Denial of Service (DOS) by Yusoff Yaacob https://padlet.com/yusoff83/DOS Ethical Hackers en-us 2017-02-14 04:10:22 UTC 2024-04-22 17:50:36 UTC hello@padlet.com MOHD FIRDAUS BIN ZAKARIA (F1077) (DDT2C) https://padlet.com/yusoff83/DOS/wish/153621505                                                             

                                                        Denial of Service (DOS)


Denial-of-service (DoS) attacks typically floodservers, systems or networks with traffic in order to overwhelm the victim resources and make it difficult or impossible for legitimate users to use them. While an attack that crashes a server can often be dealt with successfully by simply rebooting the system, flooding attacks can be more difficult to recover from.

The United States Computer Emergency Readiness Team (US-CERT) provides some guidelines for determining when a DoS attack may be underway. US-CERT suggests the following may indicate such an attack:

  • Degradation in network performance, especially when attempting to open files stored on the network or accessing websites;
  • Inability to reach a particular website;
  • Difficulty in accessing any website; and
  • A higher than usual volume of spam email.
Click link to watch the video what is a denial service attack!!
https://www.youtube.com/watch?v=b35IwVsmzuw
]]> 2017-02-14 04:13:48 UTC https://padlet.com/yusoff83/DOS/wish/153621505 MOHD ASHRAF HAFIFI BIN SHAARI https://padlet.com/yusoff83/DOS/wish/153621610 DDT2C
03DDT 16F1101
 DENIAL OF SERVICE

WHAT IS   DENIAL OF SERVICE
Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like viruses, new DoS attacks are constantly being dreamed up by hackers.

Types of DoS attacks
In addition to differentiating between a single-source denial-of-service attack and a distributed denial-of-service (DDoS) attack, DoS attacks can also be categorized by the methods the attack uses.

In an amplified DNS denial-of-service attack, the attacker generates crafted domain name system (DNS) requests that appear to have originated at the victim's network and sends them to misconfigured DNS servers managed by third parties. The amplification occurs as the intermediate DNS servers respond to the faked DNS requests. The responses from intermediate DNS servers to the crafted attack requests may contain far greater volume of data than ordinary DNS responses, requiring more resources to process, with the result being to deny legitimate users access to the service.

Application layer attacks generate fake traffic to internet application servers, especially DNS servers or HTTP servers. While some application-layer denial-of-service attacks rely simply on flooding the application servers with network data, others depend on exploiting weaknesses or vulnerabilities in the victim's application server or in the application protocol itself.

A buffer overflow attack is a catchall description most commonly applied to DoS attacks that send more traffic to a network resource than was ever anticipated by the developers who designed the resource. One example of such an attack sent, as email attachments, files that have 256-character file names to recipients using Netscape or Microsoft email clients; the longer-than-anticipated file names were sufficient to crash those applications.

In a DDoS attack, the attacker may use computers or other network-connected devices that have been infected by malware and made part of a botnet. Distributed denial-of-service attacks, especially those using botnets, use command-and-control (C&C) servers to direct the actions of the botnet members. The C&C servers dictate what kind of attack to launch, what types of data to transmit and what systems or network resources are to be targeted in the attack.

The ping-of-death attack abuses the Packet Inter-Network Groper (ping) protocol by sending request messages with oversized payloads, causing targeted systems to become overwhelmed, stop responding to legitimate requests for service and possibly crashing the victim systems.

A SYN flooding attack abuses TCP's handshake protocol by which a client establishes a TCP connection with a server. In a SYN flooding attack, the attacker directs a high-volume stream of requests to open TCP connections with the victim server, with no intention of actually completing the circuits. The cost of generating the stream of SYN requests is relatively low, but responding to such requests is resource-intensive for the victim. The result is a successful attacker is able to deny legitimate users access to the targeted server.

TCP, or Transmission Control Protocol, -- also called state exhaustion attacks-- occur when an attacker targets the state tables held in firewalls, routers and other network devices by filling them with attack data. When these devices incorporate stateful inspection of network circuits, attackers may be able to fill state tables by opening more TCP circuits than the victim system can handle at once, preventing legitimate users from accessing the network resource.

The teardrop attack exploits flaws in the way older operating systems handled fragmented Internet Protocol (IP) packets. The IP specification allows packet fragmentation when the packets are too large to be handled by intermediary routers, and it requires packet fragments specify fragment offsets; in teardrop attacks, the fragment offsets are set to overlap each other. Hosts running affected OSes are unable to reassemble the fragments and the attack may also crash the system.

Volumetric DoS attacks aim to interfere with legitimate access to network resources by using up all the bandwidth available to reach those resources. In order to do this, attackers must direct a high volume of network traffic against the victim's systems. Volumetric DoS attacks flood victim devices with network packets using the User Datagram Protocol or the Internet Control Message Protocol, in large part because those protocols require relatively little overhead to generate large volumes of traffic, while, at the same time, requiring nontrivial computation on the part of the victim's network devices to process the incoming malicious datagrams.
]]> 2017-02-14 04:15:14 UTC https://padlet.com/yusoff83/DOS/wish/153621610 MOHAMAD SHAHRIL BIN YAACOB https://padlet.com/yusoff83/DOS/wish/153621690 DDT2C
03DT16F1079

How to Perform successful DOS Attack
(Youtube)

Different between DoS and DDoS
(Youtube)

Here are some DoS Tools'
1.LOIC

The Low Orbit Ion Cannon (LOIC) may be the most popular DoS tool and has made its way into hacker lore. It is capable of sending mass amounts of ICMP or UDP packets to the target, thereby saturating the bandwidth, and has been used in some of the most effective and notorious DoS attacks.

2.The HOIC was developed during Operation Payback by Praetox—the same folks who developed LOIC. The key difference is that HOIC uses a HTTP flood using booster files that enable a small number of users to effectively DoS a website by sending a flood of randomized HTTP GET and POST requests. It is capable of simultaneously DoSing up to 256 domains.

3.RUDY

R-U-Dead-Yet, or RUDY, takes a different approach to DoSing websites. It enables the user to select a form from the web app and then use that form to send a flood of POST requests.

This is LOIC.
]]> 2017-02-14 04:16:17 UTC https://padlet.com/yusoff83/DOS/wish/153621690 MUHAMAD AZFAR BIN KAMALUN AZMI https://padlet.com/yusoff83/DOS/wish/153621767 03DDT16F1070


Symptoms

The United States Computer Emergency Readiness Team(US-CERT) has identified symptoms of a denial-of-service attack to include:

  • unusually slow network perfomance(opening files or accessing web sites)
  • unavailability of a particular web site
  • inability to access any web site
  • dramatic increase in the number of spam emails received (this type of Dos attack is considered an e-mail bomb)

Additional symptoms may include:

  • disconnection of a wireless or wired internet connection
  • long-term denial of access to the web or any internet services.

If the attack is conducted on a sufficiently large scale, entire geographical regions of Internet connectivity can be compromised without the attacker's knowledge or intent by incorrectly configured or flimsy network infrastructure equipment.

How do you avoid being part of the problem?

Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers:

  • Install and maintain anti-virus software (see Understanding Anti Virus software for more information).
  • Install a firewall, and configure it to restrict traffic coming into and leaving your computer (see Understanding Firewall for more information).
  • Follow good security practices for distributing your email address (see Reducing Spam for more information). Applying email filters may help you manage unwanted traffic.


VIDEO : https://www.youtube.com/watch?v=PpUVzT_NRsc

]]> 2017-02-14 04:17:23 UTC https://padlet.com/yusoff83/DOS/wish/153621767 IZZAT FAHMI BIN ISMAIL (DDT2C) https://padlet.com/yusoff83/DOS/wish/153621813 03DDT16F1072

Attack techniques

HTTP POST DoS attack

First discovered in 2009, the HTTP POST attack sends a complete, legitimate HTTP POST header, which includes a 'Content-Length' field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/110 seconds). Due to the entire message being correct and complete, the target server will attempt to obey the 'Content-Length' field in the header, and wait for the entire body of the message to be transmitted, which can take a very long time. The attacker establishes hundreds or even thousands of such connections, until all resources for incoming connections on the server (the victim) are used up, hence making any further (including legitimate) connections impossible until all data has been sent. It is notable that unlike many other (D)DoS attacks, which try to subdue the server by overloading its network or CPU, a HTTP POST attack targets the logical resources of the victim, which means the victim would still have enough network bandwidth and processing power to operate.[26] Further combined with the fact that Apache will, by default, accept requests up to 2GB in size, this attack can be particularly powerful. HTTP POST attacks are difficult to differentiate from legitimate connections, and are therefore able to bypass some protection systems. OWASP, an open source web application security project, has released a testing tool to test the security of servers against this type of attacks.


]]> 2017-02-14 04:18:13 UTC https://padlet.com/yusoff83/DOS/wish/153621813 Muhd Fahmi Bin Sobri https://padlet.com/yusoff83/DOS/wish/153622190
Permanent denial-of-service attacks
Permanent denial-of-service (PDoS), also known loosely as phlashing,[31] is an attack that damages a system so badly that it requires replacement or reinstallation of hardware.[32] Unlike the distributed denial-of-service attack, a PDoS attack exploits security flaws which allow remote administration on the management interfaces of the victim's hardware, such as routers, printers, or other networking hardware. The attacker uses these vulnerabilities to replace a device's firmware with a modified, corrupt, or defective firmware image—a process which when done legitimately is known as flashing. This therefore "bricks" the device, rendering it unusable for its original purpose until it can be repaired or replaced.

The PDoS is a pure hardware targeted attack which can be much faster and requires fewer resources than using a botnet or a root/vserver in a DDoS attack. Because of these features, and the potential and high probability of security exploits on Network Enabled Embedded Devices (NEEDs), this technique has come to the attention of numerous hacking communities.

PhlashDance is a tool created by Rich Smith (an employee of Hewlett-Packard's Systems Security Lab) used to detect and demonstrate PDoS vulnerabilities at the 2008 EUSecWest Applied Security Conference in London.[33]

]]> 2017-02-14 04:23:09 UTC https://padlet.com/yusoff83/DOS/wish/153622190 MUHAMMAD FAIZ BIN ISMAIL (DDT2C) https://padlet.com/yusoff83/DOS/wish/153622856 An Overview of DoS Attacks

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e. employees, members, or account holders) the service or resource they expected.

There are two general methods of DoS attacks: flooding services or crashing services. Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Popular flood attacks include:

  • Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to a network address than the programmers have built the system to handle. It includes the attacks listed below, in addition to others that are designed to exploit bugs specific to certain applications or networks
  • ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of death.
  • SYN flood – sends a request to connect to a server, but never completes the handshake. Continues until all open ports are saturated with requests and none are available for legitimate users to connect to.
Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash.  In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can’t be accessed or used.

An additional type of DoS attack is the Distributed Denial of Service (DDoS) attack. A DDoS attack occurs when multiple systems orchestrate a synchronized DoS attack to a single target. The essential difference is that instead of being attacked from one location, the target is attacked from many locations at once. The distribution of hosts that defines a DDoS provide the attacker multiple advantages:

  • He can leverage the greater volume of machine to execute a seriously disruptive attack
  • The location of the attack is difficult to detect due to the random distribution of attacking systems (often worldwide)
  • It is more difficult to shut down multiple machines than one
  • The true attacking party is very difficult to identify, as they disguised behind many (mostly compromised) systems

]]> 2017-02-14 04:33:33 UTC https://padlet.com/yusoff83/DOS/wish/153622856 w https://padlet.com/yusoff83/DOS/wish/462857383 2020-03-17 10:48:44 UTC https://padlet.com/yusoff83/DOS/wish/462857383