Creación de un ataque DDoS utilizando HTTP-GET Flood a partir de la metodología Cyber Kill Chain
This article illustrates by means of a demonstration and taking advantage of the vulnerability “Open redirect”, how easy it can be to attack web servers through distributed attacks of denial of services. In it, the Cyber Kill Chain® model is used to carry out this attack in phases. In the developmen...
- Autores:
-
Martínez-Lozano, Jeferson Eleazar
Atencio-Ortiz, Pedro Sandino
- Tipo de recurso:
- Fecha de publicación:
- 2019
- Institución:
- Universidad Santo Tomás
- Repositorio:
- Repositorio Institucional USTA
- Idioma:
- eng
- OAI Identifier:
- oai:repository.usta.edu.co:11634/36200
- Acceso en línea:
- http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2160
http://hdl.handle.net/11634/36200
- Palabra clave:
- Rights
- License
- Copyright (c) 2019 ITECKNE
| id |
SANTTOMAS2_b0bc38a96ed17c479f705a34ffa038e9 |
|---|---|
| oai_identifier_str |
oai:repository.usta.edu.co:11634/36200 |
| network_acronym_str |
SANTTOMAS2 |
| network_name_str |
Repositorio Institucional USTA |
| repository_id_str |
|
| spelling |
Martínez-Lozano, Jeferson EleazarAtencio-Ortiz, Pedro Sandino2021-09-24T13:17:53Z2021-09-24T13:17:53Z2019-06-19http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/216010.15332/.v16i1.2160http://hdl.handle.net/11634/36200This article illustrates by means of a demonstration and taking advantage of the vulnerability “Open redirect”, how easy it can be to attack web servers through distributed attacks of denial of services. In it, the Cyber Kill Chain® model is used to carry out this attack in phases. In the development of the research, a systematic UFONet tool is applied and the results obtained are analyzed and it is recommended to protect the Internet application services of said attacks through web application firewalls (WAF) whose presence allows the DDoS traffic of the application layer (including the HTTP-GET flood) arrives effortlessly at the destination server.Este artículo ilustra por medio de una demostración y aprovechando la vulnerabilidad “Open redirect”, lo fácil que puede ser atacar servidores web por medio de ataques distribuidos de denegación de servicios en él, se utiliza el modelo Cyber Kill Chain® para llevar acabo dicho ataque por fases. En el desarrollo de la investigación se aplica una herramienta sistemática UFONet y se analizan los resultados obtenidos y se recomienda proteger los servicios de aplicación en Internet de dichos ataques por medio de Firewalls de aplicación web (WAF) cuya presencia permite que el tráfico de DDoS de la capa de aplicación (incluida la inundación HTTP-GET) llegue sin esfuerzo al servidor de destino.application/pdfengUniversidad Santo Tomás. Seccional Bucaramangahttp://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2160/1658ITECKNE; Vol 16 No 1 (2019); 41-47ITECKNE; Vol 16 No 1 (2019); 41-472339-34831692-1798Copyright (c) 2019 ITECKNEhttp://purl.org/coar/access_right/c_abf2Creación de un ataque DDoS utilizando HTTP-GET Flood a partir de la metodología Cyber Kill ChainCreation of a DDOS attack using HTTP-GET Flood with the Cyber Kill Chain methodologyinfo:eu-repo/semantics/articlehttp://purl.org/coar/version/c_970fb48d4fbd8a85http://purl.org/coar/resource_type/c_2df8fbb111634/36200oai:repository.usta.edu.co:11634/362002023-07-14 16:21:00.962metadata only accessRepositorio Universidad Santo Tomásnoreply@usta.edu.co |
| dc.title.spa.fl_str_mv |
Creación de un ataque DDoS utilizando HTTP-GET Flood a partir de la metodología Cyber Kill Chain |
| dc.title.alternative.eng.fl_str_mv |
Creation of a DDOS attack using HTTP-GET Flood with the Cyber Kill Chain methodology |
| title |
Creación de un ataque DDoS utilizando HTTP-GET Flood a partir de la metodología Cyber Kill Chain |
| spellingShingle |
Creación de un ataque DDoS utilizando HTTP-GET Flood a partir de la metodología Cyber Kill Chain |
| title_short |
Creación de un ataque DDoS utilizando HTTP-GET Flood a partir de la metodología Cyber Kill Chain |
| title_full |
Creación de un ataque DDoS utilizando HTTP-GET Flood a partir de la metodología Cyber Kill Chain |
| title_fullStr |
Creación de un ataque DDoS utilizando HTTP-GET Flood a partir de la metodología Cyber Kill Chain |
| title_full_unstemmed |
Creación de un ataque DDoS utilizando HTTP-GET Flood a partir de la metodología Cyber Kill Chain |
| title_sort |
Creación de un ataque DDoS utilizando HTTP-GET Flood a partir de la metodología Cyber Kill Chain |
| dc.creator.fl_str_mv |
Martínez-Lozano, Jeferson Eleazar Atencio-Ortiz, Pedro Sandino |
| dc.contributor.author.none.fl_str_mv |
Martínez-Lozano, Jeferson Eleazar Atencio-Ortiz, Pedro Sandino |
| description |
This article illustrates by means of a demonstration and taking advantage of the vulnerability “Open redirect”, how easy it can be to attack web servers through distributed attacks of denial of services. In it, the Cyber Kill Chain® model is used to carry out this attack in phases. In the development of the research, a systematic UFONet tool is applied and the results obtained are analyzed and it is recommended to protect the Internet application services of said attacks through web application firewalls (WAF) whose presence allows the DDoS traffic of the application layer (including the HTTP-GET flood) arrives effortlessly at the destination server. |
| publishDate |
2019 |
| dc.date.issued.none.fl_str_mv |
2019-06-19 |
| dc.date.accessioned.none.fl_str_mv |
2021-09-24T13:17:53Z |
| dc.date.available.none.fl_str_mv |
2021-09-24T13:17:53Z |
| dc.type.coarversion.fl_str_mv |
http://purl.org/coar/version/c_970fb48d4fbd8a85 |
| dc.type.coar.fl_str_mv |
http://purl.org/coar/resource_type/c_2df8fbb1 |
| dc.type.drive.none.fl_str_mv |
info:eu-repo/semantics/article |
| dc.identifier.none.fl_str_mv |
http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2160 10.15332/.v16i1.2160 |
| dc.identifier.uri.none.fl_str_mv |
http://hdl.handle.net/11634/36200 |
| url |
http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2160 http://hdl.handle.net/11634/36200 |
| identifier_str_mv |
10.15332/.v16i1.2160 |
| dc.language.iso.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2160/1658 |
| dc.relation.citationissue.spa.fl_str_mv |
ITECKNE; Vol 16 No 1 (2019); 41-47 |
| dc.relation.citationissue.eng.fl_str_mv |
ITECKNE; Vol 16 No 1 (2019); 41-47 |
| dc.relation.citationissue.none.fl_str_mv |
2339-3483 1692-1798 |
| dc.rights.eng.fl_str_mv |
Copyright (c) 2019 ITECKNE |
| dc.rights.coar.fl_str_mv |
http://purl.org/coar/access_right/c_abf2 |
| rights_invalid_str_mv |
Copyright (c) 2019 ITECKNE http://purl.org/coar/access_right/c_abf2 |
| dc.format.mimetype.none.fl_str_mv |
application/pdf |
| dc.publisher.eng.fl_str_mv |
Universidad Santo Tomás. Seccional Bucaramanga |
| institution |
Universidad Santo Tomás |
| repository.name.fl_str_mv |
Repositorio Universidad Santo Tomás |
| repository.mail.fl_str_mv |
noreply@usta.edu.co |
| _version_ |
1782026158439661568 |