Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).

The video release follows an earlier announcement that The Jester has been working to improve and automate aspects of the attack method, which unlike a DDoS attack, requires only one low spec machine to implement. Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).

The video release follows an earlier announcement that The Jester has been working to improve and automate aspects of the attack method, which unlike a DDoS attack, requires only one low spec machine to implement.

https://www.infosecisland.com/blogview/2990-Exclusive-Video-of-XerXeS-DoS-Attack.html

Pretty cool vid .. and tool 

No doubt.  I'm wondering how he manages to 'effective' DDoS the box, using only one machine, unless he somehow IS bouncing the attack off of multiple boxes along the way.  I'd like more detail, if he ever releases it, as to how this works.

Well, they make it seem as if this is all done from one machine, with no outside assistance / resources.  So that's why I'm curious, as to how, as you say, they 'amplified' the attack, etc.

I'm no fan of DDoS, either, however, for this type of purpose, it's both effective, and curiously interesting (as to the 'how to')

Some additional information about ZerXes taken from an inteview (link posted at the end of my comments)

Q:  How did you first develop your DoS technique?

A:  Okay it started with a little script I wrote a while back to harden-test servers. I modified this script, and it was just a nasty script, very cumbersome. When I realized the extent of the jihad online recruiting and co-ordination involvement (much later), I realized I could turn this script into a weapon.  But the problem with that was it took me constantly shell hopping and wasn’t very user friendly. Now I have started on project XerXeS, an intelligent frontend with the ability to hit multiple targets autonomously.

Q:  So the automation does not hinder your technique’s effectiveness?

No, not at all. Each new wave uses a different IP (location). It starts with just one, but ramps it up if it detects system counter-measures.

Q:  What are the implications if something like XerXeS was combined with a large zombie network, and coordinated against critical U.S. infrastructure, like our communications, power grids, or financial systems?

XerXes requires no zombie network or botnet to be effective. Once a single attacking machine running XerXeS has smacked down a box, it's down, there is no need for thousands of machines. But, XerXeS does not hurt intermediary nodes along its path to the target. So the answer is that such institutions’ systems would still be intact, as it causes no collateral damage, just not functional.

https://www.infosecisland.com/blogview/2882-Jester-Unveils-XerXeS-Automated-DoS-Attack.html

Most likely D4rk357.

My best guess is a DNS Amplification Attack, POD (Ping of Death) and / or Slowloris style WebServer attack, perhaps all 3 combined for a higher success rate.

I don't think it's something new even though I can't confirm nor deny it.

Update:
Oh yeah I forgot about UDP and TCP DoS attacks too.  

After all if he's not attacking specific services on the target computers, such as
web-servers, dns-servers etc. then he's abusing the functionality of the ICMP, TCP and / or UDP protocols which hardly can't be something new. Just better implemented.

whoah this blog is excellent i love reading your posts.  Keep up the good work! You know, a lot of people are searching around for this info,  you can help them greatly.