GithubHelp home page GithubHelp logo

iaksit / amp-research Goto Github PK

View Code? Open in Web Editor NEW

This project forked from phenomite/amp-research

0.0 1.0 0.0 978 KB

Research on UDP/TCP amplification vectors, payloads and mitigations against their use in DDoS Attacks

License: MIT License

C 63.34% Python 36.66%

amp-research's Introduction

AMP-Research

Research on exotic UDP/TCP amplification vectors, payloads and mitigations

The subfolder's in this repo will house the following:

  • Overview README.md
    • Potential official protocol documentation.
    • Potential Mitigation strategies.
  • Scanning payload (e.g. for use in zmap) OR potential scanning script (C).
  • Raw socket flood script (C) for analysis to build flowspec or ACL mitigations.

What is amplification in respect to network protocols?

Amplification is where well-formed or malformed socket or application data requests elicit a response larger than the input data. This can then be abused to "amplify" a request, usually by means of Distributed Reflected Denial of Service (DDoS/DRDoS) attacks.

Best way to show what this means is an example.

Example UDP response size from 1 byte on MSSQL protocol:

  • ~# echo -ne '\x02' | nc -u -q 2 190.xx.xx.xx 1434|xxd -p|wc -c

    629 bytes

    That's an amplification factor of over 23x.

Example hex response from a discovery probe to Apple Remote Desktop protocol:

  • ~# echo -ne '\x00\x14\x00\x01\x03' |nc -u 89.xx.xx.xx 3283|hexdump

     0000000 0100 ea03 3100 0000 0000 0000 0000 0000
 0000010 0000 0000 0000 0000 0000 0000 0000 0000
 0000020 0000 0000 0000 0000 0100 0000 0000 0000
 0000030 0000 0000 0000 0000 0000 0000 0000 0000
 _
 0000050 0000 1200 0000 0000 0000 0000 0000 0000
 0000060 0000 0000 0000 0000 0000 0000 0000 0000
 0000070 0000 0000 0000 0000 0000 0000 0000 640a
 0000080 7461 6861 6565 6472 0034 0000 0000 0000
 0000090 0000 0000 0000 0000 0000 0000 0000 0000
 _
 00000c0 0000 0001 0000 0000 0000 0000 0000 0000
 00000d0 0000 0000 0000 9803 0000 0100 18f0 ed98
 00000e0 9288 0000 0000 0a00 6400 6100 7400 6100
 00000f0 6800 6500 6500 7200 6400 3400 0000 0000
 0000100 0000 0000 0000 0000 0000 0000 0000 0000

Compiling the C code in this repo?

Remember that checksum ones-compliment relies on 32bit compilation. This really only matters with TCP scripts.

Vulnerable reflectors?

No. This is here to help everyone mitigate amplification vectors.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.