Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics

  • Pellegrino G
  • Rossow C
  • Ryba F
 et al. 
  • 22


    Mendeley users who have this article in their library.
  • N/A


    Citations of this article.


The Great Cannon DDoS attack has shown that HTML/JavaScript can be used to launch HTTP-based DoS attacks. In this paper, we identify options that could allow the implementation of the general idea of browser-based DDoS botnets and review ways how attackers can acquire bots (e.g., typosquatting and malicious ads). We then as-sess the DoS impact of browser features and show that at least three JavaScript-based techniques can orchestrate clients to send thou-sands of HTTP requests per second. Seeing the vats potential, we evaluate the economics of browser-based botnets and show that their cost are about as high as traditional DDoS botnets—while giving far less flexibility in terms of attack features and control over the bots. Finally, we discuss victim-and browser-side countermeasures.

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

There are no full text links


  • Giancarlo Pellegrino

  • Christian Rossow

  • Fabrice J. Ryba

  • Thomas C. Schmidt

  • Matthias Wählisch

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free