Google Servers a DDoS Tool

Wednesday, August 31, 2011 @ 02:08 PM gHale

Cyber attackers can use Google’s servers to launch distributed denial of service (DDoS) attacks, according to Simone “R00T_ATI” Quatrini, a penetration tester for Italian security consulting company AIR Sicurezza.

Two vulnerable pages — /_/sharebox/linkpreview/ and gadgets/proxy? — can request any file type, which Google+ will download and show, even if the attacker isn’t logged into Google+, Quatrini said.

Chrome 13 Patches Security Holes
SCADA Hacking via Search Engines
Websites Hit with Injection Attack
Malware Feeds Off Slow Patching

By making such requests simultaneously, which he managed to do by using a shell script he wrote, he practically used Google’s bandwidth to orchestrate a small DDoS attack against a server he owns.

Quatrini said his home bandwidth can’t exceed 6Mbps, and that the use of Google’s server resulted in an output bandwidth of at least 91Mbps.

“The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site (TOR+This method); the funny thing is that Apache will log Google IPs,” Quatrini said. “But beware: igadgets/proxy? will send your IP in Apache log, if you want to attack, you’ll need to use /_/sharebox/linkpreview/.”

Quatrini said he has discovered the flaws that allow the attack on August 10 and he contacted Google’s Security center about it. After 19 days of receiving no reply from Google, he published his findings.

Leave a Reply

You must be logged in to post a comment.