Apache is the world’ most popular Web server for Linux and Windows platforms, and with such a large attack surface, it’s no surprise that attackers are looking to exploit Apache software vulnerabilities. The approach used by XerXeS is somewhat novel in that it is based on a DoS (not DDos) attack and apparentlyrequires relatively modest computing resources to execute.
The object of such an attack goes beyond denial of service where a more interesting and potentially valuable attack would gain access to the back end database (typically MySQL) generally used by Apache web servers. The trick of course is identifying – who has valuable data assets – since the vast majority of LAMP installations are small content/blogging Web sites.
Courtesy of my colleague Anthony Freed –
Infosec Island has once again gained exclusive access to a video demonstration of the XerXeS DoS attack recently developed by the infamous patriot-hacker known only as The Jester (th3j35t3r).
This new video shows a little more of the XerXeS dashboard, and reveals even more about the attack technique – watch the text box on the left as Jester mentions “Apache” for the first time outside of our private conversations…
See the video on the enhanced DoS exploit of Apache vulnerabilties