DOS attacks

What's the best way to setup a home network? Why should I care about BGP?

DOS attacks

Post by renegta0 on Wed Jul 23, 2008 7:31 pm
([msg=8110]see DOS attacks[/msg])

I'm a pen tester in training and I have a question about DOS attacks.

My question is, what makes an effective DOS attack? What do malicious hackers send out to consume so much bandwidth and resources that it keeps a successful denial of service? Also, I hear most of the time a good DOS is done with a spoofed IP in the header. Could someone explain this as well? I know I won't be doing much of this kind of attack while pentesting, just thought it might be good to know.

Thanks in advance.

-Justin
All work and no play makes Jack a dull boy.
renegta0
New User
New User
 
Posts: 10
Joined: Fri Jun 06, 2008 9:06 pm
Blog: View Blog (0)


Re: DOS attacks

Post by newbeski on Wed Jul 23, 2008 7:54 pm
([msg=8113]see Re: DOS attacks[/msg])

An effective dos attack is one that can be sustained over a long period of time. As for what is sent out the answer is simply anything to consume bandwidth. For instance i could make a program that continually refreshes a webpage and if i got it on enough computers it would more than likely bring down a website (this would be a shoddy way of doing it mind) also the ping command when crafted properly can consume a considerable amount of bandwidth (especially with the -t switch). however normally your victims bandwidth will be greater than yours (because its normally a server) so to bring it down you need multiple computers and its only down as long as the attack is sustained. As for a spoofed ip header thats just changing the ip at the top of a packet to make it look like it came from somewhere it didn't (helps stop things coming back to you). ip spoofing is also used if a computer only allows requests from certain computers (so that you can impersonate said computer).
newbeski
New User
New User
 
Posts: 1
Joined: Thu May 01, 2008 11:20 am
Blog: View Blog (0)


Re: DOS attacks

Post by yourmysin on Sat Aug 09, 2008 9:35 am
([msg=9174]see Re: DOS attacks[/msg])

An effective Denial of Service attack does exactly as it sounds, denies service. You do have to take in count the time of effectiveness and the effect of a DoS attack.

Imagine the Following, Blizzard is about to release Diablo III but it is only available online from blizzard.com. To bribe customers, for the first 12 hours the game will come with a few special items which will only be available through this time. If you are a malicious person, you could attempt to initiate a DoS attack against Blizzard so you would be the only one with these special items.

Since the time period is 12 hours, an effective DoS attack must last over 12 hours for your plan to work.
A+, Network+, MCTS(70-620), Security+, CCNA
yourmysin
Experienced User
Experienced User
 
Posts: 84
Joined: Mon Apr 21, 2008 9:02 pm
Location: Newport, Maine, USA
Blog: View Blog (0)


Re: DOS attacks

Post by atrius on Sun Aug 10, 2008 5:40 am
([msg=9263]see Re: DOS attacks[/msg])

Its been a while since i looked into these, but this is my understanding.

There are a few ways that DoS attacks work. Firstly, make the victim spend all its time sending information to a client who does not exist. This is done by packet modification or something similar. For example, we have a network with A and B.
A sends information to B : A->B
But what if B pretends to be C? There is no computer C on the network, but if A thinks that there is, then it will be wasting time sending data to the non-existant C.
This relates the spoofed Ip in the header you were mentioning. Basically, a network packet consists of a few bits of informaiton, something like this:
DestinationIP : Origin : Data.
The orgin and other information is containted in the "header" of a packet. To spoof the header means to change it to what you want, not what it actually should be.
This kind of attacks were the original DoS attacks, I think. However, they arnt so common now, because nobody cares if they are sending a few bytes every few seconds to somewhere that doesnt exist. The amount of bandwidth that is used today makes these attacks almost useless.

So, widespread bandwidth attacking DDoS (Distrubited Denial of Service) attacks are the rage now. These basically involve as many people as possible trying to connect to a server. The server cant cope with this many requests, and all its bandwidth is used up. This effectivly takes the server down, because it cant do anything - it has no network.
How do you orginize these kind of attacks, i hear you ask? Obviously if you got all your home computers and logged into, say, yahoo, Yahoo wont crash. You need alot of computers.

So, BotNets are used. This works as follows : many people are infected with a virus. That virus (in this case a trojan), sits on their computer. The trojans all login to IRC and wait for instructions. (Keeping in mind we could be talking about upwards of 10-20 million computers, here, if the virus is widespread, and probalby more).

When a victim is decided, the controlling person logs into IRC, and tells the bots the IP of the victim. The bots then all try to connect to the victim, crushing it with their bandwidth usage.

Some good reasons : Blackmail. First and formost. If I can tell a bank, or company, that its servers will be down for a few days and they'll be loosing money unless they pay me ... By controlling a DDoS BotNet, I have that power.
Revenge - if i dont like somebody and I have power to do this, then i could.
Buisness advantages - if Google goes down, then other search engines would profit, wouldnt they?
"cool factor" - I get to boast about the power I have.

Some good links
: Wikipedia : http://en.wikipedia.org/wiki/Denial-of-service_attack
: Yahoo Downage report : http://news.cnet.com/2100-1023-236621.html
atrius
New User
New User
 
Posts: 19
Joined: Wed Aug 06, 2008 7:23 am
Blog: View Blog (0)


Re: DOS attacks

Post by Sveezy on Mon Sep 29, 2008 4:34 am
([msg=12776]see Re: DOS attacks[/msg])

I'm currently having some serious problems with DoS attacks I believe they are. If someone could offer some assistance, I would be greatly thankful... pm me if at all possible.
Sveezy
New User
New User
 
Posts: 1
Joined: Mon Sep 29, 2008 4:30 am
Blog: View Blog (0)


Re: DOS attacks

Post by ArgentPyro on Mon Feb 09, 2009 5:31 pm
([msg=17580]see Re: DOS attacks[/msg])

How do DoS attacks against routers work? Is it just the same concept, except flooding computers in that IP range with packets?
Image
ArgentPyro
New User
New User
 
Posts: 10
Joined: Mon Feb 09, 2009 5:28 pm
Blog: View Blog (0)


Re: DOS attacks

Post by xcurious on Fri Feb 13, 2009 7:18 pm
([msg=17839]see Re: DOS attacks[/msg])

ArgentPyro wrote:How do DoS attacks against routers work? Is it just the same concept, except flooding computers in that IP range with packets?

yes, but it depends on the kind of router, for eg. cisco has prevention mechanisms implemented
- Apologies to all who I have flamed in the past. Thanks mods for unbanning me.


ckw100 wrote:so i have been pacticeing my batch file hacking for networks
xcurious
Experienced User
Experienced User
 
Posts: 79
Joined: Sun Sep 21, 2008 3:49 pm
Blog: View Blog (0)


Re: DOS attacks

Post by ArgentPyro on Mon Feb 16, 2009 5:14 pm
([msg=18038]see Re: DOS attacks[/msg])

thanks. What types of protection exactly? Does it log IP addresses and doesn't accept packets from IP's sending heavy traffic its way, or does it have a method of detecting patterns (i.e. nonsensical data, without meaningful headers)
Image
ArgentPyro
New User
New User
 
Posts: 10
Joined: Mon Feb 09, 2009 5:28 pm
Blog: View Blog (0)


Re: DOS attacks

Post by Arhk on Sun May 24, 2009 5:17 pm
([msg=24309]see Re: DOS attacks[/msg])

ArgentPyro wrote:thanks. What types of protection exactly? Does it log IP addresses and doesn't accept packets from IP's sending heavy traffic its way, or does it have a method of detecting patterns (i.e. nonsensical data, without meaningful headers)

I'm also curious about this 0_0
~ If I remember right my friend told me the server gets irritated & stops listening to you (because, really who does that many pages requests per second 0_0) which is why you need all the comps my explanation sounds simple but I know nothing about IP (in its advanced stages) been lookin for a good book a while now (any suggestions...?).
~ Binary is my acid for the next 5 or so years....
User avatar
Arhk
New User
New User
 
Posts: 37
Joined: Sat May 23, 2009 1:48 pm
Blog: View Blog (0)


Re: DOS attacks

Post by stateofmind76 on Sat Jun 06, 2009 8:14 am
([msg=24956]see Re: DOS attacks[/msg])

I think I just had an great idea!!!!!

Ok so, someone said you could change the top of the packet to include the reply address so
the server won't send packets back to you, how about it you made it so that reply address was..
THEIR SERVER'S IP, so the packets would hit them twice (and twice as hard), and also keeping
you anonomous!!!!

Please tell me if this is incredibly stupid before I try it.
stateofmind76
New User
New User
 
Posts: 7
Joined: Wed Jun 03, 2009 7:02 pm
Blog: View Blog (0)


Next

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests

cron