Prolexic explained that the Dirt Jumper DDoS toolkit has a vulnerability in the command and control (C&C) architecture that could neutralize an attack.
With the identity of the C&C server or infected host and open source penetration testing tools, Prolexic researchers were able to gain access to the C&C database backend and the server-side configuration files.
“With this information, it is possible to access the C&C server and stop the attack. Part of our mission is to clean up the internet. It is our duty to share this vulnerability with the security community at large”, said Scott Hammack, chief executive officer at Prolexic.
“DDoS attackers take pride in finding and exploiting weaknesses in the architecture and code of their targets. With this vulnerability report, we’ve turned the tables and exposed crucial weaknesses in their own tools”, Hammack proclaimed.