Dos Attacks
Guys J J J J J
Today is important topic dos attack its mostly
used by hacker to crash some server and website
and its very easy just need to know all dos commands
Dos attacks or denial of
services attack have become very common amongst hackers who use them as a path
to fame and respect in the underground groups of the Internet, denial of
service attacks basically means denying valid Internet and network users from using
the services of the target network or server, it basically means launching an
attack which will temporarily make the services offered by the network unusable
by legitimate users
In others words one can
describe a dos attack, saying that a dos attack is one in which you clog up so
much memory on the target system that it cannot serve legitimate users, or you
send the target system data packets which cannot be handled by it and thus
causes it to either crash, reboot or more commonly deny services to legitimate
users
Dos attacks are of the following different
types :
1 - Those that exploit
vulnerabilities in the tcp/ip protocols suite
2 - Those that exploit
vulnerabilities in the Ipv4 implementation
3 - There are also some brute
force attacks, which try to use up all resources of the target system and make
the services unusable
Before i go on with dos
attacks, let me explain some vulnerabilities in tcp/ip itself, some common
vulnerabilities are ping of death, teardrop, syn attacks and land attacks
A - Ping Of
Death
This vulnerability is
quite well known and was earlier commonly used to hang remote systems [or even
force them to reboot] so that no users can use its services, this exploit no
longer works as almost all system administrators would have upgraded their
systems making them safe from such attacks, in this attack the target system is
pinged with a data packet that exceeds the maximum bytes allowed by tcp/ip,
which is 65536, this would have almost always caused the remote system to hang,
reboot or crash, this dos attack could be carried out even through the command
line, in the following manner, the following ping command creates a giant
datagram of the size 65540 for ping, it might hang the victim's computer :
[C:\windows>ping -l
65540]
B - Teardrop
The teardrop attack
exploits the vulnerability present in the reassembling of data packets,
whenever data is being sent over the Internet, it is broken down into smaller
fragments at the source system and put together at the destination system, say
you need to send 4000 bytes of data from one system to the other, then not all
of the 4000 bytes is sent at one go, this entire chunk of data is first broken
down into smaller parts and divided into a number of packets, with each packet
carrying a specified range of data, for example, say 4000 bytes is divided into
3 packets then :
The first packet will
carry data from 1 byte to 1500 bytes
The second packet will
carry data from 1501 bytes to 3000 bytes
The third packet will
carry data from 3001 bytes to 4000 bytes
These packets have an
offset field in their tcp header part, this offset field specifies from which
byte to which byte does that particular data packet carries data or the range
of data that it is carrying, this along with the sequence numbers helps the
destination system to reassemble the data packets in the correct order, now in
this attack a series of data packets are sent to the target system with
overlapping offset field values, as a result the target system is not able to
reassemble the packets and is forced to crash, hang or reboot
Say for example, consider
the following scenario : (Note: _ _ _ = 1 Data Packet)
Normally a system
receives data packets in the following form, with no overlapping offset values
_ _ _
_ _ _
_ _ _
[1 to 1500 bytes] [1501 to 3000
bytes]
[3001 to 4500 bytes]
Now in a Teardrop attack,
the data packets are sent to the target computer in the following format :
_ _ _
_ _ _
_ _ _
[1 to 1500 bytes] [1500 to 3000
bytes]
[1001 to 3600 bytes]
When the target system
receives something like the above, it simply cannot handle it and will crash or
hang or reboot
C - SYN Attack
The syn attack exploits
tcp/ip's three way handshake, Thus in order to understand as to how syn attacks
work, you need to first know how tcp/ip establishes a connection between two
systems, whenever a client wants to establish a connection with a host, then
three steps take place, these three steps are referred to as the three way
handshake in a normal three way handshake what happens is that, the client
sends a syn packet to the host, the host replies to this packet with a syn ack
packet, then the client responds with a ack [Acknowledgement] packet, this will
be clearer after the following depiction of these steps :
Client --------SYN
Packet--------------Ã Host
In the first step the
client sends a syn packet to the host, with whom it wants to establish a three
way connection, the syn packet requests the remote system for a connection, it
also contains the initial sequence number or isn of the client, which is needed
by the host to put back the fragmented data in the correct sequence
Host -------------SYN/ACK
Packet----------Ã Client
In the second step, the
host replies to the client with a syn/ack packet, this packet acknowledges the
syn packet sent by the client and sends the client its own isn
Client
--------------ACK-----------------------Ã Host
In the last step the
client acknowledges the syn/ack packet sent by the host by replying with a ack
packet, these three steps together are known as the 3 way handshake and only
when they are completed is a complete tcp/ip connection established, in a syn
attack, several syn packets are sent to the server but all these syn packets
have a bad source ip address, when the target system receives these syn packets
with bad ip addresses, it tries to respond to each one of them with a syn ack
packet, now the target system waits for an ack message to come from the bad ip
address, however as the bad ip does not actually exist, the target system never
actually receives the ack packet, it thus queues up all these requests until it
receives an ack message, the requests are not removed unless and until, the
remote target system gets an ack message, hence these requests take up or
occupy valuable resources of the target machine, to actually affect the target
system a large number of syn bad ip packets have to be sent, as these packets
have a bad source ip, they queue up use up resources and memory or the target
system and eventually crash, hang or reboot the system
D - Land
Attacks
Land attack is similar to
a syn attack, the only difference being that instead of a bad ip Address, the
ip address of the target system itself is used, this creates an infinite loop
between the target system and the target system itself, however almost all
systems have filters or firewalls against such attacks
E - Smurf
Attacks
Smurf attack is a sort of
brute force dos attack, in which a huge number of ping requests are sent to a
system [normally the router] in the target network, using spoofed ip addresses
from within the target network, as and when the router gets a ping message, it
will route it or echo it back, in turn flooding the network with packets, and
jamming the traffic, if there are a large number of nodes, hosts etc in the
Network, then it can easily clog the entire network and prevent any use of the
services provided by it
F - UDP
Flooding
This kind of flooding is
done against two target systems and can be used to stop the services offered by
any of the two systems, both of the target systems are connected to each other,
one generating a series of characters for each packet received or in other
words, requesting udp character generating service while the other system,
echoes all characters it receives, this creates an infinite non_stopping loop
between the two systems, making them useless for any data exchange or service
provision
Distributed Dos
Attacks
Dos attacks are not new,
in fact they have been around for a long time, however there has been a recent
wave of distributed denial of services attacks which pose a great threat to
security and are on the verge of overtaking [viruses - trojans] to become the
deadliest threat to internet security, now you see in almost all of the above
tcp/ip vulnerabilities which are being exploited by hackers, there is a huge
chance of the target's system administrator or the authorities tracing the
attacks and getting hold of the attacker, now what is commonly being done is,
say a group of 5 Hackers join and decide to bring a Fortune 500 company's
server down, now each one of them breaks into a smaller less protected network
and takes over it, so now they have 5 networks and supposing there are around
20 systems in each network, it gives these hackers, around 100 systems in all
to attack from, so they sitting on there home computer, connect to the hacked
less protected network install a denial of service tool on these hacked
networks and using these hacked systems in the various networks launch attacks
on the actual fortune 500 company, this makes the hackers less easy to detect
and helps them to do what they wanted to do without getting caught, as they
have full control over the smaller less protected network they can easily
remove all traces before the authorities get there, not even a single system
connected to the Internet is safe from such ddos attacks, all platforms
Including unix, windows nt are vulnerable to such attacks, even macos has not
been spared, as some of them are being used to conduct such ddos attacks
Email
hackerblackbox@gmail.com
0 Comments
thanks for your supports