Blogger Widgets

Tuesday 17 September 2013

Legendary DDOS Attack #DDOS #Infosec #Hacker #DOS #WebAdmin


WHAT IS DOS ATTACK?
Denial of Service(DoS) Attack is a fatal attempt by an external agent to cause a situation where the actual resource(victim undergoing attack) becomes unavailable
to the actual visitors or users. This is usually done by overwhelming the target victim with illegitimate traffic in the form of broken/unsolicited page access requests.
Distributed Denial of Service(DDoS) Attack is an advance form of DoS where the attacking agents are distributed over the huge network (or internet)
How DoS Attacks are executed?
DoS Attacks are usually executed by flooding the target servers with unsolicited data packets in unprecedented manner. This may be done by mis-configuring network routers or by performing smurf attack on the victim servers. This results in, Capacity Overflow?, followed by Max Out of system resources, which makes the target service unavailable, either temporarily or permanently (In case of hardware targeted DoS attack) to the intended users.
In case of DDoS attack, the origin of unsolicited data packets (for the purpose of flooding the bandwidth/resource of the victim servers) are distributed over a large
Network (or internet). The overall mechanism of DDoS Attack involves a huge quantity of compromised network nodes (computers connected to internet), governed by agent handlers, which are further controlled centrally by the actual attacker.
The massive number of compromised computers on the internet are then unknowingly governed by the source attacker to demand access to the targeted victim within a minimal time span, which further causes saturation of limited system resources and results in eventual shutdown of the targeted service.
The most common method employed to compromise massive amount of user agents on the internet (to actually execute DDoS Attack) is by plaguing as many computers as possible over the internet with malware/trojan, meant for that particular purpose.
Such trojans can either spread via email attachments or via Peer-to-peer networks. Whatever be the method of spreading out, once the intended trojan is silently installed on the uninformed computer agent, that user agent has actually been compromised, which is then called as a Zombie or Botnet. Further, it becomes a prerogative of the source attacker to indirectly command some or all its Zombie agents(or botnets) for demanding access to the target service.

What are other variants of DoS attacks?

There are many other attacks of similar nature and purpose such as smurf attack,nuke bomb, ping of death, banana attack, phlashing among many others.
How are they counteracted?
The best way to defend a web service from faltering due to DDoS attack is to keep backup resources of the system intact. As the aim of such attack is to max out system resources, if the system resources are already abundant and well prepared to face that sudden peak of traffic at any moment, most chances are that your web service will survive DoS (or even DDoS) attack.
What implications can DDoS Attacks have?
If the attack is only limited to overwhelming and resource consuming traffic, the implications are limited to service unavailability for couple of hours (or few days in exceptional cases). This not only stresses the website administrators financially but also results in loss of market reputation and puts a question mark on the reliability of the web service.
In case of hardware targeted DoS Attacks, financial losses can magnify to great extent as hosting infrastructure has to be replaced on urgent basis. This can also lead to critical data loss, if backup procedures aren?t up to the mark.
With more and more DDoS attacks happening these days, companies and Internet properties are using various types of DDoS Mitigation strategies to avoid any worst case scenario.
 




DDOS ATTACK TYPES:-
 

1) Ping Of Death:- The ping of death attack sends oversized ICMP
datagrams (encapsulated in IP packets) to the victim.The Ping
command makes use of the ICMP echo request and echo reply
messages and it's commonly used to determine whether the remote
host is alive. In a ping of death attack, however, ping causes the remote
system to hang, reboot or crash. To do so the attacker uses, the ping
command in conjuction with -l argument (used to specify the size of the
packet sent) to ping the target system that exceeds the maximum bytes
allowed by TCP/IP (65,536).
example:- c:/>ping -l 65540 hostname
Fortunately, nearly all operating systems these days are not vulnerable
to the ping of death attack.
 

2) Teardrop Attack:- Whenever data is sent over the internet, it is broken into fragments at the source system and reassembled at the destination system. For example you need to send 3,000 bytes of data from one system to another. Rather than sending the entire chunk in a single packet, the data is broken down into smaller packets as given below:
* packet 1 will carry bytes 1-1000.
* packet 2 will carry bytes 1001-2000.
* packet 3 will carry bytes 2001-3000.
In teardrop attack, however, the data packets sent to the target computer contais bytes that overlaps with each other.
(bytes 1-1500) (bytes 1001-2000) (bytes 1500-2500)

When the target system receives such a series of packets, it cannot reassemble the data and therefore will crash, hang, or reboot.
Old Linux systems, Windows NT/95 are vulnerable.
 

3) SYN - Flood Attack:- In SYN flooding attack, several SYN packets are sent to the target host, all with an invalid source IP address. When the target system receives these SYN packets, it tries to respond to each one with a SYN/ACK packet but as all the source IP addresses are invalid the target system goes into wait state for ACK message to receive from source. Eventually, due to large number of connection requests, the target systems' memory is consumed. In order to actually affect the target system, a large number of SYN packets with invalid IP addresses must be sent.
 

4) Land Attack:- A land attack is similar to SYN attack, the only difference being that instead of including an invalid IP address, the SYNpacket include the IP address of the target sysetm itself. As a result an infinite loop is created within the target system, which ultimately hangs and crashes.Windows NT before Service Pack 4 are vulnerable to this attack.
 

5) Smurf Attack:- There are 3 players in the smurf attack–the
attacker,the intermediary (which can also be a victim) and the victim. In most scenarios the attacker spoofs the IP source address as the IP of the intended victim to the intermediary network broadcast address. Every host on the intermediary network replies, flooding the victim and the intermediary network with network traffic.
Result:- Performance may be degraded such that the victim, the victim and intermediary networks become congested and unusable, i.e. clogging thenetwork and preventing legitimate users from obtaining network services.
 

6) UDP - Flood Attack :- Two UDP services: echo (which echos back any character received) and chargen (which generates character) were used in the past for network testing and are enabled by default on most systems. These services can be used to launch a DOS by connecting the chargen to echo ports on the same or another machine and generatinglarge amounts of network traffic.

DDOS ATTACK BASIC TUTORIAL FOR BEGINNERS:-
 

Dos attacks-"Denial of Service” Attack
It's the attack to deny the service to the legitmate user ,so that he suffers
there are several reasons to do that.
Mostly likely reason is „NAST-YINESS?
Okay there are two ways for dos attacks one is the lame way and the other is the elite way
 


Lame way

Email Bombs – it s the technique in which a person email Alc is flooded with emails, it's the lamest form of DOS attack. All a person has to do is go on the net get some email bomber like UNA or KABOOM put the victims address and there ya go , his email address will be flooded with the unwanted emails, there is also another way put his email address into some porn subscription he will get bombed without you doing anything ,LOL When the victims email alc gets flooded he has a pain in differentiating and deleting the unwanted emails and it's the hugee task. And if the victim is the admin of the server and his email alc there is flooded it also looses his disk space.
Continous login – suppose a server is configured to allow only specified amount login attempts then, and you know his username you can lock his account, by attempting to connect by his name to the server which will lock his account and there ya go , the legitmate user won’t be able to log in ,the reason, you locked his Alc.
Okay now the neophyte way, it’s not that elite way but somewhat better than the lame way, atleast you are doing something technical.
 

Syn Flooding
This is a exploit in tcp/ip method of handshake. Read some basics on tcp/ip okay let’s start.
Normal way:-
Syn-packet is sent to the host by the client who intends to establish a connection
SYN Client --------------? Host
Then in the second step host replies with syn/ack packet to the client
SYN/ACK Client ?--------------Host
Then in the third and the last step
Client replies with ack packet to the host and then the threeway handshake is complete
Okay got it now ..?
Now in attack
Several syn packet is sent to host via spoofed ip address(bad or dead ip addresses) now then what happens the host replies with syn/ack packet and host waits for the ack packet. But however the ip address don?t exist it keeps waiting ,thus it queues up and eats the system resources and thus causes the server to crash or reboot.
 

Land attack
A land attack is similar to syn attack but instead of bad ip address the ip address of the target system itself is used. This creates an infinite loop, and the target system crashes. But however almost all systems are configured against this type of attacks.
 

Smurf Attack
A smurf attack is a sort of brute force dos attack, in which a huge number normally the router using the spoofed ip address from within the target network , so when it gets the ping it echos it back causing the network to flood. Thus jamming the traffic
 

Udp flooding
This kind of flooding is done against two target systems and can be used to stop the services offered by any of the two systems. Both of the target systems are connected to each other, one generating a series of characters for each packet received or in other words, requesting UDP character generating service while the other system, echoes all characters it receives. This creates an infinite non-stopping loop between the two systems, making them useless for any data exchange or service provision.
 

 



PING OF DEATH
This Attack don’t work now as all the servers are patched against this type of attack. In this attack a target system is pinged with data packet exceed the normal size allowed by the tcp/ip i.e 65536.This will cause the system to reboot or Hang up.
 

Tear Drop
When the data is passed from one system into another it is broken down into smaller fragments, and then in the receiving host they are again reassembled.
These packets have an offset field in there TCP header part which specifies from which part to which part that data carries or the range of data that it is carrying. This along with the sequence numbers, this helps the receiving host to reassemble the data. In tear drop the packets are sent with the overlapping offset field values thus the receiveing host is unable to reassemble them and crashes.
DDOS ATTACK MANUALLY:- 

First Open Cmd From Run => Cmd Now Follow These Steps -:
o Now Type This Command In CMD : Ping www.anysite.com
o And You Will Get The I.P of Victim
o Now Type => ping (i.p of site) –t –l 65000
Here 65000 is packets
Now Your PC Will Send A Huge Traffic To That Site…:D
Check That Site after 1 Hours it will be Down..!!!
Try This From More PC For A Good Response..!!!

DDOS ATTACK BY LOIC:-
For this tutorial we will be using one of the most effective and one of the least known tools called "Low Orbit Ion Cannon", this tool created by Anonymous members from 4chan.org, this program is one of the best for DDoS'ing, and I have successfully used it to DDoS websites.
An internet connection as bad as mine (2,500 kb/s) was able to keep a site down for a day with this program running. Remember that this tool will work best with high internet speeds, and try not to go for impossible targets (like Google, Myspace,Yahoo). LOIC is used on a single computer, but with friends it's enough to give sites a great deal of downtime.
Download LOIC (Low Orbit Ion Cannon) :
www.sourceforge.net/projects/loic
Type the target URL in the URL box. Click lock on. Change the threads to 9001 for maximum efficiency. Click the big button " IMMA FIRIN MAH LAZAR!"
Feel free to tweak around with these settings and play around with the program to get the best performance. Then minimize and go do whatever you need to do, the program will take care of the rest!
 

DDOS ATTACK BY JANIDOS:-
Download From Here :http://www.mediafire.com/?sn1caa9c2ad4dzc
After Downloading Open The Toolkit And Click On Try Weak Edition  this Ddos tool coded on visual basic 6 firstly you must send this ocx's to system32
comdlg32.ocx
msinet.ocx
mscomctl.ocx
mswinsck.ocx
This Tool will be detected supicious by Antiviruses because ddos tool works on port 80 & it is also a backdoor port soo it is a false positive detection dont worry this tool is clean.




No comments:

Post a Comment