The Rise of Booter and Stresser Services

Datetime:2016-08-22 21:40:19          Topic: DDOS           Share

Stressers

Denial of Service (DoS) attacks have come a long way since the days of LOIC and other GUI-based tools. Today, potential hackers do not have to know the first thing about conducting such an attack. They can simply purchase attack services to carry one out for them. Just a few years ago, attackers would have had to download simple GUI-based tool to launch a DoS attack. As time moved on, hackers started to combine their efforts and tools in distributed group attacks. Today, attackers are now abandoning GUI and script tools and opting to pay for attack services via stresser services.

Figure: zStress

Basic DoS tools are easy to defend against and have left attackers wanting more power. With this demand came a supply of new attack tools and services that will quickly test the limits of most defensive systems. But this new demand was not created out of the good nature of a hacker’s heart. It was fueled by profits and has now created a blooming industry around DDoS-as-a-service.

These new, off-the-shelf attack services are commoditizing the art of hacking, making it possible for novice hackers with little know-how to launch attacks via affordable tools that are available on the Darknet and the Clearnet. To add humor into the situation, most DDoS-as-a-service websites use DDoS mitigation companies to prevent their competition from taking them offline.

Figure: zStress attack panel

Many notorious DDoS groups like Lizard Squad, Poodle Corp, New World Hackers and others have all entered the DDoS-as-a-service business, monetizing their capabilities in peace-time by renting out their powerful stresser services. The high demand for DDoSaaS makes it a very profitable business and can generate thousands of dollars a week for operators. The entry level continues to decrease, allowing novice attackers the ability to carry out larger and more sophisticated attacks then just a few years ago. For as little as $19.99 a month an attacker can run 20 minute bursts for 30 days, utilizing a number of attack vectors like DNS, SNMP, SSYN and slow GET/POST application layer DoS attacks. All an attacker has to do is create an account, select a plan, pay in Bitcoin and access the attack hub where they can target the victim by port, time and method.

Booters and Stresser (Low end)
Name Boot time Concurrent Days Size Support Price
zStress 1200 1 30 15-20Gbps Yes $15
Data Booter 900 1 30 10-20Gbps Yes $15
instaBooter 1800 1 30 10-20Gbps Yes $20
SynStress 1200 1 30 10-15Gbps Yes $14.99
Restresser 3600 1 30 5Gbps Yes $15
Instress 1800 1 30 250-300Gbps Yes $19.99
Thunder Stress 800 1 30 400Gbps Yes $13
Shenron 1200 1 30 35Gbps Yes $19.99
DDoS City 1200 1 30 125Gbps Yes $13.40
WebStresser 1000 1 30 350Gbps Yes $9
RageBooter 900 1 30 5-10Gbps Yes $15
Exitus 1200 1 30 250Gbps yes $11.18
v-Dos 1200 1 30 10-50Gbps Yes $19.99

These services offer multiple attack vectors, allowing the attacker to directly target their victim’s network with accuracy and power. Some of the most common attack vectors found on these sites are DNS, NTP, SSDP, Chargen, SSYN, ACK, XMLRPC, Portmap and Joomla.

For more about attack vectors, check out our recentERT Alert.

Due to their effectiveness, amplification-based attacks are the default attack technique offered by most booters services. These attacks are easy to conduct and rely on misconfigured services. The attacker sends a spoofed packet with the victim’s IP to the service, resulting in a response from the server sent to the victim’s IP. Attackers will also use reflection-based attacks by misusing popular content management systems (CMS) like WordPress and Joomla to generate HTTP requests to target web servers. They will also abuse gaming consoles and routers in an attempt to generate larger attacks. By using reflection and amplification, attackers are able to mask their origin and turn a tiny amount of bandwidth into a much larger scale assault.

In addition to these vectors, a number of services also offer tools on their website like resolvers, IP loggers, geo-location, ping and VPN detectors.

Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.





About List