What are DDoS Toolkits?
DDoS toolkits are software packages that infect numerous connected devices, which are then used as botnets in future DDoS attacks. They are typically authored by black hat hackers with professional intent to stress services and/or launch extortion attempts. Building a DDoS Toolkit from scratch requires significant knowledge of coding, DDoS scripts and other expertise. They typically attack the Network layer and pose a serious threat to organizations when carried out effectively.
Some of the most popular DDoS toolkits include:
- Low Orbit Ion Cannon, or LOIC (an attack that disrupts a target server through a UDP or TCP flood)
- High Orbit Low Cannon, or HOIC (a variant of LOIC designed to launch a DDoS attack using a minimal number of perpetrators)
- Slowloris (a way for a single computer to take down an entire web server)
- XOIC (it performs a DoS attack on any server with just an IP address, a user-selected port and a userselcted protocol)
- HULK, or HTTP Unbearable Load King (an attacking tool which generates a unique request for each request to obfuscated traffic at a web server)
Many toolkits used to conduct a DoS or DDoS can be downloaded for free, or paid for on the web.
What are DDoS-for-hire Services?
In recent years, it has become much easier for people to launch DDoS attacks by paying for them. DDoS-for-hire-services are also known as stressers or booters.
These kinds of DDoS services are normally selling access to DDoS botnets: networks of malware-infected computers, which are “subleased” to subscribers to take down targets of their choice.
Botnet builder kits are relatively freely available and usually come with instructions and tips for greatest success. These kits usually contain the bot payload and the CnC (command and control) files. Aspirational bot masters (also known as herders) can launch DDoS attacks in a wide variety of ways.
DDoS attacks are illegal, which poses a problem for DDoS-for-hire providers who want to reach a wide audience while also staying undetected. Hence the name “stressers”, which implies that you can stress test the resilience of your server using these. However, there are no restrictions on who they can be used against.
Some botnet owners openly describe themselves as offering “booter” or “ddoser” services.
All of them refer to DDoS for hire, allowing them to exploit the lack of regulation to stay vague about an malicious intent. The inability to enforce effective global policies these cyberweapons to be launched indiscriminately. They can be found through a simple Google search. Most stressers and booters have adopted a software as a service (SaaS) business model, using tiered subscription levels, that allow just about anyone to carry out a DDoS attack for as little as $20/month.
Organizations most at risk from these kinds of DDoS attacks are young online organizations that are less able to protect themselves against them, thus threatening the openness of the World Wide Web itself.