Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

5. The Intelligence Component to Cyber W... > The Korean DDoS Attacks (July 2009)

The Korean DDoS Attacks (July 2009)

The first set of information that came into the hands of Project Grey Goose investigators was the technical characteristics of the attacks. This information is typically shared between Internet security firms and is fairly objective and noncontroversial.

The best technical analysis came from the Vietnamese security firm BKIS. Figure 5-1 shows a breakdown of what was known about the attacks after BKIS gained control of two of the command and control (C&C) servers.

BKIS diagram of the MyDoom attack program

Figure 5-1. BKIS diagram of the MyDoom attack program

Thanks to information shared between KR CERT and AP CERT (of which BKIS is a member), BKIS researchers were able to gain access to two of the C&C servers and determined that the botnet was controlled by a total of eight C&C servers. The zombie PCs in this botnet were instructed to log onto a different, randomly chosen server every three minutes.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free 10-Day Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint