite interesting. But don't you need just one machine to control a DDoS attack. At least when you have a nice botnet you can control. Or maybe it's some sort of amplification attack.

Anyway, I never really liked denial of service attacks.

Well, they make it seem as if this is all done from one machine, with no outside assistance / resources.  So that's why I'm curious, as to how, as you say, they 'amplified' the attack, etc.

I'm no fan of DDoS, either, however, for this type of purpose, it's both effective, and curiously interesting (as to the 'how to')

Oh, now I get it. Well that also raises my curiosity :P

Some additional information about ZerXes taken from an inteview (link posted at the end of my comments)

Q:  How did you first develop your DoS technique?

A:  Okay it started with a little script I wrote a while back to harden-test servers. I modified this script, and it was just a nasty script, very cumbersome. When I realized the extent of the jihad online recruiting and co-ordination involvement (much later), I realized I could turn this script into a weapon.  But the problem with that was it took me constantly shell hopping and wasn’t very user friendly. Now I have started on project XerXeS, an intelligent frontend with the ability to hit multiple targets autonomously.

Q:  So the automation does not hinder your technique’s effectiveness?

No, not at all. Each new wave uses a different IP (location). It starts with just one, but ramps it up if it detects system counter-measures.

Q:  What are the implications if something like XerXeS was combined with a large zombie network, and coordinated against critical U.S. infrastructure, like our communications, power grids, or financial systems?

XerXes requires no zombie network or botnet to be effective. Once a single attacking machine running XerXeS has smacked down a box, it's down, there is no need for thousands of machines. But, XerXeS does not hurt intermediary nodes along its path to the target. So the answer is that such institutions’ systems would still be intact, as it causes no collateral damage, just not functional.

https://www.infosecisland.com/blogview/2882-Jester-Unveils-XerXeS-Automated-DoS-Attack.html

It is some sort of Smurf attack ?? my closest guess  ???

Most likely D4rk357.

My best guess is a DNS Amplification Attack, POD (Ping of Death) and / or Slowloris style WebServer attack, perhaps all 3 combined for a higher success rate.

I don't think it's something new even though I can't confirm nor deny it.

Update:
Oh yeah I forgot about UDP and TCP DoS attacks too.  :D

After all if he's not attacking specific services on the target computers, such as
web-servers, dns-servers etc. then he's abusing the functionality of the ICMP, TCP and / or UDP protocols which hardly can't be something new. Just better implemented.

To me it seems that that there must be an element of a new attack there.  All of the old smurf, fraggle, etc attacks are fairly effective blocked by most modern firewalls.  Jester says that his attack is effective against 90% of the sites on the Internet.  It seems like the majority of the infrastructures would have patched their routers and firewalls to block simple stuff like the smurfs, fraggles, and PODs. 

whoah this blog is excellent i love reading your posts.  Keep up the good work! You know, a lot of people are searching around for this info,  you can help them greatly.