DDoS Attacks & How to Mitigate Them

In computing, a denial of service attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend service of a host connected to the internet.

the signs of a potential DoS attack? Here are a few that may indicate that a DoS attack is in effect:

■ Unavailability of a resource

■ Loss of access to a website

■ Slow performance

■ Increase in spam emails

DoS Targets

DoS attacks result in a multitude of consequences. Let’s look at some common examples of

what is seen in the real world and what you’ll most likely see on the exam:

Web Server Compromise A Successful DoS attack and subsequent compromise of a web

server constitutes the widest public exposure against a specific target. What you see most

often is a loss of uptime for a company web page or web resource.

Back-End Resources Back-end resources include infrastructure items that support a

public-facing resource such as a web application. DoS attacks that take down a backend

resource such as a customer database or server farm essentially render all front-end

resources unavailable.

Network or Computer Specific DoS attacks are also launched from within a local area

network, with intent to compromise the network itself or to compromise a specific node

such as a server or client system.

Types of Attacks

DoS attacks come in many fl avors, each of which is critical to your understanding of the

nature of the DoS attack class.

SYN Attack/Flood

This type of attack exploits the three-way handshake with the intention of tying up a

system. For this attack to occur, the attacker will forge SYN packets with a bogus source

address. When the victim system responds with a SYN-ACK, it goes to this bogus address,

and since the address doesn’t exist, it causes the victim system to wait for a response that

will never come. This waiting period ties up a connection to the system because the system

will not receive an ACK.

ICMP Flood Attack

An ICMP request requires the server to process the request and respond, thus consuming

CPU resources. Attacks on the ICMP include smurf attacks, ICMP floods, and ping floods,

all of which take advantage of this situation by flooding the server with ICMP requests

without waiting for the response.

Ping of Death

A true classic indeed, originating in the mid- to late-1990s, the ping of death was a ping

packet that was larger than the allowable 64 K. Although not much of a significant threat

today due to ping blocking, OS patching, and general awareness, back in its heyday the

ping of death was a formidable and extremely easy-to-use DoS exploit. Exercise 11.2

demonstrates how to perform a ping of death in Windows.

Teardrop

A teardrop attack occurs when an attacker sends custom-crafted fragmented packets with

offset values that overlap during the attempted rebuild. This causes the target machine to

become unstable when attempting to rebuild the fragmented packets.

Smurf

A smurf attack spoofs the IP address of the target machine and sends numerous ICMP echo

request packets to the broadcast addresses of intermediary sites. The intermediary sites

amplify the ICMP traffic back to the source IP, thereby saturating the network segment of

the target machines.

Fraggle

A fraggle attack is a variation of a smurf attack that uses UDP echo requests instead of

ICMP. It still uses an intermediary for amplification. Commonly a fraggle attack targets the

UDP echo requests to the chargen (character generator) port of the intermediary systems

via a broadcast request. Just as in a smurf attack, the attacker spoofs the victim’s IP address

as the source. Each client that receives the echo to the chargen port will in turn generate a

character to be sent to the victim. Once it’s received, the victim machine will echo back to

the intermediary’s chargen port, thus restarting the cycle.

Land

A land attack sends traffic to the target machine with the source spoofed as the target

machine itself. The victim attempts to acknowledge the request repeatedly with no end.

Practical:

ICMP Flood with hping3

In this exercise you will use hping3 to perform a smurf attack.

At the Linux command prompt type:

hping3 -1 –flood -a 192.168.0.10

hping3 -c 10000 -d 128 -S -w 64 -p 8080 –flood –rand-source <Target IP>

In this command hping3 spoofs broadcast packets to the target, which in this case is

192.168.0.10

Performing a Ping of Death

Perform a ping of death attack.

To perform a ping of death in Windows use the following command:

ping -l 65540 <hostname or IP>

ping <IP address> -l 65500 -w 1 -n 1

-w worker to set

-n time to set to replay back to the target

What is a DDoS Attack?

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination.

A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things devices that are infected and controlled by a common type of malware. Users are often unaware of a botnet infecting their system. 

Infected devices are controlled remotely by threat actors, often cybercriminals, and are used for specific functions, so the malicious operations stay hidden to the user. Botnets are commonly used to send email spam, engage in click fraud campaigns and generate malicious traffic for distributed denial-of-service attacks.

Tools for Performing DOS and DDOS attack

Goldeneye – it’s a Kali Linux tool from Github.com

https://github.com/jseidl/GoldenEye download Link

To run the goldeneye.py firstly download it from the github.com and copy it to the directory where you want to save.

Open terminal – # ./goldeneye.py <URL of the target> -w 10 -s 500 -m random

For DDOS attack the main task is to down the target server by botnets for creating virtual slaves we are using Ufonet from github.com

https://github.com/epsylon/ufonet download link

LOIC – LOIC performs a DoS attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP or UDP packets with the intention of disrupting the service of a particular host.

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *