Below is the full text of a short paper I wrote in college regarding the then-recent GitHub DDoS attack. I dug it up on an old hard drive and thought it might be interesting to others.
The style of attack employed is known as “Man on the Side”, and is similar to the better-known “man in the middle” attack. The stages are simple:
- User (ALICE) requests a page from Site (BOB)
- BOB sends a page to ALICE containing third-party scripts from a third-party server CHINA
- A malicious party MAL detects the request to CHINA using passive techniques
- MAL sends malicious scripts in place of the requested script
The malicious code has been formatted for easier reading, and is presented below.[i]
Distributed Denial of Service attacks are malicious ventures which do not provide direct profit to the attackers. They are attacks on the availability of the targeted resource, the cost of which is relative to the business lost and the time spent in the down/recovery period. This is a tremendously costly attack when employed against popular sites such as Facebook, GitHub, or Amazon.
The following techniques could potentially prevent this attack from recurring, though there are no guarantees:
- Carefully screen the scripts you wish to employ on your site, checking for exploitability and overall reliability of the company
- Avoid scripts which are loaded through an untrusted passive infrastructure such as the “Great Firewall of China”, as these can potentially be exploited
- Deploy Intrusion Detection to protect against malicious insertion
- Strategically drop packets and request retransmission, as third-parties rarely retransmit (but valid servers usually do)