6/18/2012 08:47:00 am
ABHIJEET VISHEN
Denial of Service (DoS) Attack
Today on Horizon Deity, I am going to explain the most Amaizing article… and that about “DoS Attack“. Thats the most common n effective “Server Attack Process“. People making mistake to understand this concept.So today i have plan to clear your concepts against “Dos Attack“. Please Read the artilce carefully… and ”HD” will not be Responsible for any wrong use of this,The artilce is just for Edicational Purpose.
Yeah,So a denial-of-service — or DoS — attack is an attempt to prevent a website from functioning properly and is one of the most common violations happening to popular sites on the Internet. These attacks, which usually target high-profile websites, are meant to keep people from accessing such sites for an extended period of time. In short “Making the server down for some time…so that no one can use the site“.
Social networking sites are among some of the most often visited and widely used on the Internet. Because of this, sites like Twitter and Facebook have to worry about DoS attacks like other important websites. Twitter has fallen victim to DoS attacks in the past already, causing the site to run extremely slow or go down entirely. But,i know that what yoy guys gonna ask me, how ?
What a DoS attack consists of, as well as how one can take down a site as big as Twitter, and the effects it has on the site and its millions of users.
What is a DoS Attack ?
Above I explained briefly the intent of a DoS attack, but what is it technologically ? A DoS attack happens when a large number of hijacked computers overwhelm a website by sending it a massive, constant stream of data. A basic site like Twitter, which is used to processing requests and displaying a simple page, has trouble keeping up with this massive flow of information due to this large spike in requests.Like if you start sending huge and fast requests to server,then it is not possible for the servers to respond you as fast you are sending…that cause the Server Down !
Above I explained briefly the intent of a DoS attack, but what is it technologically ? A DoS attack happens when a large number of hijacked computers overwhelm a website by sending it a massive, constant stream of data. A basic site like Twitter, which is used to processing requests and displaying a simple page, has trouble keeping up with this massive flow of information due to this large spike in requests.Like if you start sending huge and fast requests to server,then it is not possible for the servers to respond you as fast you are sending…that cause the Server Down !
In a typical connection, a user sends a message for the server to authenticate. After the server acknowledges and approves this request, the user can then access the site from the server.In a DoS attack, several authentication requests are sent, filling the server up. The server tries to approve these requests, but it can’t because they all have false return addresses. So the system waits. After a minute or so, these connections are closed, but by this time, the attacker has already sent a new batch of requests, slowing up the system indefinitely.
Types of DoS Attack
Hey, Lets move on to the different types of DoS attacks.
a.) Fragmentation overlap
By forcing the OS to deal with overlapping TCP/IP packet fragments, this attack caused many OSs to suffer crashes and resource starvation. Exploit code was realeased with names such as bong,boink, and teardrop.
Hey, Lets move on to the different types of DoS attacks.
a.) Fragmentation overlap
By forcing the OS to deal with overlapping TCP/IP packet fragments, this attack caused many OSs to suffer crashes and resource starvation. Exploit code was realeased with names such as bong,boink, and teardrop.
b.) Oversized Packets
This is called the “Ping of Death” (ping -1 65510 192.168.2.3) an a Windows system (where 192.168.2.3 is the IP adress of the intended victim). What is happening is the attacker is pinging every port on the victims computer causing it to echo back 65510 requests. Another example is a jolt attack a simple C program for OSs whose ping commands wont generate oversized packets. The main goals of the “Ping of Death” is to generate a packet size that exceeds 65,535 bytes. Which can abrubtly cause the victim computer to crash. This technique is old !
This is called the “Ping of Death” (ping -1 65510 192.168.2.3) an a Windows system (where 192.168.2.3 is the IP adress of the intended victim). What is happening is the attacker is pinging every port on the victims computer causing it to echo back 65510 requests. Another example is a jolt attack a simple C program for OSs whose ping commands wont generate oversized packets. The main goals of the “Ping of Death” is to generate a packet size that exceeds 65,535 bytes. Which can abrubtly cause the victim computer to crash. This technique is old !
c.) Nukers
Yet another old form of attack this is related to a Windows vunlnerablity of some years ago that sent out-of-band(OOB) packets. To the consenting computer causing it to crash.
Yet another old form of attack this is related to a Windows vunlnerablity of some years ago that sent out-of-band(OOB) packets. To the consenting computer causing it to crash.
d.) SYN floods
A newer technique of DoS is SYN floods, basically this is done through a 3 step process, better known as the three way handshake. When a TCP connection is initiated this occurs. Under some normal circumstances, a SYN packet is sent from a specific port on system 1 to a specific port on system 2 that is in the LISTEN state. Then the potential connection on system 2 is in a SYN_RECV state. At this stage system 2 will attempt to send back a SYN/ACK packet to system 1.If all works out, system 1 will send back an ACK packet, and the connection will move to an ESTABLISHED state. Now thats what happens most of the time, but a SYN flood is different it creates a half open connection. Most systems can sustain hundreds of connections on a specific port, but it will only take a few half open connections to exhaust all the resources on the computer.
A newer technique of DoS is SYN floods, basically this is done through a 3 step process, better known as the three way handshake. When a TCP connection is initiated this occurs. Under some normal circumstances, a SYN packet is sent from a specific port on system 1 to a specific port on system 2 that is in the LISTEN state. Then the potential connection on system 2 is in a SYN_RECV state. At this stage system 2 will attempt to send back a SYN/ACK packet to system 1.If all works out, system 1 will send back an ACK packet, and the connection will move to an ESTABLISHED state. Now thats what happens most of the time, but a SYN flood is different it creates a half open connection. Most systems can sustain hundreds of connections on a specific port, but it will only take a few half open connections to exhaust all the resources on the computer.
e.) Smurf Attacks
The smurf attack was one of the first to demonstrate the use of unwitting DoS amplifiers on the Internet. A smurf takes advantage of directed broadcasts and requires a minimum of three actors: the attacker, the amplifying network, and the victim. What happens is the attacker sends out spoofed ICMP ECHO packets to the broadcast address of the amplifying network. The source address of packets is forged to make it appear as if the victim system has initiated the request. Then all hell breaks loose!!! Because the ECHO packet was sent to the broadcast address, all systems on the amplifying network will respond to the victim. Now take a thought if the attacker sends just a single ICMP packet to an amplifying network which contains 500 systems that will respond to a broadcast ping, the attacker has now succeeded in multiplying the DoS attack by a magnitude of 500!
The smurf attack was one of the first to demonstrate the use of unwitting DoS amplifiers on the Internet. A smurf takes advantage of directed broadcasts and requires a minimum of three actors: the attacker, the amplifying network, and the victim. What happens is the attacker sends out spoofed ICMP ECHO packets to the broadcast address of the amplifying network. The source address of packets is forged to make it appear as if the victim system has initiated the request. Then all hell breaks loose!!! Because the ECHO packet was sent to the broadcast address, all systems on the amplifying network will respond to the victim. Now take a thought if the attacker sends just a single ICMP packet to an amplifying network which contains 500 systems that will respond to a broadcast ping, the attacker has now succeeded in multiplying the DoS attack by a magnitude of 500!
f.) Fraggle Attack
A fraggle attack is the same as a smurf attack, but it uses UDP ports instead.
g.) DDoS Attack { The most famous and effective }
This is a much harder to block kind of attack, it has been used against big sites such as E-Trade, Ebay, and countless others. The problem with these attacks there very hard to trace. Most traces can link back to at Home users! The new DDoS attacks are termed Zombies or Bots. These bots rely heavily on remote automation techniques borrowed from Internet Relay Chat (IRC) scripts of the same name. A group of zombies under the control of a single person is called a zombie network or a bot army. The master of these armys or networks can do full fledged DDoS attacks or SYN floods. The basic estimate size of zombie networks are from a few systems to 150,000 systems. Even a few hundred machines could prove very dangerous. Note : keep tuned to ICA For the explanation of DDoS attack …
A fraggle attack is the same as a smurf attack, but it uses UDP ports instead.
g.) DDoS Attack { The most famous and effective }
This is a much harder to block kind of attack, it has been used against big sites such as E-Trade, Ebay, and countless others. The problem with these attacks there very hard to trace. Most traces can link back to at Home users! The new DDoS attacks are termed Zombies or Bots. These bots rely heavily on remote automation techniques borrowed from Internet Relay Chat (IRC) scripts of the same name. A group of zombies under the control of a single person is called a zombie network or a bot army. The master of these armys or networks can do full fledged DDoS attacks or SYN floods. The basic estimate size of zombie networks are from a few systems to 150,000 systems. Even a few hundred machines could prove very dangerous. Note : keep tuned to ICA For the explanation of DDoS attack …
How to do DoS attack ?
1) Using Botnets for DoS Attacks :
A botnet is a collection of compromised computers that can be used for malicious acts (like spam) on the Internet. Botnet-based DoS attacks are difficult for websites to deal with. This is because it is hard to distinguish legitimate requests from those coming from a botnet.
2) A simple DOS attack :
Open cmd, Type “ping {ip} -t -l 20000 ” - This command will ping the server,through its {ip} and 20000 bytes data.
DOS attack with ping flood will work only if the following cafeterias are satisfied:1. Attacker should have higher bandwidth than the victim.
2. Victim should respond to the ping requests
2. Victim should respond to the ping requests
3. ) Using Tools :
There are lost of tools availabe,that can do this job easily…Some of them are listed below…
a.) LOIC (Low Orbit Ion Cannon) : Probably the best DoS Tool there is. Download Here
b.) Rocket v1.0 : Sends the +++ath0 to a modem and disconnects them from the web. The S2=225 string must be added to your modem for it to function properly ! Download Here
c.) Nemesy : Nemesy generates random packets. The source IP is poofed because of random progressive generation. Download Here
d.) IGMP Nuke : An easy basic nuker, but a bit slow, overall it;s pretty good. Download Here
e.) Panther Mode 2 : A great fire-wall killer. Sends so much attacks that the firewall will force shut-down. (depends on the firewall) Download Here
Warning : Never never Do any attack from your pc,once if you traced,then no one can Help you
Posted in: HACKING
0 comments:
Post a Comment