WHAT IS DOS ATTACK ?
DOS is the acronym for Denial of Service, used to deny legitimate users access to a resource such as accessing a website, network, emails, etc. or making it extremely slow.
This type of attack is usually implemented by hitting the target resource such as a web server with too many requests at the same time. This results in the server failing to respond to all the requests. The effect of this can either be crashing the servers or slowing them down.
TYPES OF DOS ATTACKS
DOS– this type of attack is performed by a single host
Distributed DOS– this type of attack is performed by a number of compromised machines that all target the same victim. It floods the network with data packets.
HOW DOS ATTACKS WORK
Attack Techniques
Ping of Death (ICMP Flood)
Sends data packets above the maximum limit (65,536 bytes) that TCP/IP allows. TCP/IP fragmentation breaks the packets into small chunks that are sent to the server. Since the sent data packages are larger than what the server can handle, the server can freeze, reboot, or crash.
Smurf
Sends ICMP ping traffic target at an Internet Broadcast Address. The reply IP address is spoofed to that of the intended victim. All the replies are sent to the victim instead of the IP used for the pings. Since a single Internet Broadcast Address can support a maximum of 255 hosts, a smurf attack amplifies a single ping 255 times. The effect of this is slowing down the network to a point where it is impossible to use it.
Buffer overflow
A buffer is a temporal storage location in RAM that is used to hold data so that the CPU can manipulate it before writing it back to the disc. Buffers have a size limit. This type of attack loads the buffer with more data that it can hold. This causes the buffer to overflow and corrupt the data it holds. An example of a buffer overflow is sending emails with file names that have 256 characters.
Teardrop (Fragmentation Overlap)
This type of attack uses larger data packets. TCP/IP breaks them into fragments that are assembled on the receiving host. The attacker manipulates the packets as they are sent so that they overlap each other. This can cause the intended victim to crash as it tries to re-assemble the packets.
SYN attack
SYN is a short form for Synchronize. This type of attack takes advantage of the three-way handshake to establish communication using TCP. SYN attack works by flooding the victim with incomplete SYN messages. This causes the victim machine to allocate memory resources that are never used and deny access to legitimate users.
DOS ATTACK TOOLS
• LOIC (Low Orbit Ion Canon)
• XOIC
• HULK (HTTP Unbearable Load King)
• Nemesy (Random Packets)
• Land and LaTierra (Spoofing, SYN)
• Blast
• Panther (UDP Flood)
• Botnets (Group Of Computers)
COUNTERMEASURES
• Install Patches
• Use IDS
• Block Traffic (Firewall)
• Router (Configure packets size/limit)
• Implement Ingress/egress Filtering
• Disable Directed IP Broadcast
• Implement Reverse Path Forwarding
ATTACK IN ACTION
PING OF DEATH
ping 10.128.131.108 –t -65500
DOS is the acronym for Denial of Service, used to deny legitimate users access to a resource such as accessing a website, network, emails, etc. or making it extremely slow.
This type of attack is usually implemented by hitting the target resource such as a web server with too many requests at the same time. This results in the server failing to respond to all the requests. The effect of this can either be crashing the servers or slowing them down.
TYPES OF DOS ATTACKS
DOS– this type of attack is performed by a single host
Distributed DOS– this type of attack is performed by a number of compromised machines that all target the same victim. It floods the network with data packets.
HOW DOS ATTACKS WORK
Attack Techniques
Ping of Death (ICMP Flood)
Sends data packets above the maximum limit (65,536 bytes) that TCP/IP allows. TCP/IP fragmentation breaks the packets into small chunks that are sent to the server. Since the sent data packages are larger than what the server can handle, the server can freeze, reboot, or crash.
Sends ICMP ping traffic target at an Internet Broadcast Address. The reply IP address is spoofed to that of the intended victim. All the replies are sent to the victim instead of the IP used for the pings. Since a single Internet Broadcast Address can support a maximum of 255 hosts, a smurf attack amplifies a single ping 255 times. The effect of this is slowing down the network to a point where it is impossible to use it.
Buffer overflow
A buffer is a temporal storage location in RAM that is used to hold data so that the CPU can manipulate it before writing it back to the disc. Buffers have a size limit. This type of attack loads the buffer with more data that it can hold. This causes the buffer to overflow and corrupt the data it holds. An example of a buffer overflow is sending emails with file names that have 256 characters.
Teardrop (Fragmentation Overlap)
This type of attack uses larger data packets. TCP/IP breaks them into fragments that are assembled on the receiving host. The attacker manipulates the packets as they are sent so that they overlap each other. This can cause the intended victim to crash as it tries to re-assemble the packets.
SYN attack
SYN is a short form for Synchronize. This type of attack takes advantage of the three-way handshake to establish communication using TCP. SYN attack works by flooding the victim with incomplete SYN messages. This causes the victim machine to allocate memory resources that are never used and deny access to legitimate users.
DOS ATTACK TOOLS
• LOIC (Low Orbit Ion Canon)
• XOIC
• HULK (HTTP Unbearable Load King)
• Nemesy (Random Packets)
• Land and LaTierra (Spoofing, SYN)
• Blast
• Panther (UDP Flood)
• Botnets (Group Of Computers)
COUNTERMEASURES
• Install Patches
• Use IDS
• Block Traffic (Firewall)
• Router (Configure packets size/limit)
• Implement Ingress/egress Filtering
• Disable Directed IP Broadcast
• Implement Reverse Path Forwarding
ATTACK IN ACTION
PING OF DEATH
ping 10.128.131.108 –t -65500
NEMESIS
Number 0 will send infinite packets
No comments:
Post a Comment