#MERCURY DDOS TOOL SERIAL#
But that starts to look a whole lot like a spying apparatus pretty quick so I'm not sure the general public would be OK with it.Analisys and design of algorithm and data structure, design in VHDL language of full custom and cell base integrated systems, knowledge of the modern computer architecture and develope of I\O assembler driver onĬISC (MC68000) and RISC (SPIM) architecture for serial (USART-UART) and parallel (PIA) transmission interfaces with PIC and DMA device integration. Our best bet is probably some kind of cooperative cloud between multiple ISPs and hardware/software vendors. I mean there's tons of super smart people trying to solve the problem but I'm not sure how the IoT stuff will get dealt with. As the botnet gets better at randomizing it's request string or user agent (etc) these things will be even harder to deal with. So middle boxes like Arbor and RAD have a really hard time determining good sessions from bad. The new IoT botnets are different because they can spawn 1Tbps+ of actual TCP:80 (or 443, or whatever) sessions that all look fairly legit. Those attacks are easy to identify and filter if you can absorb the avalanche of traffic. That limits them to UDP-based services like NTP, DNS, SSDP, chargen, etc. Typically attackers have to use reflection and amplification to reach >10Gbps in their attacks. It's the reason a lot of this gear costs in the hundreds of thousands of dollars for a single box that can only handle 100Gbps of dirty traffic.Īnd there's little indication that these systems can handle the new IoT botnets. It leads to really complex systems that can get out of sync if they're not well designed and deployed. And some part of the FPGA / ASIC reports stats back for management purposes.ĥ) Then you need something to continue monitoring the whole mess and remote the shunt route when the attack subsides.Īnd you gotta do that in multiple locations typically. The CPUs look at every packet and build rules to filter the bad stuff. they all do things a little differently but in the end they put a SHITLOAD of CPU into a box along with some FPGAs. This is obviously the hard part and each vendor has it's own secret sauce for this part. FlowSpec allows you to shunt only UDP:53 (DNS) or whatever to the scrubbing station(s).Ĥ) THEN you need something to take the clean+dirty traffic and actually do the job of filtering out the junk. So typically you can only send ALL traffic for the attack target via a unicast /32 route (or /128 for v6). Normally via BGP as a unicast route but FlowSpec is allowing for additional match conditions on "sunk" / "shunted" traffic. Other networks do this with physical taps (cheaper) or span/mirror ports (fewer boxes to buy).ģ) Once the bad traffic is identified in a course manner (dest_IP, src_port, dst_port, etc) you typically signal a "sink" or "shunt" route for the attack destination.
#MERCURY DDOS TOOL SOFTWARE#
Most networks do this with flow export (sFlow, IPFIX, netflox, etc) because it scales well and there's a decent set of commercial and open source software to do it.
so these days you need to have about 600Gbps - 1Tbps of EXTRA throughput to handle the attack so it can be scrubbedĢ) Need some kind of data reporting tool to "find" the attack and characterized it. 1) You have to be able to absorb the flood.
0 kommentar(er)
