South African IP addresses appear on massive DDoS-for-hire list
Two Israeli hackers were recently arrested by Israeli police on behalf of the FBI, following revelations about an underground service called vDOS – a distributed denial-of-service (DDoS) platform for hire.
A DDoS attack typically uses multiple systems to flood the bandwidth or resources of a target, usually one or more web servers, with the aim of knocking them offline.
Krebs on Security reported that vDOS earned over $600,000 helping customers coordinate more than 150,000 DDoS attacks over the past two years.
The service was recently hacked, revealing the details of “tens of thousands of paying customers and their targets”.
“To say that vDOS has been responsible for a majority of the DDoS attacks clogging up the Internet over the past few years would be an understatement,” said Krebs on Security.
“And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years’ worth of attack traffic.”
Attack details
Last week, DDoS protection service CloudFlare released a file of around four months of vDOS attack logs.
The log contains over 170,000 entries of attacks, stretching from April 2016 to July 2016.
The file contains:
- vDOS username that ordered and paid for the attack.
- Target Internet (IP) address.
- Attack method.
- Internet (IP) address of the vDOS user.
- Date and time of the attack.
- Browser user agent string of the vDOS user.
The file contains several South African IP addresses, including attack targets and the IP addresses of locals who ordered attacks.
The table below provides a snippet from the vDOS log file which relates to South Africa.
It should be noted that an attacker may use various methods to spoof their IP address to launch attacks.
They can also use anonymous proxies, VPNs, and other methods to hide their real location and identities.
| User | Attack target | Users IP address | Atack Date | Browser |
| GnikLlort | Launched a stress test on 185.24.99.98:80 for 1200 using DNS | 105.229.63.204 (ZA) | 02-05-2016 05:33 | Mozilla Firefox v46.0 on Windows |
| x0123 | Launched a VIP stress test on 173.168.226.27:80 for 1200 using DNS | 197.189.238.185 (ZA) | 28-06-2016 17:12 | Google Chrome v51.0.2704.103 on Windows |
| GnikLlort | Launched a stress test on 5.206.225.107:80 for 1200 using DNS | 41.13.196.187 (ZA) | 04-05-2016 05:01 | Mozilla Firefox v46.0 on Windows |
| GnikLlort | Launched a stress test on 139.162.210.32:80 for 1200 using DNS | 41.3.20.248 (ZA) | 05-05-2016 01:18 | Mozilla Firefox v46.0 on Windows |
| GnikLlort | Launched a stress test on 188.138.17.37:80 for 1200 using xSYN | 41.13.196.108 (ZA) | 09-05-2016 04:48 | Mozilla Firefox v46.0 on Windows |
| GnikLlort | Launched a stress test on 69.175.22.130:80 for 1200 using DNS | 41.13.224.234 (ZA) | 10-05-2016 02:38 | Mozilla Firefox v46.0 on Windows |
| w3stside | Launched a stress test on 196.11.240.215:80 for 500 using DNS | 197.87.14.33 (ZA) | 04-06-2016 18:18 | Mozilla Firefox v46.0 on Windows |
More on DDoS attacks
Biggest DDoS attack in Q1 2016 was 289Gbps
Google’s Project Shield: protecting news sites against DDoS attacks
Massive increase in DDoS attacks
Loading ...