1 Followers
26 Following
RingOsborn3

RingOsborn3

SPOILER ALERT!

How do Booter Services Work?

What is a Booter and What Role Does It Play DDoS?

The DDoS attack is a very common form of attack whereby, a malicious actor renders a PC unavailable to its intended users by interrupting its normal functioning. The machine is flooded with traffic resulting in DDoS to additional users.
Cybercriminals use booter which is a web-based service that launches DDoS at a low price typically $5 to $10.

What Are Booter Services?
Booters or booter services are on-demand Distributed Denial of Service Attack services offered by cybercriminals to bring down a particular network or website. They are an illegitimate user of IP stresser s .
They obscure the identity of the attacking service by using proxy servers. With the help of the proxy, the IP address of the attacker is spoofed.
The cybercrime enterprises package booter services as SaaS paired with tutorials and email support. It could either be a one-time service or multiple attacks in a given period.

How do Booter Services Work?
It’s interesting how the booter works. When the attack is launched, it’s nearly impossible to locate the root source of the booter service. It is due to the operational complexity of this process.
Typically, they have a web front end where the user provides information such as the website they want to target. This web front end is like a control panel. The back end is managed by the host executing the DDoS attack.
This ensures that the underlying ISP involved doesn’t look malicious. The DDoS traffic does not directly come from the ISP. It comes from a separate infrastructure. This infrastructure includes data servers which the booter services connect to through proxies.
When DDOS requests to take down the booter service, it’s extremely difficult to locate because the ISP on which the website is hosted has plausible deniability. You have to prove that they been doing something illegal, which unfortunately is hard to demonstrate.

What is The Motivation behind Launching DDoS?
DDoS attacks are launched for various reasons – skiddies trying to flesh out their skills, extortion, business rivalries, ideological conflicts, and more. The preferred method of payment for launching these attacks is PayPal. Some also use bitcoin to disguise their identity. The only problem is fewer people use bitcoins.

What Makes the Attack Effective?
The most effective booter services use reflection and amplification attacks to make the DDoS attack more effective.
When the attacker forges the victim’s IP address and sends a message to the third-party impersonating the victim, this process is called IP addressing spoofing. The third-party replies to the victim directly, not knowing an attacker is approaching them. The IP address of the attacker is kept hidden from not just the victim but the third party service. This process is termed as reflection.
Suppose the attacker orders pizza to the victim’s place. The victim now owes money to the pizza delivery guy for the pizza he did not order.
image
Amplification is the process whereby the attacker forces the third-party server to send a response to the victim. The ratio between the size of the response and the request is called amplification. The more amplification there is, the more the victim will be disrupted. During the process, the third-party server will also be disrupted because of the volume of requests it is to process. DDOS is how the DDoS attack is launched successfully.