Thursday, November 22, 2012

DENIAL OF SERVICE ATTACK

  • What is a DoS?

A Denial of Service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it's users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users. When the attackers don't find any vulnerability in the targeted system they produce the DoS to take that down.


  • SYN Flood Attack:

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

A normal connection between a user (Alice) and a server. The three-way handshake is correctly performed.


In SYN flood attack, the attacker (Mallory) sends several packets but does not send the ACK back to the server. The connections are hence half-opened and consuming server resources. Alice, a legitimate user, tries to connect but the server refuses to open a connection resulting in a denial of service.

Low Orbit Ion Cannon (LOIC) is an open source network stress testing and denial-of-service attack application, written in C#.
  • DDoS Attack:
DDoS, short for Distributed Denial of Service, is a type of DOS attack where multiple compromised systems which are usually infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. 

In Indo-Pak cyber war (2003), Yaha worms, created by Roxx (member of indiansnakes.cjb.net), a standard 12 student from Bangalore, disable antivirus software and command the computer to launch a distributed denial-of-service attack of Pakistani websites.

Yaha is a mass-mailing worm like ILOVEYOU or MYDOOM that sends itself to all email addresses that exist in the Microsoft Windows Address Book, the MSN Messenger List, the Yahoo Pager list, the ICQ list. It also leaves Windows registry patch, thus making the system a Zombie.



  • Protection:

1. Firewalls can be setup to have simple rules such to allow or deny protocols, ports or IP addresses. In the case of a simple attack coming from a small amount of unusual IP addresses for instance, one could put up a simple rule to drop all incoming traffic from those attackers.

2. DoS Defense System (DDS) is able to block connection-based DoS attacks and those with legitimate content but bad intent. A DDS can also address both protocol attacks (such as Teardrop and Ping of death) and rate-based attacks (such as ICMP floods and SYN floods).






Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...

No comments:

Post a Comment