Dos Attacks
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Dos Attacks as PDF for free.
More details
- Words: 2,542
- Pages: 10
dos attacks crippled welcome to my tutorial on dos (denial of services), well to start with i must say that dos attacks are not at all hacking. a dos attack can be caused by a sing click, believe it or not, even a newbie can cause a dos attack. a denial of service attack can bring down the servers of big firms such as yahoo, msn etc. anyways to start with i must say that this tutorial will explain the most of the commonly used dos attacks, how to use them and how to defend yourselves from these attacks.
denial of services a dos also known as denial of services attacks is a type of attack which exploits all the possible vulnerabilities in services like servers or softwares or internet protocols like tcp/ip, actually it brings down the target service by exploiting every possible vulnerability. in short, it prevents the user to use the particular service.
an example of denial of service attack: few years ago, a major flaw was detected in windows 95. in this particular operating system tcp/ip protocols could only handle a data packet within the size of 6400 bytes. this vulnerability was exploited by a simple ping command. the ping command was as follows: --------------------------------------------------------------------------ping �t �l 6500 --------------------------------------------------------------------------this simple ping command could crash and reboot a system. the above example is a description of the simplest dos attack, which was used to be implemented in the previous days. this dos attack is also called as ping of death. nowadays, ping of death is quiet feeble because almost all operating systems are patched to prevent such attacks. nowadays, deadly attacks like syn flooding, tear drop, smurf, semirandom etc are used. types of dos attacks there are basically two types of dos attacks. the first one is the magic packets attacks.
magic packets attacks
in this type of attack an attacker causes a dos attack by exploiting all the possible vulnerabilities in the operating systems or in the server or even in the software. this attack is implemented by sending few specially designed data packets to particular ports.
example of this type of attack ping of death winnuke resource exhaustion attack
by the name you can guess what type of attack this is. actually, every operating system has a definite amount of system resource. in this type of attack, the attacker sends limitless amount of data packet in a well planned way. what i mean to say by this is the attacker tries to overload the victim�s system resource and ram (random access memory), thus obligating it the victim�s system to crash or reboot.
example of this type of attack
icmp (internet control message protocol) ping network flood.
asymmetric dos
there are many ways of attacking a target system through dos attacks. asymmetric dos attack is a sophisticated way of attacking a bandwith or server. i will show this type of attack with an example:
i send an icmp (internet control message protocol) ping request to the target system with spoofed ip. i send it in a network of considerable bandwith with a spoofed ip, in such a manner that the target system thinks that the request is coming from a system within its network, so as to compel it to send back the data packet to that particular system in its network thus causing a flood circle. by repeating this process few times even from a 56 kbps dial up connection it is possible to bring down a network of high bandwidth cause a flood circle is developed within its internal network which will definitely overload the system resource.
commonly used dos attacks
syn flooding
this is one of the most dangerous attacks. this dos attack is executed by exploiting tcp/ip three-way-handshake based authentication system. in this dos attack, the attacker floods the target system with unfinished syn requests. the target system cannot finish the syn requests, so it has to use its system resource to store temporarily these syn requests. by this, the system resources get overloaded and the target system crashes.
you must be wondering what is tcp/ip three-way-handshake is? i am going to give you a detailed view on tcp/ip three-way-handshake.
so, for a productive connection between two systems, host and client must discharge a successful three-way-handshake.
first the client sends a syn packet alias syn request to the host demanding for a tcp/ip connection. then the host replies with a syn/ack packet to client thus showing its response and acknowledgement. after that, the client sends an ack packet to the host, thus completing the connection.
client ------------� Syn --------� host first handshake
host ----------� Syn/ack -----� client second handshake client -------------� Ack -------� host third handshake
a typical anatomy of connection establishment between two systems, after this operation, authentication takes place.
note: syn and ack packets are specially designed by the operating systems.
just like syn and ack packets, fin is also a type of data packet specially designed by the operating system to terminate connection with one another.
now you must be guessing how to perform this type of attacks, well it is a bit tedious to perform this attack, but still i am going to teach you all how to perform this type of attack. so, we have the knowledge about tcp ip three-wayhandshake and we also know the mechanism of this type of attack.
now, for performing this type of attack, we need to flood the target system with unfinished syn requests. what i mean to say is that we will send unfinished syn packets in response with the host�s syn/ack packets.
note: we will just send syn packets; we will not send ack packets.
so, we must think analytically, before flooding. here, i first send a syn packet requesting for a connection with the target system. the target system would obviously response with the syn/ack packet. now i will ignore the syn/ack packet
from the host and send some more syn request to the target system. note that i have not completed the earlier three-way-handshake, so the target system has pending syn packets which are loaded in its memory, thus devouring system resource. also note that i have sent couple of more syn packets to the target system, but did not response to the syn/ack packets from the host. through this the resource of the system is devoured by these pending syn requests, which are not completed by me. in this manner i continue to flood the target system with numerous of syn requests within a very short period of time. with my dos attack, the target system�s resource is devoured by these unfinished syn packets. through this the system crashes or reboots. i know that you must be wondering how to send syn requests to the target system. well, there are many tools to send specially designed data packets.
tools of trade
libnet tfn2k
teardrop attacks
this attack is actioned by exploiting vulnerability; this vulnerability is present in almost all the operating systems. this vulnerability is called as packet reassembling vulnerability. this is a very well planned attack and very precarious. this attack can be carried out from system with very low bandwith. i must say, this is a true example of an asymmetric denial of service attack.
packet reassembling vulnerability
i will give you a practical example of packet reassembling vulnerability. suppose you have a 56 kbps (kilobyte per second) modem, now you want to send a file of 1 mb (megabyte). you want to send the file via send file option in yahoo or msn or via ftp (file transfer protocol) server. have you ever wondered how your 56 kilobytes modem will send a 1000 kilobyte file? well, the answer is quiet simple, actually, the file, which you are going to send, is broken into small fragments at the source system, these break ups are called as packets. all these packets are accumulated at the target system to produce the original file.
every packet of data, which is sent through the internet, has two parts:
1. the header part � this part comprises some important information, like sequence number, byte length, data type etc. 2. the tail part � it comprises the actual information stacked in the file.
note: the header part contains the information for reassembling.
let us take a small example
suppose i want to send a file of size 5000 kb to my friend. now, the file, which i am going to send, is broken down into 5 parts each containing 1000 kb. actually, the file is broken into much smaller parts, but i have saved it 5 parts, to avoid complications.
now, these 5 parts are called as data packets and each part will carry 1000 packets. the header part of the first packet will have byte length of 1-1000; second packet will have 1001-2000, similarly the third packet will have 2001-3000, so and so forth.
each packet has an offset field which indicates which byte to which byte a particular data packet contains. according to this offset field the data packets are reassembled in the target system to generate the original file. the header part of the above data packets is explained schematically.
data packet no. size offset field type
1 1000 1-1000 tcp/ip 2 1000 1001-2000 tcp/ip 3 1000 2001-3000 tcp/ip 4 1000 3001-4000 tcp/ip 5 1000 4001-5000 tcp/ip
now, you must be wondering how to execute teardrop attack. well, in teardrop attack custom made data packets with offset fields are sent to the target system. through this the target system crashes or reboots. so, i am going to demonstrate you teardrop attack through a practical example.
okay, so, firstly, i want to send a file of 5000 kb to the target system. so, this file is split up into 5 parts each of 1000 kb. these are supposed to be reassembled in the target system. for executing the teardrop attack on the target system, i have to modify the offset fields of these data packets. these data packets will be sent to the target system and the target system will attempt to reassemble the data packets according to its offset fields.
suppose, the first packet will have offset field of 1-1000, then the second packet will have offset field of 1001-2000. but, in the third packet i will alter the offset field; i will change it from 2001-3000 to 2000-3000, similarly in the fourth packet the offset field will be 3000-4000 and in the fifth packet the offset field will be 4000-5000. you all must have noticed that 2000, 3000, 4000 has appeared twice in the offset field. the target system will expect something like this:
1 ---� 1000 1001 ---� 2000 2000 ---� 3000 3000 ---� 4000 4000 ---� 5000
instead of this:
1 --� 1000 1001 --� 2000 2001 --� 3000 3001 --� 4000 4001 --� 5000
the target system will have no idea, how to tackle these kinds of data packets and reassembling these data packets according to tcp/ip or ipv4 will result in system crash or reboot
tools of trade
elite tfn2k
note: if you are an elite c programmer, then try making your own denial of service tool.
smurf attack
this is one of the most precarious denial of service (dos) attack. it is a very
intelligent and sophisticated attack. it has the capacity of causing a disaster in the target network. it can even bring down the entire network. in this type of attack, the attacker uses simple ping flood with spoofed ip (internet protocol). basically the attacker tries to create a circle of flood among the target system and a system within its internal network. to deal with this type of dos attack, you need to have a clear conception about ip spoofing.
note: read my tutorial on �ip spoofing elucidated�
actually, ip spoofing is a technique to amend your ip with some other ip. for example
suppose my ip is 203.194.196.255, by performing ip spoofing i can establish a connection or send data packets to a remote system with some other ip, say 64.1.123.56. i personally think that ip spoofing is a complicated topic to discuss, so i suggest you all to read my tutorial on ip spoofing elucidated. also, read the most comprehensive tutorial on ip spoofing, �ip spoofing demystified�. anyways, i think i should give you a brief overview on ip spoofing. as, i have already told you ip spoofing is a technique to amend your ip with some other ip. i have also explained about the tcp/ip 3 way handshake authentication system. another thing i need to explain is that the header part of every data packet consists of a sequence number which is particular to that packet only. this sequence number helps the target system to distinguish that particular data packet. they can be realized as 32 bit counters ranging between 0 to 4, 294, 967, 295 so, in ip spoofing, what happens is that in order to establish a connection with the remote system with a spoofed ip, you need to send custom made data packets to the target system. according to the tcp/ip 3 way handshake authentication system, in response to your syn packets the target computer will send a syn/ack packet to the spoofed ip.
let�s take an example:
real: 203.194.196.255 syn 64.1.123.56 attacker ------------------------------------------� Target spoofed: 203.194.196.255 syn 64.1.123.56
ip: 64.1.123.56 syn/ack ip: 203.194.196.255 target -------------------------------------------� Spoofed ip
well, in order to complete the tcp connection with a spoofed ip, you need to send an ack packet to the target system with a valid sequence number to establish the connection. the establishment with a valid sequence number is very difficult.
execution of smurf attack
well, i think you know the basic overview of smurf attack. basically, in this kind of attack, the attacker ceaselessly ping floods the target system with an ip spoofed as the ip of a system within the internal network of the target computer. so, in response to the attacker�s ping requests the target computer sends data packets to the spoofed ip that is, the system within its internal network which causes that system to resend it to the attacker�s target system. so, through this, the attacker�s target system is being ping flooded from two ends and in one end a circle of ping of death is established which results in resource exhaustion of the target system resulting in system crash.
protection from dos attacks
just like the attackers find vulnerabilities to be exploited for inducing dos attack, the programmer or the developer should be aware of the vulnerabilities. the crucial thing is that, the programmers or the developers should release patches for the particular vulnerability. let us take microsoft; it has patched its operating system to prevent syn flooding, by limiting the number of syn requests to be stored in the system memory thus preventing it from getting overloaded. well, the operating system is not totally invulnerable; syn flooding can still be executed. well, it is necessary for you to update your softwares and operating systems, to prevent dos attacks. i think that the developers or the programmers should no about the vulnerability as well as the attack which can be carried out through the particular vulnerability.
denial of services a dos also known as denial of services attacks is a type of attack which exploits all the possible vulnerabilities in services like servers or softwares or internet protocols like tcp/ip, actually it brings down the target service by exploiting every possible vulnerability. in short, it prevents the user to use the particular service.
an example of denial of service attack: few years ago, a major flaw was detected in windows 95. in this particular operating system tcp/ip protocols could only handle a data packet within the size of 6400 bytes. this vulnerability was exploited by a simple ping command. the ping command was as follows: --------------------------------------------------------------------------ping �t �l 6500
magic packets attacks
in this type of attack an attacker causes a dos attack by exploiting all the possible vulnerabilities in the operating systems or in the server or even in the software. this attack is implemented by sending few specially designed data packets to particular ports.
example of this type of attack ping of death winnuke resource exhaustion attack
by the name you can guess what type of attack this is. actually, every operating system has a definite amount of system resource. in this type of attack, the attacker sends limitless amount of data packet in a well planned way. what i mean to say by this is the attacker tries to overload the victim�s system resource and ram (random access memory), thus obligating it the victim�s system to crash or reboot.
example of this type of attack
icmp (internet control message protocol) ping network flood.
asymmetric dos
there are many ways of attacking a target system through dos attacks. asymmetric dos attack is a sophisticated way of attacking a bandwith or server. i will show this type of attack with an example:
i send an icmp (internet control message protocol) ping request to the target system with spoofed ip. i send it in a network of considerable bandwith with a spoofed ip, in such a manner that the target system thinks that the request is coming from a system within its network, so as to compel it to send back the data packet to that particular system in its network thus causing a flood circle. by repeating this process few times even from a 56 kbps dial up connection it is possible to bring down a network of high bandwidth cause a flood circle is developed within its internal network which will definitely overload the system resource.
commonly used dos attacks
syn flooding
this is one of the most dangerous attacks. this dos attack is executed by exploiting tcp/ip three-way-handshake based authentication system. in this dos attack, the attacker floods the target system with unfinished syn requests. the target system cannot finish the syn requests, so it has to use its system resource to store temporarily these syn requests. by this, the system resources get overloaded and the target system crashes.
you must be wondering what is tcp/ip three-way-handshake is? i am going to give you a detailed view on tcp/ip three-way-handshake.
so, for a productive connection between two systems, host and client must discharge a successful three-way-handshake.
first the client sends a syn packet alias syn request to the host demanding for a tcp/ip connection. then the host replies with a syn/ack packet to client thus showing its response and acknowledgement. after that, the client sends an ack packet to the host, thus completing the connection.
client ------------� Syn --------� host first handshake
host ----------� Syn/ack -----� client second handshake client -------------� Ack -------� host third handshake
a typical anatomy of connection establishment between two systems, after this operation, authentication takes place.
note: syn and ack packets are specially designed by the operating systems.
just like syn and ack packets, fin is also a type of data packet specially designed by the operating system to terminate connection with one another.
now you must be guessing how to perform this type of attacks, well it is a bit tedious to perform this attack, but still i am going to teach you all how to perform this type of attack. so, we have the knowledge about tcp ip three-wayhandshake and we also know the mechanism of this type of attack.
now, for performing this type of attack, we need to flood the target system with unfinished syn requests. what i mean to say is that we will send unfinished syn packets in response with the host�s syn/ack packets.
note: we will just send syn packets; we will not send ack packets.
so, we must think analytically, before flooding. here, i first send a syn packet requesting for a connection with the target system. the target system would obviously response with the syn/ack packet. now i will ignore the syn/ack packet
from the host and send some more syn request to the target system. note that i have not completed the earlier three-way-handshake, so the target system has pending syn packets which are loaded in its memory, thus devouring system resource. also note that i have sent couple of more syn packets to the target system, but did not response to the syn/ack packets from the host. through this the resource of the system is devoured by these pending syn requests, which are not completed by me. in this manner i continue to flood the target system with numerous of syn requests within a very short period of time. with my dos attack, the target system�s resource is devoured by these unfinished syn packets. through this the system crashes or reboots. i know that you must be wondering how to send syn requests to the target system. well, there are many tools to send specially designed data packets.
tools of trade
libnet tfn2k
teardrop attacks
this attack is actioned by exploiting vulnerability; this vulnerability is present in almost all the operating systems. this vulnerability is called as packet reassembling vulnerability. this is a very well planned attack and very precarious. this attack can be carried out from system with very low bandwith. i must say, this is a true example of an asymmetric denial of service attack.
packet reassembling vulnerability
i will give you a practical example of packet reassembling vulnerability. suppose you have a 56 kbps (kilobyte per second) modem, now you want to send a file of 1 mb (megabyte). you want to send the file via send file option in yahoo or msn or via ftp (file transfer protocol) server. have you ever wondered how your 56 kilobytes modem will send a 1000 kilobyte file? well, the answer is quiet simple, actually, the file, which you are going to send, is broken into small fragments at the source system, these break ups are called as packets. all these packets are accumulated at the target system to produce the original file.
every packet of data, which is sent through the internet, has two parts:
1. the header part � this part comprises some important information, like sequence number, byte length, data type etc. 2. the tail part � it comprises the actual information stacked in the file.
note: the header part contains the information for reassembling.
let us take a small example
suppose i want to send a file of size 5000 kb to my friend. now, the file, which i am going to send, is broken down into 5 parts each containing 1000 kb. actually, the file is broken into much smaller parts, but i have saved it 5 parts, to avoid complications.
now, these 5 parts are called as data packets and each part will carry 1000 packets. the header part of the first packet will have byte length of 1-1000; second packet will have 1001-2000, similarly the third packet will have 2001-3000, so and so forth.
each packet has an offset field which indicates which byte to which byte a particular data packet contains. according to this offset field the data packets are reassembled in the target system to generate the original file. the header part of the above data packets is explained schematically.
data packet no. size offset field type
1 1000 1-1000 tcp/ip 2 1000 1001-2000 tcp/ip 3 1000 2001-3000 tcp/ip 4 1000 3001-4000 tcp/ip 5 1000 4001-5000 tcp/ip
now, you must be wondering how to execute teardrop attack. well, in teardrop attack custom made data packets with offset fields are sent to the target system. through this the target system crashes or reboots. so, i am going to demonstrate you teardrop attack through a practical example.
okay, so, firstly, i want to send a file of 5000 kb to the target system. so, this file is split up into 5 parts each of 1000 kb. these are supposed to be reassembled in the target system. for executing the teardrop attack on the target system, i have to modify the offset fields of these data packets. these data packets will be sent to the target system and the target system will attempt to reassemble the data packets according to its offset fields.
suppose, the first packet will have offset field of 1-1000, then the second packet will have offset field of 1001-2000. but, in the third packet i will alter the offset field; i will change it from 2001-3000 to 2000-3000, similarly in the fourth packet the offset field will be 3000-4000 and in the fifth packet the offset field will be 4000-5000. you all must have noticed that 2000, 3000, 4000 has appeared twice in the offset field. the target system will expect something like this:
1 ---� 1000 1001 ---� 2000 2000 ---� 3000 3000 ---� 4000 4000 ---� 5000
instead of this:
1 --� 1000 1001 --� 2000 2001 --� 3000 3001 --� 4000 4001 --� 5000
the target system will have no idea, how to tackle these kinds of data packets and reassembling these data packets according to tcp/ip or ipv4 will result in system crash or reboot
tools of trade
elite tfn2k
note: if you are an elite c programmer, then try making your own denial of service tool.
smurf attack
this is one of the most precarious denial of service (dos) attack. it is a very
intelligent and sophisticated attack. it has the capacity of causing a disaster in the target network. it can even bring down the entire network. in this type of attack, the attacker uses simple ping flood with spoofed ip (internet protocol). basically the attacker tries to create a circle of flood among the target system and a system within its internal network. to deal with this type of dos attack, you need to have a clear conception about ip spoofing.
note: read my tutorial on �ip spoofing elucidated�
actually, ip spoofing is a technique to amend your ip with some other ip. for example
suppose my ip is 203.194.196.255, by performing ip spoofing i can establish a connection or send data packets to a remote system with some other ip, say 64.1.123.56. i personally think that ip spoofing is a complicated topic to discuss, so i suggest you all to read my tutorial on ip spoofing elucidated. also, read the most comprehensive tutorial on ip spoofing, �ip spoofing demystified�. anyways, i think i should give you a brief overview on ip spoofing. as, i have already told you ip spoofing is a technique to amend your ip with some other ip. i have also explained about the tcp/ip 3 way handshake authentication system. another thing i need to explain is that the header part of every data packet consists of a sequence number which is particular to that packet only. this sequence number helps the target system to distinguish that particular data packet. they can be realized as 32 bit counters ranging between 0 to 4, 294, 967, 295 so, in ip spoofing, what happens is that in order to establish a connection with the remote system with a spoofed ip, you need to send custom made data packets to the target system. according to the tcp/ip 3 way handshake authentication system, in response to your syn packets the target computer will send a syn/ack packet to the spoofed ip.
let�s take an example:
real: 203.194.196.255 syn 64.1.123.56 attacker ------------------------------------------� Target spoofed: 203.194.196.255 syn 64.1.123.56
ip: 64.1.123.56 syn/ack ip: 203.194.196.255 target -------------------------------------------� Spoofed ip
well, in order to complete the tcp connection with a spoofed ip, you need to send an ack packet to the target system with a valid sequence number to establish the connection. the establishment with a valid sequence number is very difficult.
execution of smurf attack
well, i think you know the basic overview of smurf attack. basically, in this kind of attack, the attacker ceaselessly ping floods the target system with an ip spoofed as the ip of a system within the internal network of the target computer. so, in response to the attacker�s ping requests the target computer sends data packets to the spoofed ip that is, the system within its internal network which causes that system to resend it to the attacker�s target system. so, through this, the attacker�s target system is being ping flooded from two ends and in one end a circle of ping of death is established which results in resource exhaustion of the target system resulting in system crash.
protection from dos attacks
just like the attackers find vulnerabilities to be exploited for inducing dos attack, the programmer or the developer should be aware of the vulnerabilities. the crucial thing is that, the programmers or the developers should release patches for the particular vulnerability. let us take microsoft; it has patched its operating system to prevent syn flooding, by limiting the number of syn requests to be stored in the system memory thus preventing it from getting overloaded. well, the operating system is not totally invulnerable; syn flooding can still be executed. well, it is necessary for you to update your softwares and operating systems, to prevent dos attacks. i think that the developers or the programmers should no about the vulnerability as well as the attack which can be carried out through the particular vulnerability.
Related Documents
Dos Attacks
November 2019 13
A Bit For Dos Attacks
April 2020 7
Wildcard Attacks
May 2020 8
Dos
December 2019 46
Dos
November 2019 44