10 - Denial of Service

Denial-of-service (DoS) is an attack on a computer or network that prevents legitimate use of its resources. In a DoS attack, attackers flood a victim’s system with illegitimate service requests or traffic to overload its resources and prevent it from performing intended tasks.

Module Objective

The objective of this lab is to help students learn to perform DoS attacks and to test network for DoS flaws.

In this lab, you will:

• Create and launch a denial-of-service attack on a victim

• Remotely administer clients

• Perform a DoS attack by sending a huge amount of SYN packets continuously

• Perform a DoSHTTP attack

Scenario

In computing, a denial-of-service attack (DoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. Denial-of-service attacks can essentially disable your computer or your network. DoS attacks can be lucrative for criminals; recent attacks have shown that DoS attacks a way for cybercriminals to profit.

As an expert ethical hacker or security administrator of an organization, you should have sound knowledge of how denial-of-service and distributed denial-of-service attacks are carried out, to detect and neutralize attack handlers, and to mitigate such attacks.

I. SYN Flooding a Target Host Using hping3

Module Syllabus

• What is a Denial of Service Attack?

• What is Distributed Denial of Service Attacks?

  • How Distributed Denial of Service Attacks Work?

• Symptoms of a DoS Attack

• Cyber Criminals

  • Organized Cyber Crime: Organizational Chart

• Internet Chat Query (ICQ)

• Internet Relay Chat (IRC)

• DoS Attack Techniques

  • Bandwidth Attacks

  • Service Request Floods

  • SYN Attack

  • SYN Flooding

  • ICMP Flood Attack

  • Peer-to-Peer Attacks

  • Permanent Denial-of-Service Attack

  • Application Level Flood Attacks

• Botnet

  • Botnet Propagation Technique

  • Botnet Ecosystem

  • Botnet Trojan: Shark

  • Poison Ivy: Botnet Command Control Center

  • Botnet Trojan: PlugBot

• WikiLeaks Operation Payback

  • DDoS Attack

  • DDoS Attack Tool: LOIC

  • Denial of Service Attack Against MasterCard, Visa, and Swiss Banks

  • Hackers Advertise Links to Download Botnet

• DoS Attack Tools

• Detection Techniques

  • Activity Profiling

  • Wavelet Analysis

  • Sequential Change-Point Detection

• DoS/DDoS Countermeasure Strategies

• DDoS Attack Countermeasures

  • DoS/DDoS Countermeasures: Protect Secondary Victims

  • DoS/DDoS Countermeasures: Detect and Neutralize Handlers

  • DoS/DDoS Countermeasures: Detect Potential Attacks

  • DoS/DDoS Countermeasures: Deflect Attacks

  • DoS/DDoS Countermeasures: Mitigate Attacks

• Post-attack Forensics

• Techniques to Defend against Botnets

• DoS/DDoS Countermeasures

• DoS/DDoS Protection at ISP Level

• Enabling TCP Intercept on Cisco IOS Software

• Advanced DDoS Protection: IntelliGuard DDoS Protection System (DPS)

• DoS/DDoS Protection Tool

• Denial of Service (DoS) Attack Penetration Testing