Saturday, October 25, 2008

HACKING : DOS ATTACK










HACKING:A PATH:- DOS ATTACK

Definition:



Such an attack clogs up so much bandwidth on the target system that it cannot serve even legitimate users.



Working:



ATTACKER-----Infinite Malicious Data-----à VICTIM



Tools:



üPing of Death, SYN Flooding, Teardrop, Smurf, Land [TYPES]


üTrin00, Tribal Flood Network etc [TOOLS]





Steps involved in
DOS Attacks



Ø1.Attacker---------Infinite/ Malicious Data--à Target Network

2.Target Network gets choked or cannot handle the malicious data and hence crashes.


3.As a result, even legitimate clients/ people cannot connect to the target network.


4.This results in loss of revenue, disrupt in services, inconvenience, customer dissatisfaction and many other problems.


PING OF DEATH
Ø

ØThe maximum packet size allowed to be transmitted by TCP\IP on a network is 65 536 bytes.
Ø

ØIn the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCP\IP, is sent to the target system.
Ø

ØAs soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs.
Ø

ØThis attack can easily be executed by the ‘ping’ command as follows:
Ø
ping -l 65540 hostname


SMURF ATTACKS
Ø

ØIn SMURF Attacks, a huge number of Ping Requests are sent to the broadcast address of the target network, using Spoofed IP Addresses from within the target network.
Ø

ØDue to infinite loops thus generated and due to the large number of Ping Requests, the target network will crash, restart or hang up.


ØCountermeasure


Filter out all incoming packets which either:


ü Has its source address same as any internal system.

ü Has its target address as the broadcast address. There is NO reason why external systems need to send data to the broadcast address.



LAND ATTACKS

Ø

ØSome implementations of TCP/IP are vulnerable to packets which originate and terminate from the same IP Address.

Ø

ØHence, in a LAND attack, the attacker sends infinite packets to the victim system from the victim system itself (Spoofing!).

Ø

ØThe same source and target address and port number crashes the victim system.

Ø

ØCountermeasure:

Ø

Simple filtering should solve the problem.



BUSINESS THREATS
All services unusable.

All users Disconnected.

Loss of revenue.

Deadlines can be missed.

Unnecessary Inefficiency and Downtime.

Share Values go down. Customer Dissatisfaction.


COUNTERMEASURES
§
§Separate or compartmentalize critical services.

§Buy more bandwidth than normally required to count for sudden attacks.

§Filter out USELESS/MALICIOUS traffic as early as possible.

§Disable publicly accessible services.

§Balance traffic load on a set of servers.

§Regular monitoring and working closely with ISP will always help!

§Patch systems regularly.

§IPSec provides proper verification and authentication in the IP protocol.

§Use scanning tools to detect and remove DOS tools.



1 comments:

Unknown said...

u r doin smthin diffrnt than other.............n dat is helpful to other.............i think u type people always should be given priority