Creation of a DDOS attack using HTTP-GET Flood with the Cyber Kill Chain methodology

IF 0.5 Q4 ENGINEERING, MULTIDISCIPLINARY
Jeferson Eleazar Martínez-Lozano, Pedro Sandino Atencio-Ortiz
{"title":"Creation of a DDOS attack using HTTP-GET Flood with the Cyber Kill Chain methodology","authors":"Jeferson Eleazar Martínez-Lozano, Pedro Sandino Atencio-Ortiz","doi":"10.15332/ITECKNE.V16I1.2160","DOIUrl":null,"url":null,"abstract":"This article illustrates by means of a demonstration and taking advantage of the vulnerability “Open redirect”, how easy it can be to attack web servers through distributed attacks of denial of services. In it, the Cyber Kill Chain® model is used to carry out this attack in phases. In the development of the research, a systematic UFONet tool is applied and the results obtained are analyzed and it is recommended to protect the Internet application services of said attacks through web application firewalls (WAF) whose presence allows the DDoS traffic of the application layer (including the HTTP-GET flood) arrives effortlessly at the destination server.","PeriodicalId":53892,"journal":{"name":"Revista Iteckne","volume":null,"pages":null},"PeriodicalIF":0.5000,"publicationDate":"2019-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Revista Iteckne","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15332/ITECKNE.V16I1.2160","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}
引用次数: 1

Abstract

This article illustrates by means of a demonstration and taking advantage of the vulnerability “Open redirect”, how easy it can be to attack web servers through distributed attacks of denial of services. In it, the Cyber Kill Chain® model is used to carry out this attack in phases. In the development of the research, a systematic UFONet tool is applied and the results obtained are analyzed and it is recommended to protect the Internet application services of said attacks through web application firewalls (WAF) whose presence allows the DDoS traffic of the application layer (including the HTTP-GET flood) arrives effortlessly at the destination server.
使用HTTP-GET洪水和网络杀伤链方法创建DDOS攻击
本文通过一个演示,利用“Open redirect”漏洞,说明了通过分布式拒绝服务攻击攻击web服务器是多么容易。其中,网络杀伤链®模型用于分阶段实施这种攻击。在研究的发展过程中,应用了系统的UFONet工具,并对所得结果进行了分析,建议通过web应用防火墙(WAF)保护上述攻击的互联网应用服务,WAF的存在使得应用层的DDoS流量(包括HTTP-GET洪水)轻松到达目标服务器。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Revista Iteckne
Revista Iteckne ENGINEERING, MULTIDISCIPLINARY-
自引率
50.00%
发文量
3
审稿时长
24 weeks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信