March 1, 2010 at 7:46 pm #4730Data_RaidParticipant
Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website http://www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).
The video release follows an earlier announcement that The Jester has been working to improve and automate aspects of the attack method, which unlike a DDoS attack, requires only one low spec machine to implement. Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website http://www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).
The video release follows an earlier announcement that The Jester has been working to improve and automate aspects of the attack method, which unlike a DDoS attack, requires only one low spec machine to implement.
Pretty cool vid .. and tool 😉
March 4, 2010 at 7:24 am #29522UNIXParticipant
Looks quite fancy. Would be more interested on how it is implemented and achieving what it does though.
March 4, 2010 at 2:00 pm #29523hayabusaParticipant
No doubt. I’m wondering how he manages to ‘effective’ DDoS the box, using only one machine, unless he somehow IS bouncing the attack off of multiple boxes along the way. I’d like more detail, if he ever releases it, as to how this works.
March 4, 2010 at 2:45 pm #29524zeroflawParticipant
Yea quite interesting. But don’t you need just one machine to control a DDoS attack. At least when you have a nice botnet you can control. Or maybe it’s some sort of amplification attack.
Anyway, I never really liked denial of service attacks.
March 4, 2010 at 2:51 pm #29525hayabusaParticipant
Well, they make it seem as if this is all done from one machine, with no outside assistance / resources. So that’s why I’m curious, as to how, as you say, they ‘amplified’ the attack, etc.
I’m no fan of DDoS, either, however, for this type of purpose, it’s both effective, and curiously interesting (as to the ‘how to’)
March 4, 2010 at 2:57 pm #29526
March 4, 2010 at 3:45 pm #29527Data_RaidParticipant
Some additional information about ZerXes taken from an inteview (link posted at the end of my comments)
Q: How did you first develop your DoS technique?
A: Okay it started with a little script I wrote a while back to harden-test servers. I modified this script, and it was just a nasty script, very cumbersome. When I realized the extent of the jihad online recruiting and co-ordination involvement (much later), I realized I could turn this script into a weapon. But the problem with that was it took me constantly shell hopping and wasn’t very user friendly. Now I have started on project XerXeS, an intelligent frontend with the ability to hit multiple targets autonomously.
Q: So the automation does not hinder your technique’s effectiveness?
No, not at all. Each new wave uses a different IP (location). It starts with just one, but ramps it up if it detects system counter-measures.
Q: What are the implications if something like XerXeS was combined with a large zombie network, and coordinated against critical U.S. infrastructure, like our communications, power grids, or financial systems?
XerXes requires no zombie network or botnet to be effective. Once a single attacking machine running XerXeS has smacked down a box, it’s down, there is no need for thousands of machines. But, XerXeS does not hurt intermediary nodes along its path to the target. So the answer is that such institutions’ systems would still be intact, as it causes no collateral damage, just not functional.
September 15, 2010 at 7:06 am #29528D4rk357Participant
It is some sort of Smurf attack ?? my closest guess ???
September 15, 2010 at 9:04 am #29529MaXeParticipant
Most likely D4rk357.
My best guess is a DNS Amplification Attack, POD (Ping of Death) and / or Slowloris style WebServer attack, perhaps all 3 combined for a higher success rate.
I don’t think it’s something new even though I can’t confirm nor deny it.
Oh yeah I forgot about UDP and TCP DoS attacks too. 😀
After all if he’s not attacking specific services on the target computers, such as
web-servers, dns-servers etc. then he’s abusing the functionality of the ICMP, TCP and / or UDP protocols which hardly can’t be something new. Just better implemented.
September 16, 2010 at 3:59 pm #29530KetchupParticipant
To me it seems that that there must be an element of a new attack there. All of the old smurf, fraggle, etc attacks are fairly effective blocked by most modern firewalls. Jester says that his attack is effective against 90% of the sites on the Internet. It seems like the majority of the infrastructures would have patched their routers and firewalls to block simple stuff like the smurfs, fraggles, and PODs.
December 21, 2012 at 4:31 am #29531AnonymousParticipant
whoah this blog is excellent i love reading your posts. Keep up the good work! You know, a lot of people are searching around for this info, you can help them greatly.
- You must be logged in to reply to this topic.