Friday, January 1, 2016

What is a Billion Laughs Attack ?



A Billion Laughs Attack is a Denial of Service or DoS Attack which targets parsers of XML documents. The attack is also known as an XML Bomb or Exponential Entity Expansion Attack or XEE Attack.







An XML entity is a symbolic representation of information like a variable in computer program. It is declared in Document Type Definition or DTD with the following syntax :


<!ENTITY entityName "The text you want to appear when the entity is used">

Now, let's consider the following lines of code :




<?xml version="1.0"?>
<!DOCTYPE lolz [
<!ENTITY lol "lol">
<!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
<!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
<!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
<!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
<!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
<!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
<!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
<!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>
<lolz>&lol9;</lolz>




This example consists of ten entities. Each entity consists of ten of the previous entity. And the document will consist of one billion copies of the first entity.



In most of the examples the first entity is represented as the string “lol” and hence the name The Billion Laughs Attack.



As the document consists of one billion copies of the first entity, the computer memory used will exceed the memory available to the process parsing the XML. As a result, the parser will consume an exponential amount of resources, causing a Denial of Service attack.



The attack was first reported in 2002. But, it began to be widely addresses later.


How to prevent Billion Laughs Attack or XEE Attack ?


There are couple of steps that can be taken.


  • We can limit the number of Entity Reference Nodes that the parser can expand.
  • We can limit the number of characters up to which the entity can expand.



So, beware of all the vulnerabilities. And stay safe, stay secured.




Read More

What is Web Application Firewall ?

What is Deep Packet Inspection ?

What is Next Generation Firewall ?

How to prevent DDoS attacks ?

What is IoT Botnet ?

How does Network Segmentation improve security ?



No comments:

Post a Comment