Start a hangout
Profile


Sergey Shekyan
Lives in redwood shores, ca
124 followers|99,209 views
AboutPostsVideos
Stream
Sergey Shekyan
Shared publicly -Turned out slowhttptest is being used not only by admins;) . Imperva's DoS Trends Report says:
During the last week of March 2012 and the beginning of April 2012, we observed a DoS attack on Patriarchia, the official site of the Moscow Patriarchate – the Russian Orthodox Church. This attack used the Slowhttp tool.
There were two related destination IPs, one of which seems to be a version for mobile browsers. On each attacked IP, there were two attacked URLs: ‘/ ‘ and ‘/search/’.
The 15,000 accesses to ‘/’ were made using POST method, with content length of 4096. There was a referrer header with this value: http://code.google.com/p/slowhttptest/, which directs to the tool’s Website and serves as an identifier.
The 13,000 accesses to ‘/search/’ were made using the GET method. These requests didn’t have a referrer header, but had a parameter (probably for the search) with a random string (e.g. oNsNDTdC). The random parameter ensured that the client’s requests reached the server, bypassing any caching between them.
The week of May 7, 2012 was the week of the Russian elections. During this time, the LOIC attack described above and we observed two more attacks against Russian government sites. Both were DoS attempts using the slowhttp tool. This was also a part of Anonymous’ struggle against the re-election of Putin for president.8 The attack on one of the targets continued until the end of May.
The complete report is available http://www.imperva.com/download.asp?id=31
During the last week of March 2012 and the beginning of April 2012, we observed a DoS attack on Patriarchia, the official site of the Moscow Patriarchate – the Russian Orthodox Church. This attack used the Slowhttp tool.
There were two related destination IPs, one of which seems to be a version for mobile browsers. On each attacked IP, there were two attacked URLs: ‘/ ‘ and ‘/search/’.
The 15,000 accesses to ‘/’ were made using POST method, with content length of 4096. There was a referrer header with this value: http://code.google.com/p/slowhttptest/, which directs to the tool’s Website and serves as an identifier.
The 13,000 accesses to ‘/search/’ were made using the GET method. These requests didn’t have a referrer header, but had a parameter (probably for the search) with a random string (e.g. oNsNDTdC). The random parameter ensured that the client’s requests reached the server, bypassing any caching between them.
The week of May 7, 2012 was the week of the Russian elections. During this time, the LOIC attack described above and we observed two more attacks against Russian government sites. Both were DoS attempts using the slowhttp tool. This was also a part of Anonymous’ struggle against the re-election of Putin for president.8 The attack on one of the targets continued until the end of May.
The complete report is available http://www.imperva.com/download.asp?id=31
1

Haha
Add a comment...
Sergey Shekyan
Shared publicly -Check out my new license plate frame. Google it, if doesn't make sense.
2
Add a comment...
Sergey Shekyan
Shared publicly -Obama at Nucelar summit:(
Obama makes awesome entrance to Nuclear Summit
Obama makes awesome entrance to Nuclear Summit
1
Add a comment...
Sergey Shekyan
Shared publicly -Check out the presentation on Application Layer DoS attacks I gave at BSides SF.
1

wow, quite interesting!
Add a comment...
In his circles
57 people
Sergey Shekyan
Shared publicly -Man, the keys guy on the right is killing it
Ace of Base - Beautiful Life - Live at Dancefloor '96 (lyrics in info)
Ace of Base - Beautiful Life - Live at Dancefloor '96 (lyrics in info)
1
Add a comment...
Sergey Shekyan
Shared publicly -slowhttptest 1.5 with proxy support is released! http://code.google.com/p/slowhttptest/
1
Add a comment...
Sergey Shekyan
Shared publicly -Got a funny ad on yahoo mail. They shouldn't assume I am Indian based on emails from recruiters in my inbox.
1

And they need to convert those rupis to USD, since they show the content to US customer
Add a comment...
People
In his circles
57 people
Places
Currently
redwood shores, ca
Previously
yerevan - yerevan stepanakert, fremont, union city
Links
YouTube
Contributor to
- Buzz (current)
Work
Occupation
engineer
Employment
- engineer, present
Basic Information
Gender
Male
















