You can then find the requesting IP in the log files. Just use your own server as receiving host and issue the request. If there is such a flaw in the web service it's easy to find the origin IP if requests aren't routed through a proxy first. One of the ways to find the real IP address is a Server Side Request Forgery vulnerability. In this blog post we will have a closer look at a collection of methods that can be used for that purpose. Yet, there is some value behind being able to find the real IP behind a DDoS protected website, especially in the bug bounty space, such as access to running services other than HTTP or to bypass web application firewalls, that prevent attacks such as SQL injections. While being a popular excuse for providers of DDoS attack services, real Distributed Denial of Service attacks are hardly something that security teams do for testing the resiliency of their companies' networks. Either they mitigated another large scale traffic flood targeted at one of their customers or they are shielding websites with harmful content from being taken down with such an attack. Usually when DDoS protection providers are in the news, it's for one of two reasons.
0 kommentar(er)
