Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    How HTML5 Ping Is Used in DDoS Attacks

    By
    Sean Michael Kerner
    -
    April 11, 2019
    Share
    Facebook
    Twitter
    Linkedin
      Imperva DDoS Ping

      A new type of distributed denial-of-service (DDoS) attack is abusing a common HTML5 attribute to overwhelm targeted victims.

      Security firm Imperva reported on April 11 that it has discovered a campaign where hackers abused the <a> tag ping HTML5 attribute in a DDoS attack that generated 70 million requests in four hours. The ping attribute is intended to be used by websites as a mechanism to notify a website if a user follows a given link on a page. Typically, a ping is a single action, but Imperva discovered that hackers have found a way to amplify the ping into a more persistent data flow, triggering the DDoS attack.

      “The attacker, probably using social engineering, forced users to visit a website that contained malicious JavaScript,” Vitaly Simonovich, security researcher at Imperva, told eWEEK. “This script generated links with the target site in the ‘ping’ attribute and clicked it without personal involvement of the user. Auto-generated clicks reflected as ping back to the victim, continuously, the entire time the user stayed on the webpage.”

      Imperva’s analysis of the attack explained that when the user clicks on the hyperlink, a POST request with the body “ping” will be sent to the URLs specified in the attribute. It will also include headers “Ping-From,” “Ping-To” and a “text/ping” content type.

      “We observe DDoS attacks daily,” Simonovich said. “We discovered this attack last month. However, when we looked back in our logs, we noticed that the first time the attack occurred on our network in December 2018, it was using the ping feature.”

      The attack that Imperva found was able make use of 4,000 user IPs, with a large percentage of them from China. The campaign lasted four hours, with a peak of 7,500 requests per second (RPS), resulting in more than 70 million requests hitting the target victim’s website.

      How the Ping Attack Overwhelms a Server

      A simple ping on its own is not enough to disturb a web server and, in fact, for basic availability web servers are regularly hit with ping requests. Ping requests are also low bandwidth and would not likely be able to constitute a volumetric DDoS attack, which aims to overwhelm the available bandwidth of a target server.

      The DDoS attack discovered by Imperva, however, was not a basic ping and, according to Simonovich, could impact a web application server in a couple ways:

      1. Targeting the web server using high RPS, the server will be forced into processing the DDoS attack and not handle legitimate traffic.
      2. Targeting the web application by finding an injection point will cause a high resource consumption. For example, the login form will cause a query to the database.

      “The attack is performed on the application layer aimed to clog server resources by processing several HTTP requests,” Simonovich explained. “As such, attack bandwidth is not the weakest resource in the chain, but CPU or memory of the server.”

      He added that 7,500 RPS is far from the most powerful application DDoS attack, which can reach 100,000 RPS and more, but it is enough to deny availability for a midsize website.

      Defending Against Ping DDoS

      There are several things that organizations can do to minimize the risk of a Ping DDoS attack.

      Imperva recommends that organizations that do not need to receive ping requests on a web server block any web requests that contain “Ping-To” and/or “Ping-From” HTTP headers on the edge devices (firewall, WAF, etc.). DDoS services, including the one that Imperva offers, also can be employed to help limit risk.

      “Attackers are constantly looking for new and sophisticated methods to abuse legitimate services and bypass mitigation mechanisms,” Simonovich said. “Utilization of the ping functionality is a good example of this, especially since most of the browsers by default support it. The challenge that attackers are facing is how to force legitimate users to visit the malicious page and stay on this page as long as possible to make the attack run longer.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×