INTERNET HACKING ARTICLES (IHA)

DoS & DDoS How to Perform DoS, DdoS, Tools

Shehab Imam / Spr!nt3r

10/23/2012

IHA has No Legal/ Illegal Issues with this Book. This Book has been authored only keeping this in mind that this book will provide free edducation to all those who are interested and want to learn Ethical Hacking. The authors and the IHA team have only one Request to all of you PLEASE DO NOT UPLOAD IT TO MONETIZING SITES. Feel Free to Share or Upload it to any sites. But Please Remember the credits. Give the authors and the team some credit.

-:Denial of Service (DoS):-

This is a kind of attack in which an attacker or intruder tries to deprive system users or authorized users from

accessing remote computer, network or a site. An attacker usually targets bandwidth of victim to perform this attack.

Illegal use of internal resources may also result in denial of service hence it is not always the case that system has

been attacked remotely it can be attacked from internal network from an unsatisfied or disgruntled employee. It can

also be executed against network resources, services and data access in a networked environment. In all motive

of DoS is only destruction not stealing.

As a typical result of DoS a system may hang, respond slowly, reboot or shutdown a system. A worst case result

may include loss of information, damage of network resources and hardware and ultimately deletion, destruction of

data and programs of users that were online during attack. Thus DoS attack compromises system without intruding

and is enough to disorganize organized infrastructure and functionality of an organization.

A DoS attack is also called Distributed Denial of Service (DDoS) attack when DoS attack is performed using

several computers/laptops/zombies.

Now depending on what factor attacker has planned to attack modes of attacks are classified as follows,

1.Attack Against Connectivity:- In this kind of attack an attacker tries to stop hosts or

users from connecting and communicating with another host or computer .

2.Misuse Of Internal Resources:- In this mode of attack an attacker tries to bind

resources to specific machines which results in consumption network bandwidth and wastage and

non-availability of resources for others.

3.Bandwidth Consumption:- In this mode of attack attacker generates large number of

packets from system on which attack has been planned t o be performed. Resulting consumption of

bandwidth finally lead its unavailability for others and results in DoS attack.

4.Consumption Of Network Resources:- In this mode of attack an attacker tries to

consume resources on network.

5.Altering Configuration:- In this attack mode an attacker may try to exploit

misconfigured information present on network for DoS.

Depending upon selected mode of attack DOS attacks are classified as,

SYN Attack Smurf DoS Buffer Overflow Ping of Death Tear Drop

-:Types Of DoS:-

In this section we are going to cover different ways that can be used to carry out denial of service attacks. Note that

no matter what kind of DoS attacker selects his/her motives remain same i.e bandwidth consumption, disrupting

network connectivity or the destruction of configuration information.

1.Smurf DoS or Ping Flood:-

In this type of attack an attacker sends large number of ICMP echo (ping) to IP broadcast address and all the packets

he/she sends have spoofed IP addresses. If the victim accepts IP broadcast request packets, then it will take ICMP

request and reply thus multiplying the traffic by number of hosts resulting bandwidth consumption. Modes of attack

used are bandwidth consumption and network connectivity.

2.Fraggle DoS Attack:-

It is same as Smurf DoS attack but instead of ICMP packets it uses UDP echo requests. Modes of attack used are

bandwidth consumption and network connectivity.

3.Buffer Overflow Attack:-

Most commonly used DoS attack, can be performed locally or remotely. Most commonly used attack method is

using a vulnerable application or program. Result of compromise on security of network. Common modes of attacks

are misuse of internal resources and altering configuration.

4.Ping Of Death:-

In this type of attack an attacker deliberately sends an ICMP echo packet of more than 65536 bytes. IP packet with

size of 65536 bytes is oversized packet for TCP/IP stack. Many OS don’t know how to response to such huge packet

resulting in freezing or crashing down. Attack mode can be classified as altering of configuration and misuse of

resources.

5.Teardrop Attack:-

This attack takes advantage of fragmentation of IP packets during transmission. A large packet is chopped in pieces

for easy transmission with each having sequence number in offset so that when all chucks get received they can be

easily combined. In tear drop attack an attacker manipulates the offset value of the second or later fragment to

overlap with previous or next one. This attack may cause hang and crash of system. Mode of attack is altering

configuration.

6.SYN Half Open and SYN Flood:-

In SYN half open attack attacker exploits weakness in TCP three way handshake method and sends only SYN

packet with spoofed IP and thus the target waits for opened connection to completed and since IP is spoofed there

remains hardly any chance that connected will be completed. This results in non-availability of resources builds

overload on system and it crashes down. In SYN flood attack attacker sends thousands of SYN packets to victim

with huge frequency than it can handle resulting in denial of further requests. Both can be categorized under attacks

against consumption of network resources and altering configuration.

-:Tools that Can be Used for DoS:-

In this section we will discus a little about tools that can be used for DoS attacks. Please note that tools used for DoS

attacks and DDoS are different, here we will discus only thosetools which are used for DoS attack not those which

are used for DDoS. Most of the DoS tools are nothing but programs written by programmers, by the way you don't

need to know about programming to understand and run these tools. These tools may be OS specific or platform

independent depending on what condition the programmers has built the code.

-:JOLT:-

Jolt is DoS tool used to exploit vulnerability in windows networking code. It allows attacker to consume 100% of

CPU time by sending packets that needs heavy CPU usage for processing. Though it is specially designed for

windows it really isn't platform specific. The most vulnerable server to it is Windows 2000 Server.

-:BUBONIC:-

It is a C program when compiled can be used against windows and Linux. Linux versions which were not updated

since 2.0.3.0 kernel are vulnerable along with windows 2003 server

-:LAND:-

Land tool sends victim request by spoofing IP address of packet with IP address of victim. Since IP address of

source and destination are same, system crashes as system starts flooding itself with packets.

-:LATIERRA:-

It also works as Land tool but it sends TCP packets to more than one port number.

-:TARGA:-

One of the most horrible DoS tool in list is Targa. Targa can launch DoS attack in all possible types of DoS attacks.

Its efficiency increases exponentially with more number of PC's.

-:BLAST:-

Blast is TCP services stress test tool but can also be used for launching DoS attack against unprotected server.

-:NEMSEY:-

It is a program that generates random packets with random port number and IP address and floods victim with it.

-:PANTHER:-

Its a packet flooding program that can overload a network connection with ICMP packets by sending fast ping

requests causing a DoS attack.

-:CRAZY PINGER:-

It is also DoS tool of category flooder. It sends very large packets of ICMP to target.

-:FSMAX:-

It is a scrip-table server stress testing tool. This takes a text file as input and runs a server through a series of tests

based on input. The purpose of this tool is to find buffer overflows of DoS points in a server.

Distributed Denial Of Service

(DdoS)

Distributed Denial Of Service (DDoS) Attack is large scale DoS attack conducted with help of zombie systems or

botnets on vulnerable target systems. Indirectly we can say aDDoS is launched via huge network of compromised

systems. DDoS attack uses many computers to launch a coordinated DoS attack against one or more target.

Using client/server technology (same as we do it in RAT clients), the attacker is able to multiply the effectiveness of

the denial of service significantly by harnessing the resources of multiple computers to serve for attack. In most of

the cases the zombie system user never come to know about his/her system is performing a DoS attack since an

attacker can put condition to be low on bandwidth usage per zombie.

The victims compromised for performing an attack are known as “secondary victim” where as the target on whom

attack will be performed is known as “primary victim”. An attacker generally gains administrative privilege on

secondary targets to launch attack on primary target. Once attacker gains administrative privilege on secondary

victim, he/she uploads DDoS program or script to launch an attack on primary victim. If an attacker has network of

30000 plus zombies then launched attack is nearly impossible to counter because number of IP address is too much

for a single server to handle per second. DDoSare dangerous because they can even pull down very big hosts like

yahoo and bing to their feet.

Most organizations secure themselves with a firewall but a firewall does not really guarantee against DDoS. A very

good but badly administrated firewall can even lead to fall down of service. Conducting a DDoS attack is much

simple than it appears if you already have thousands of compromised system. In fact in most cases you don't even

need already created tools you can manually create your own tools if you have little programming knowledge of C

and C++ and little about windows and Linux commands. In future posts I „ll show you how you can create your own

script to launch a DDoS attack.

Following are steps involved in conducting DDoS attack:

1.Compromise thousands of systems using RAT clients or botnets.

2.Write a program or script that can conduct attack

3.Trigger Zombies for attack

4.Don't stop until the target is down.

Friends, I am covering basics of Denial Of Service Attacks because in coming posts I„ll be covering different ways

to launch DoS attacks. You are requested to read and grasp every basic detail before I show you real attacking

methodologies. Thanks for reading and keep Sharing.

More Links:

1. http://bit.ly/X209RX

2. http://bit.ly/ShieaT

FACEBOOK GROUP

FORUM BLOG

</THE END> </THANKS FOR READING>

</KEEP HACKING>