Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Home
  • Attend
    • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
    • Students and Grants
    • Co-Located Workshops
  • Program
  • Participate
    • Instructions for Participants
    • Call for Papers
  • Sponsorship
  • About
    • Workshop Organizers
    • Services
    • Questions
    • Help Promote!
    • Past Workshops
  • Home
  • Attend
  • Program
  • Participate
    • Instructions for Participants
    • Call for Papers
  • Sponsorship
  • About
    • Workshop Organizers
    • Services
    • Questions
    • Help Promote!
    • Past Workshops

sponsors

Bronze Sponsor

help promote

WOOT '16 button

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics
Tweet

connect with us

Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics

Authors: 

Giancarlo Pellegrino and Christian Rossow, Saarland University; Fabrice J. Ryba, Freie Uiversität Berlin; Thomas C. Schmidt, HAW Hamburg; Matthias Wählisch, Freie Universität Berlin

Abstract: 

The Great Cannon DDoS attack has shown that HTML/JavaScript can be used to launch HTTP-based DoS attacks. In this paper, we identify options that could allow the implementation of the general idea of browser-based DDoS botnets and review ways how attackers can acquire bots (e.g., typosquatting and malicious ads). We then assess the DoS impact of browser features and show that at least three JavaScript-based techniques can orchestrate clients to send thousands of HTTP requests per second. Seeing the vats potential, we evaluate the economics of browser-based botnets and show that their cost are about as high as traditional DDoS botnets—while giving far less flexibility in terms of attack features and control over the bots. Finally, we discuss victim- and browser-side countermeasures.

Giancarlo Pellegrino, Saarland University

Christian Rossow, Saarland University

Fabrice J. Ryba, Freie Uiversität Berlin

Thomas C. Schmidt, HAW Hamburg

Matthias Wählisch, Freie Universität Berlin

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

Pellegrino PDF
View the slides
  • Log in or    Register to post comments

Bronze Sponsors

© USENIX

  • Privacy Policy
  • Contact Us