RUDY Attack and it's prevention

RUDY Attack:

It is the type of slow rate attacks. It also known as slow and low attack. It attempts to open a relatively few connections to the target server or website over a period of time, and leaves the connection as long as possible.

How it works:
It identifies the embedded form in the target site. After identification it sends the HTTP post request with abnormal long ‘content-type’ header field and then starts injecting the form with information, size of one byte packet at one time. This packet is not only sent in junks but at a very slow rate. So , a very long content-length field prevents the server from closing the connection. Ultimately the attacker exhausts the server connection table.

Prevention Mechanisms:
  • Server resource monitoring like memory, CPU usage, connection tables, application threads, long and open application connection or stuck application processes.
  • Behavior analysis compares traffic and user behavior. Or if filling the form takes so much time like hours or minutes instead of seconds.
  • You can also improve the server availability but attackers can also take advantage from the DDOS like botnet.
  • Reverse Proxy is another solution
  • Set the strict time out connection but affects the users which have slow internet connections.
  • Use CDN to prevent the attack from the origin server.

Comments

Post a Comment

Popular posts from this blog

Analyzing Spear Phishing Email

Image
Phishing is the technique of fraudulent attempt by the attacker to obtain sensitive and confidential information i.e. Credentials, PII information, credit card, bank details. It can also be targeted attack to focus on the specific organization of individual. The attacker often tailors an email to speak directory to targeted user. There are many types of phishing as follow. I wouldn't explain the types. You can read Here . In this article you'll learn how to analyze the sophisticated phishing email. So, Let's start the case study to explain.  Spearphising :  Spearphising is the technique in which attacker aims at one person and lures him/her into providing confidential data. Attacker compile the email according to the specific user. The email would consist some of the target's email, username, designation.  Case Study: User receive the spearphising email containing the PDF attachment with double extension. Email body contains the unprofessional statement "Kindly m
Read more

Cyber Threat Intel

Image
What is Cyber Threat Intel? Threat intel is the information about the threats. Cyber threat intel is used to better understand, predict and adopt to the behavior of malicious actors. It plays an important role in preventing the zero-day attacks. " Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes " (NIST). Threat Intel life Cycle: Intelligence lifecycle is the process of developing raw information into finished intelligence for policymaker to use in decision making and action. CTI Life Cycle Planning and Direction Planning and direction helps in setting up the goals for the threat intel program. Priorities and requirements are defined in this phase. Collection: Collection means gathering of data to produce the finished intelligence. Data includes logs(Firewall, IPS/IDS, Endpoints), threat feeds and OSINT(reports, social media, public forums). Collection Types of Collectio
Read more

Practical Malware Analysis (Introductory)

Hi folks, just started the series on PMA (Practical Malware Analysis) . Being an analyst i would recommend to gain expertise on "Malware Analysis". This blog help us to quick recap the concepts of malware as well as from analysis perspective. We'll start from basic and proceed towards advance level. Introduction: Malware refers to "Malicious Binary" which is instructive by the threat actors (called as "Hackers" ) to achieve their motives. Motives can be vary like it could be data stealing, damage/destroy organization systems. Viruses Worms Trojan Spyware Adware Ransomware Aforementioned names are the malware types which is collectively called "Malware". Let's jump into the main topic of this blog without going into the details. Malware Analysis: Malware analysis is the process of understanding the working flow/behavior/malicious activity of malware. The results of the malware analysis help the analysts to detect and prevent the threats.
Read more