Home / / Prolexic warns of HULK DoS script

Prolexic warns of HULK DoS script

Malware was designed by a network security researcher as an education tool

Prolexic warns of HULK DoS script
Prolexic Technologies has release a threat advisory for the HULK DoS script.

DDoS protection specialists Prolexic Technologies has released a threat advisory on the HTTP Unbearable Load King (HULK) denial of service (DoS) script.

According to Prolexic, the script was developed by a network security researcher and shared publicly on his blog, the tool attracted widespread attention - and generated panic - throughout the digital security industry.

The script was intended to be an educational proof-of-concept, which exposed common weaknesses that could be exploited by malicious actors to bring down servers that have not been optimally configured for performance and DDoS resistance.

"What makes HULK dangerous is the fact that a single malicious actor with a single computer could feasibly take down a small, unhardened web server in minutes. We've tested the tool internally and it is functional," said Neal Quinn, chief operating officer at Prolexic. "Fortunately, this is not a very complex DoS tool," he added. "We were quickly able to dissect its approach and stop it dead in its tracks. It is fairly simple to stop HULK attacks and neutralise this vulnerability with the proper configuration settings and rules."

HULK, which was released on 17th May, uses randomised header and parameter values to generate a threaded GET flood attack; the randomised requests make it more difficult to distinguish attack threads from legitimate traffic, particularly for automated mitigation solutions.

HULK is designed to take advantage of out-of-the-box web server configuration vulnerabilities and spawns 500 threads that collectively stream random GET requests at its website target upon launch, bypassing caching engines to exhaust server resources, according to Prolexic. 

The Prolexic Security Engineering & Response Team (PLXsert) have instituted rules to defend against and mitigate HULK attacks and issued a threat advisory to Prolexic customers last week. As a public service, full details of the HULK threat, including recommended mitigation techniques and SNORT rules, are available at www.prolexic.com/threatadvisories.

"There is a lot at stake for businesses online - whether it's a matter of money, reputation, regulatory compliance or business continuity. No one wants to be down for a second, let alone hours or days," Quinn said. "Consequently, any threat can cause panic. While many DDoS threats are very real and severe, in the case of HULK, panic is not necessary. PLXsert is happy to share our practical, effective mitigation method that can be implemented on any WAF or content switch, and transform the HULK back into Dr. Banner."

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.