Blogger Widgets

Tuesday 15 October 2013

Denial Of Service Attack (DoS) #DDOS #DOS #Hacker




This is a kind of attack in which an attacker or intruder tries to deprive system users or authorized users from accessing remote computer, network or a site. An attacker usually targets bandwidth of victim to perform this attack. Illegal use of internal resources may also result in denial of service hence it is not always the case that system has been attacked remotely it can be attacked from internal network from an unsatisfied or disgruntled employee. It can also be executed against network resources, services and data access in a networked environment. In all motive of DoS is only destruction not stealing although it can be performed as a distraction while stealing *Giggling*.
As a typical result of DoS a system may hang, respond slowly, reboot or shutdown a system. A worst case result may include loss of information, damage of network resources and hardware and ultimately deletion, destruction of data and programs of users that were online during attack. Thus DoS attack compromises system without intruding and is enough to disorganize organized infrastructure and functionality of an organization.

A DoS attack is also called Distributed Denial of Service (DDoS) attack when DoS attack is performed using several computers/laptops/zombies.

Now depending on what factor attacker has planned to attack modes of attacks are classified as follows,

1.Attack Against Connectivity:- In this kind of attack an attacker tries to stop hosts or users from connecting and communicating with another host or computer.

2.Misuse Of Internal Resources:- In this mode of attack an attacker tries to bind resources to specific machines which results in consumption network bandwidth and wastage and non-availability of resources for others.

3.Bandwidth Consumption:- In this mode of attack attacker generates large number of packets from system on which attack has been planned to be performed. Resulting consumption of bandwidth finally lead its unavailability for others and results in DoS attack.

4.Consumption Of Network Resources:- In this mode of attack an attacker tries to consume resources on network.

5.Altering Configuration:- In this attack mode an attacker may try to exploit misconfigured information present on network for DoS.

Depending upon selected mode of attack DOS attacks are classified as,

SYN Attack

Smurf DoS

Buffer Overflow

Ping of Death

Tear Drop 



-:Types Of DoS:-

In this section we are going to cover different ways that can be used to carry out denial of service attacks. Note that no matter what kind of DoS attacker selects his/her motives remain same i.e bandwidth consumption, disrupting network connectivity or the destruction of configuration information.

1. Smurf DoS or Ping Flood:-

In this type of attack an attacker sends large number of ICMP echo (ping) to IP broadcast address and all the packets he/she sends have spoofed IP addresses. If the victim accepts IP broadcast request packets, then it will take ICMP request and reply thus multiplying the traffic by number of hosts resulting bandwidth consumption. Modes of attack used are bandwidth consumption and network connectivity

 2. Fraggle DoS Attack:-

It is same as Smurf DoS attack but instead of ICMP packets it uses UDP echo requests. Modes of attack used are bandwidth consumption and network connectivity.

3. Buffer Overflow Attack:-

Most commonly used DoS attack, can be performed locally or remotely. Most commonly used attack method is using a vulnerable application or program. Result of compromise on security of network. Common modes of attacks are misuse of internal resources and altering configuration

4. Ping Of Death:-

In this type of attack an attacker deliberately sends an ICMP echo packet of more than 65536 bytes. IP packet with size of 65536 bytes is oversized packet for TCP/IP stack. Many OS don’t know how to response to such huge packet resulting in freezing or crashing down. Attack mode can be classified as altering of configuration and misuse of resources.





5. Teardrop Attack:-

This attack takes advantage of fragmentation of IP packets during transmission. A large packet is chopped in pieces for easy transmission with each having sequence number in offset so that when all chucks get received they can be easily combined. In tear drop attack an attacker manipulates the offset value of the second or later fragment to overlap with previous or next one. This attack may cause hang and crash of system. Mode of attack is altering configuration.

6. SYN Half Open and SYN Flood:-

In SYN half open attack attacker exploits weakness in TCP three way handshake method and sends only SYN packet with spoofed IP and thus the target waits for opened connection to completed and since IP is spoofed there remains hardly any chance that connected will be completed. This results in non-availability of resources builds overload on system and it crashes down. In SYN flood attack attacker sends thousands of SYN packets to victim with huge frequency than it can handle resulting in denial of further requests. Both can be categorized under attacks against consumption of network resources and altering configuration.

-:Tools that Can be Used for DoS:-

In this section we will discuss a little about tools that can be used for DoS attacks. Please note that tools used for DoS attacks and DDoS are different, here we will discuss only those tools which are used for DoS attack not those which are used for DDoS. Most of the DoS tools are nothing but programs written by programmers, by the way you don't need to know about programming to understand and run these tools. These tools may be OS specific or platform independent depending on what condition the programmers has built the code.

-:JOLT:-

Jolt is DoS tool used to exploit vulnerability in windows networking code. It allows attacker to consume 100% of CPU time by sending packets that needs heavy CPU usage for processing. Though it is specially designed for windows it really isn't platform specific. The most vulnerable server to it is Windows 2000 Server.

-:BUBONIC:-

It is a C program when compiled can be used against windows and Linux. Linux versions which were not updated since 2.0.3.0 kernel are vulnerable along with windows 2003 server

-:LAND:-

Land tool sends victim request by spoofing IP address of packet with IP address of victim. Since IP address of source and destination are same, system crashes as system starts flooding itself with packets.

-:LATIERRA:-

It also works as Land tool but it sends TCP packets to more than one port number.



-:TARGA:-

One of the most horrible DoS tool in list is Targa. Targa can launch DoS attack in all possible types of DoS attacks. Its efficiency increases exponentially with more number of PC's.

-:BLAST:-

Blast is TCP services stress test tool but can also be used for launching DoS attack against unprotected server.

-:NEMSEY:-

It is a program that generates random packets with random port number and IP address and floods victim with it.

-:PANTHER:-

Its a packet flooding program that can overload a network connection with ICMP packets by sending fast ping requests causing a DoS attack.

-:CRAZY PINGER:-

It is also DoS tool of category flooder. It sends very large packets of ICMP to target.

-:FSMAX:-

It is a scrip-table server stress testing tool. This takes a text file as input and runs a server through a series of tests based on input. The purpose of this tool is to find buffer overflows of DoS points in a server.



Distributed Denial Of Service (DdoS)

Distributed Denial Of Service (DDoS) Attack is large scale DoS attack conducted with help of zombie systems or botnets on vulnerable target systems. Indirectly we can say a DDoS is launched via huge network of compromised systems. DDoS attack uses many computers to

 launch a coordinated DoS attack against one or more target. Using client/server technology (same as we do it in RAT clients), the attacker is able to multiply the effectiveness of the denial of service significantly by harnessing the resources of multiple computers to serve for attack. In most of the cases the zombie system user never come to know about his/her system is performing a DoS attack since an attacker can put condition to be low on bandwidth usage per zombie.

The victims compromised for performing an attack are known as “secondary victim” whereas the attack on the target is known as “primary victim”. An attacker generally gains administrative privilege on secondary targets to launch attack on primary target. Once attacker gains administrative privilege on secondary victim, he/she uploads DDoS program or script to launch an attack on primary victim. If an attacker has network of 30000 plus zombies then launched attack is nearly impossible to counter because number of IP address is too much for a single server to handle per second. DDoS are dangerous because they can even pull down very big hosts like Yahoo and Bing to their feet.

Most organizations secure themselves with a firewall but a firewall does not really guarantee against DDoS. A very good but badly administrated firewall can even lead to fall down of service. Conducting a DDoS attack is much simple than it appears if you already have thousands of compromised system. In fact in most cases you don't even need already created tools you can manually create your own tools if you have little programming knowledge of C and C++ and little about windows and Linux commands. In future posts I’ll show you how you can create your own script to launch a DDoS attack. 

Following are steps involved in conducting DDoS attack:

1. Compromise thousands of systems using RAT clients or botnets.

2. Write a program or script that can conduct attack

3. Trigger Zombies for attack

4. Don't stop until the target is down. 



For more information about denial of service attack and distributed denial of service attack you can check out  these other blog post Legendary DDoS Attack and DOS vs DDOS
Thanks For Visiting

No comments:

Post a Comment