Hiepnt@

p 1 of 17

DoS v DDoS l mt trong nhng dng tn cng nguy him nht i vi mt h thng mng. Bi vit
ny khng mun cc bn da vo cc tools trong ny tn cng, mc ch trnh by cc bn hiu
v kiu tn cng ny, v c nhng gii php phng chng.
Trong bi vit ny ti s trnh by vi cc bn chi tit v nh ngha, cc dng tn cng DoS v DDoS,
cng hng lot cc kin thc lin quan c tng hp. DoS v DDoS l mt trong nhng dng tn
cng nguy him nht i vi mt h thng mng. Bi vit ny ti khng mun cc bn da vo cc
tools trong ny tn cng, mc ch trnh by cc bn hiu v kiu tn cng ny, v c nhng gii
php phng chng.
1. Lch s cc cuc tn cng DoS v DDoS
2. nh ngha v: Denial of Service Attack
3. Cc dng tn cng DoS
4. Cc tool tn cng DoS
5. Mng BOT net
6. Tn cng DDoS
7. Phn loi tn cng DDoS
8. Cc tools tn cng DDoS
9. Su my tnh (worms) trong tn cng DDoS
I. Lch s ca tn cng DoS
1. Mc tiu
Mc tiu cc cuc tn cng thng vo cc trang web ln v cc t chc thng mi in t trn
Internet.
2. Cc cuc tn cng.
Vo ngy 15 thng 8 nm 2003, Microsoft chu t tn cng DoS cc mnh v lm gin on
websites trong vng 2 gi.
Vo lc 15:09 gi GMT ngy 27 thng 3 nm 2003: ton b phin bn ting anh ca website AlJazeera b tn cng lm gin on trong nhiu gi
II. nh ngha v tn cng DoS
Tn cng DoS l kiu tn cng v cng nguy him, hiu c n ta cn phi lm r nh ngha ca
tn cng DoS v cc dng tn cng DoS.
Tn cng DoS l mt kiu tn cng m mt ngi lm cho mt h thng khng th s dng, hoc
lm cho h thng chm i mt cch ng k vi ngi dng bnh thng, bng cch lm qu ti ti
nguyn ca h thng.
Nu k tn cng khng c kh nng thm nhp c vo h thng, th chng c gng tm cch lm
cho h thng sp v khng c kh nng phc v ngi dng bnh thng l tn cng Denial
of Service (DoS).
Mc d tn cng DoS khng c kh nng truy cp vo d liu thc ca h thng nhng n c th lm
gin on cc dch v m h thng cung cp. Nh nh ngha trn DoS khi tn cng vo mt h
thng s khai thc nhng ci yu nht ca h thng tn cng, nhng mc ch ca tn cng DoS:
1. Cc mc ch ca tn cng DoS
C gng chim bng thng mng v lm h thng mng b ngp (flood), khi h thng mng s
khng c kh nng p ng nhng dch v khc cho ngi dng bnh thng.
C gng lm ngt kt ni gia hai my, v ngn chn qu trnh truy cp vo dch v.
C gng ngn chn nhng ngi dng c th vo mt dch v no
C gng ngn chn cc dch v khng cho ngi khc c kh nng truy cp vo.
Khi tn cng DoS xy ra ngi dng c cm gic khi truy cp vo dch v nh b:
+ Disable Network Tt mng
+ Disable Organization T chc khng hot ng
+ Financial Loss Ti chnh b mt
2. Mc tiu m k tn cng thng s dng tn cng DoS
Nh chng ta bit bn trn tn cng DoS xy ra khi k tn cng s dng ht ti nguyn ca h thng
v h thng khng th p ng cho ngi dng bnh thng c vy cc ti nguyn chng thng s
dng tn cng l g:
To ra s khan him, nhng gii hn v khng i mi ti nguyn
Bng thng ca h thng mng (Network Bandwidth), b nh, a, v CPU Time hay cu trc d
liu u l mc tiu ca tn cng DoS.

Hiepnt@

p 2 of 17

Tn cng vo h thng khc phc v cho mng my tnh nh: h thng iu ho, h thng in, ht
hng lm mt v nhiu ti nguyn khc ca doanh nghip. Bn th tng tng khi ngun in vo
my ch web b ngt th ngi dng c th truy cp vo my ch khng.
Ph hoi hoc thay i cc thng tin cu hnh.
Ph hoi tng vt l hoc cc thit b mng nh ngun in, iu ho
III. Cc dng tn cng
Tn cng Denial of Service chia ra lm hai loi tn cng
Tn cng DoS: Tn cng t mt c th, hay tp hp cc c th.
Tn cng DDoS: y l s tn cng t mt mng my tnh c thit k tn cng ti mt ch c
th no .
1. Cc dng tn cng DoS
Smurf
Buffer Overflow Attack
Ping of Death
Teardrop
SYN Attack
a. Tn cng Smurf
L th phm sinh ra cc nhiu giao tip ICMP (ping) ti a ch Broadcast ca nhiu mng vi a
ch ngun l mc tiu cn tn cng.
* Chng ta cn lu l: Khi ping ti mt a ch l qu trnh hai chiu Khi my A ping ti my B
my B reply li hon tt qu trnh. Khi ti ping ti a ch Broadcast ca mng no th ton b cc
my tnh trong mng s Reply li ti. Nhng gi ti thay i a ch ngun, thay a ch ngun l
my C v ti ping ti a ch Broadcast ca mt mng no , th ton b cc my tnh trong mng
s reply li vo my C ch khng phi ti v l tn cng Smurf.
Kt qu ch tn cng s phi chu nhn mt t Reply gi ICMP cc ln v lm cho mng b dt
hoc b chm li khng c kh nng p ng cc dch v khc.
Qu trnh ny c khuych i khi c lung ping reply t mt mng c kt ni vi nhau (mng
BOT).
tn cng Fraggle, chng s dng UDP echo v tng t nh tn cng Smurf. dng tn cng Smurf
s dng gi ICMP lm ngp cc giao tip khc.
b. Tn cng Buffer overflow.
Buffer Overflow xy ra ti bt k thi im no c chng trnh ghi lng thng tin ln hn dung
lng ca b nh m trong b nh.
K tn cng c th ghi ln d liu v iu khin chy cc chng trnh v nh cp quyn iu
khin ca mt s chng trnh nhm thc thi cc on m nguy him.
Qu trnh gi mt bc th in t m file nh km di qu 256 k t c th s xy ra qu trnh trn b
nh m.
c. Tn cng Ping of Death

- K tn cng gi nhng gi tin IP ln hn s lng bytes cho php ca tin IP l 65.536 bytes.
Qu trnh chia nh gi tin IP thnh nhng phn nh c thc hin layer II.
Qu trnh chia nh c th thc hin vi gi IP ln hn 65.536 bytes. Nhng h iu hnh khng th
nhn bit c ln ca gi tin ny v s b khi ng li, hay n gin l s b gin on giao tip.
nhn bit k tn cng gi gi tin ln hn gi tin cho php th tng i d dng.
d. Tn cng Teardrop
Gi tin IP rt ln khi n Router s b chia nh lm nhiu phn nh.
K tn cng s dng s dng gi IP vi cc thng s rt kh hiu chia ra cc phn nh
(fragment).
Nu h iu hnh nhn c cc gi tin c chia nh v khng hiu c, h thng c gng
build li gi tin v iu chim mt phn ti nguyn h thng, nu qu trnh lin tc xy ra h
thng khng cn ti nguyn cho cc ng dng khc, phc v cc user khc.
e. Tn cng SYN

Hiepnt@

p 3 of 17

- K tn cng gi cc yu cu (request o) TCP SYN ti my ch b tn cng. x l lng gi tin

SYN ny h thng cn tn mt lng b nh cho kt ni.
Khi c rt nhiu gi SYN o ti my ch v chim ht cc yu cu x l ca my ch. Mt ngi
dng bnh thng kt ni ti my ch ban u thc hin Request TCP SYN v lc ny my ch khng
cn kh nng p li kt ni khng c thc hin.
y l kiu tn cng m k tn cng li dng qu trnh giao tip ca TCP theo Three-way.
Cc on m nguy him c kh nng sinh ra mt s lng cc ln cc gi TCP SYN ti my ch b
tn cng, a ch IP ngun ca gi tin b thay i v chnh l tn cng DoS.
Hnh bn trn th hin cc giao tip bnh thng vi my ch v bn di th hin khi my ch b
tn cng gi SYN n s rt nhiu trong khi kh nng tr li ca my ch li c hn v khi my
ch s t chi cc truy cp hp php.
Qu trnh TCP Three-way handshake c thc hin: Khi my A mun giao tip vi my B. (1) my
A bn ra mt gi TCP SYN ti my B (2) my B khi nhn c gi SYN t A s gi li my A gi
ACK ng kt ni (3) my A gi li my B gi ACK v bt u cc giao tip d liu.
My A v my B s d kt ni t nht l 75 giy, sau li thc hin mt qu trnh TCP Three-way
handshake ln na thc hin phin kt ni tip theo trao i d liu.
Tht khng may k tn cng li dng k h ny thc hin hnh vi tn cng nhm s dng ht
ti nguyn ca h thng bng cch gim thi gian yu cu Three-way handshake xung rt nh v
khng gi li gi ACK, c bn gi SYN ra lin tc trong mt thi gian nht nh v khng bao gi tr
li li gi SYN&ACK t my b tn cng.
Vi nguyn tc ch chp nhn gi SYN t mt my ti h thng sau mi 75 giy nu a ch IP no
vi phm s chuyn vo Rule deny access s ngn cn tn cng ny.
IV. Cc cng c tn cng DoS
Jolt2
Bubonic.c
Land and LaTierra
Targa
Blast20
Nemesy
Panther2
Crazy Pinger
Some Trouble
UDP Flood
FSMax
1. Tools DoS Jolt2

- Cho php k tn t chi dch v (DoS) ln cc h thng trn nn tng Windows

N l nguyn nhn khin my ch b tn cng c CPU lun hot ng mc 100%, CPU khng
th x l cc dch v khc.
Khng phi trn nn tng Windows nh Cisco Router v mt s loi Router khc cng c th b l
hng bo mt ny v b tools ny tn cng.
2. Tools DoS: Bubonic.c
Bubonic.c l mt tools DoS da vo cc l hng bo mt trn Windows 2000
N hot ng bng cch ngu nhin gi cc gi tin TCP vi cc thit lp ngu nhin lm cho my
ch tn rt nhiu ti nguyn x l vn ny, v t s xut hin nhng l hng bo mt.
S dng bubonic.c bng cch g cu lnh: bubonic 12.23.23.2 10.0.0.1 100

Hiepnt@

p 4 of 17

3. Tools DoS: Land and LaTierra

Gi mo a ch IP c kt hp vi qu trnh m cc kt ni gia hai my tnh.
C hai a ch IP, a ch ngun (source) v a ch IP ch, c chnh sa thnh mt a ch ca IP
ch khi kt ni gia my A v my B ang c thc hin nu c tn cng ny xy ra th kt ni
gia hai my A v B s b ngt kt ni.
Kt qu ny do a ch IP ngun v a ch IP ch ca gi tin ging nhau v gi tin khng th i n
ch cn n.
4. Tools DoS: Targa
Targa l mt chng chnh c th s dng 8 dng tn cng DoS khc nhau.
N c coi nh mt b hng dn tch hp ton b cc nh hng ca DoS v thng l cc phin
bn ca Rootkit.
K tn cng s dng mt trong cc phng thc tn cng c th ti mt h thng bao gi t c
mc ch th thi.
Targa l mt chng trnh y sc mnh v n c kh nng to ra mt s nguy him rt ln cho h
thng mng ca mt cng ty.
5. Tools DoS Blast 2.0
Blast rt nh, l mt cng c dng kim tra kh nng ca dch v TCP n c kh nng to ra mt
lu lng rt ln gi TCP v c th s gay nguy him cho mt h thng mng vi cc server yu.
Di y l cch s dng tn cng HTTP Server s dng Blast2.0
+ Blast 192.168.1.219 80 40 50 /b GET /some /e url/ HTTP/1.0 /nr /dr /v
Tn cng my ch POP
+ Blast 192.168.1.219 110 15 20 /b user te /e d /v
6. Tools DoS Nemesys

- y l mt chng trnh sinh ra nhng gi tin ngu nhin nh (protocol, port, etc. size, )
Da vo chng trnh ny k tn cng c th chy cc on m nguy him vo my tnh khng c
bo mt.
7. Tool DoS Panther2.

- Tn cng t chi dch v da trn nn tng UDP Attack c thit k dnh ring cho kt ni 28.8
56 Kbps.
N c kh nng chim ton b bng thng ca kt ni ny.
N c kh nng chim bng thng mng bng nhiu phng php v nh thc hin qu trnh Ping
cc nhanh v c th gy ra tn cng DoS
8. Tool DoS Crazy Pinger
Cng c ny c kh nng gi nhng gi ICPM ln ti mt h thng mng t xa.

9. Tool DoS Some Trouble

- SomeTrouble 1.0 l mt chng trnh gy nghn h thng mng

SomeTrouble l mt chng trnh rt n gin vi ba thnh phn
+ Mail Bomb (t c kh nng Resole Name vi a ch mail c)
+ ICQ Bomb

Hiepnt@

p 5 of 17

+ Net Send Flood

10. DoS Tools UDP Flood

- UDPFlood l mt chng trnh gi cc gi tin UDP

N gi ra ngoi nhng gi tin UDP ti mt ac h IP v port khng c nh
Gi tin c kh nng l mt on m vn bn hay mt s lng d liu c sinh ngu nhin hay t
mt file.
c s dng kim tra kh nng p ng ca Server
11. Tools DoS FSMAX

Click vo thanh ny xem hnh nh y .

- Kim tra hiu nng p ng ca my ch.

N to ra mt file sau chy trn Server nhiu ln lp i lp li mt lc.
Tc dng ca tools ny l tm cch tn cng lm chn b nh m v tn cng DoS ti my ch.
V. Kt lun phn I.
Khi s dng mt Tool tn cng DoS ti mt my ch i khi khng gy nh hng g cho my ch
Gi s bn s dng tool Ping of Death ti mt my ch, trong my ch kt ni vi mng tc
100Mbps bn kt ni ti my ch tc 3Mbps Vy tn cng ca bn khng c ngha g.
Nhng bn hy tng tng c 1000 ngi nh bn cng mt lc tn cng vo my ch kia khi
ton b bng thng ca 1000 ngi cng li ti a t 3Gbps v tc kt ni ca my ch l 100
Mbps vy kt qu s ra sao cc bn c kh nng tng tng.
Trong phn II ca lot bi vit ti s trnh by vi cc bn nhng ni dung v nh ngha BOT,
BOTNET, cch xy dng, cch s dng cc BOTNET t chng ta hiu cch hot ng v tm ra
nhng gii php chng tn cng DDoS mt cch hiu qu nht.

Hiepnt@

p 6 of 17

VI. Mng BOT NET

1. ngha ca mng BOT
Khi s dng mt Tool tn cng DoS ti mt my ch i khi khng gy nh hng g cho my ch
Gi s bn s dng tool Ping of Death ti mt my ch, trong my ch kt ni vi mng tc
100Mbps bn kt ni ti my ch tc 3Mbps Vy tn cng ca bn khng c ngha g.
Nhng bn hy tng tng c 1000 ngi nh bn cng mt lc tn cng vo my ch kia khi
ton b bng thng ca 1000 ngi cng li ti a t 3Gbps v tc kt ni ca my ch l 100
Mbps vy kt qu s ra sao cc bn c kh nng tng tng.
Nhng ti ang th hi lm cch no c 1000 my tnh kt ni vi mng ti i mua mt nghn
chic v thu 1000 thu bao kt ni chc chn ti khng lm nh vy ri v cng khng k tn cng
no s dng phng php ny c.
K tn cng xy dng mt mng gm hng nghn my tnh kt Internet (c mng BOT ln ti
400.000 my). Vy lm th no chng c kh nng li dng ngi kt ni ti Internet xy dng
mng BOT trong bi vit ny ti s gii thiu vi cc bn cc mng BOT v cch xy dng, nhng
Tool xy dng.
Khi c trong tay mng BOT k tn cng s dng nhng tool tn cng n gin tn cng vo mt
h thng my tnh. Da vo nhng truy cp hon ton hp l ca h thng, cng mt lc chng s
dng mt dch v ca my ch, bn th tng tng khi k tn cng c trong tay 400.000 my ch v
cng mt lc ra lnh cho chng download mt file trn trang web ca bn. V chnh l DDoS
Distributed Denial of Servcie
Khng c mt phng thc chng tn cng DDoS mt cch hon ton nhng trong bi vit ny ti
cng gii thiu vi cc bn nhng phng php phng chng DDoS khi chng ta hiu v n.
2. Mng BOT
BOT t vit tt ca t RoBOT
IRCbot cn c gi l zombia hay drone.
Internet Relay Chat (IRC) l mt dng truyn d liu thi gian thc trn Internet. N thng c
thit k sao cho mt ngi c th nhn c cho mt group v mi ngi c th giao tip vi nhau vi
mt knh khc nhau c gi l Channels.
u tin BOT kt ni knh IRC vi IRC Server v i giao tip gia nhng ngi vi nhau.
K tn cng c th iu khin mng BOT v s dng mng BOT cng nh s dng nhm mt mc
ch no .
Nhiu mng BOT kt ni vi nhau ngi ta gi l BOTNET botnet.
3. Mng Botnet.
Mng Botnet bao gm nhiu my tnh
N c s dng cho mc ch tn cng DDoS
Mt mng Botnet nh c th ch bao gm 1000 my tnh nhng bn th tng tng mi my tnh
ny kt ni ti Internet tc ch l 128Kbps th mng Botnet ny c kh nng to bng thng l
1000*128 ~ 100Mbps y l mt con s th hin bng thng m kh mt nh Hosting no c th
share cho mi trang web ca mnh.
4. Mc ch s dng mng Botnets
Tn cng Distributed Denial-of-Service DDoS
+ Botnet c s dng cho tn cng DDoS
Spamming
+ M mt SOCKS v4/v5 proxy server cho vic Spamming
Sniffing traffic
+ Bot cng c th s dng cc gi tin n sniffer (tm c cc giao tip trn mng) sau khi tm c
cc gi tin n c gng gii m gi tin ly c cc ni dung c ngha nh ti khon ngn hng v
nhiu thng tin c gi tr khc ca ngi s dng.
Keylogging
+ Vi s tr gip ca Keylogger rt nhiu thng tin nhy cm ca ngi dng c th s b k tn cng
khai thc nh ti khon trn e-banking, cng nh nhiu ti khon khc.
Ci t v ly nhim chng trnh c hi
+ Botnet c th s dng to ra mng nhng mng BOT mi.
Ci t nhng qung co Popup
+ T ng bt ra nhng qung co khng mong mun vi ngi s dng.
Google Adsense abuse

Hiepnt@

p 7 of 17

+ T ng thay i cc kt qu tm kim hin th mi khi ngi dng s dng dch v tm kim ca

Google, khi thay i kt qu n s la ngi dng kch vo nhng trang web nguy him.
Tn cng vo IRC Chat Networks
+ N c gi l clone attack
Phishing
+ Mng botnet cn c s dng phishing mail nhm ly cc thng tin nhy cm ca ngi dng.
5. Cc dng ca mng BOT.
Agobot/Phatbot/Forbot/XtremBot
y l nhng bot c vit bng C++ trn nn tng Cross-platform v m ngun c tm trn GPL.
Agobot c vit bi Ago nick name c ngi ta bit n l Wonk, mt thanh nin tr ngi c
b bt hi thng 5 nm 2004 vi ti danh v ti phm my tnh.
Agobot c kh nng s dng NTFS Alternate Data Stream (ADS) v nh mt loi Rootkit nhm n
cc tin trnh ang chy trn h thng
SDBot/Rbot/UrBot/UrXbot
SDBot c vit bng ngn ng C v cng c public bi GPL. N c coi nh l tin thn ca
Rbot, RxBot, UrBot, UrXBot, JrBot
mIRC-Based Bots GT-Bots
GT c vit tt t fhai t Global Threat v tn thng c s dng cho tt c cc mIRC-scripted
bots. N c kh nng s dng phn mm IM l mIRC thit lp mt s script v mt s on m
khc.
6. Cc bc xy dng mng BotNet? Cch phn tch mng Bot.
hiu hn v xy dng h thng mng BotNet chng ta nghin cu t cch ly nhim vo mt my
tnh, cch to ra mt mng Bot v dng mng Bot ny tn cng vo mt ch no ca mng Botnet
c to ra t Agobots.
Bc 1: Cch ly nhim vo my tnh.
u tin k tn cng la cho ngi dng chy file chess.exe, mt Agobot thng copy chng vo
h thng v s thm cc thng s trong Registry m bo s chy cng vi h thng khi khi ng.
Trong Registry c cc v tr cho cc ng dng chy lc khi ng ti.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
Bc 2: Cch ly lan v xy dng to mng BOTNET
Sau khi trong h thng mng c mt my tnh b nhim Agobot, n s t ng tm kim cc my tnh
khc trong h thng v ly nhim s dng cc l hng trong ti nguyn c chia s trong h thng
mng.
Chng thng c gng kt ni ti cc d liu share mc nh dnh cho cc ng dng qun tr
(administrator or administrative) v d nh: C$, D$, E$ v print$ bng cch on usernames v
password c th truy cp c vo mt h thng khc v ly nhim.
Agobot c th ly lan rt nhanh bi chng c kh nng tn dng cc im yu trong h iu hnh
Windows, hay cc ng dng, cc dch v chy trn h thng.
Bc 3: Kt ni vo IRC.
Bc tip theo ca Agobot s to ra mt IRC-Controlled Backdoor m cc yu t cn thit, v kt
ni ti mng Botnet thng qua IRC-Controll, sau khi kt ni n s m nhng dch v cn thit khi
c yu cu chng s c iu khin bi k tn cng thng qua knh giao tip IRC.
Bc 4: iu khin tn cng t mng BotNet.
K tn cng iu khin cc my trong mng Agobot download nhng file .exe v chy trn my.
Ly ton b thng tin lin quan v cn thit trn h thng m k tn cng mun.
Chy nhng file khc trn h thng p ng yu cu ca k tn cng.
Chy nhng chng trnh DDoS tn cng h thng khc.
7. S cch h thng b ly nhim v s dng Agobot.
VII. Cc tools tn cng DDoS
1. Nuclear Bot.
Nuclear Bot l mt tool cc mnh Multi Advanced IRC BOT c th s dng Floods, Managing,
Utilities, Spread, IRC Related, tn cng DDoS v nhiu mc ch khc.
VIII. Tn cng DDoS

Hiepnt@

p 8 of 17

Trn Internet tn cng Distributed Denial of Service l mt dng tn cng t nhiu my tnh ti mt
ch, n gy ra t chi cc yu cu hp l ca cc user bnh thng. Bng cch to ra nhng gi tin
cc nhiu n mt ch c th, n c th gy tnh trng tng t nh h thng b shutdown.
2. Cc c tnh ca tn cng DDoS.
N c tn cng t mt h thng cc my tnh cc ln trn Internet, v thng da vo cc dch v
c sn trn cc my tnh trong mng botnet
Cc dch v tn cng c iu khin t nhng primary victim trong khi cc my tnh b chim
quyn s dng trong mng Bot c s dng tn cng thng c gi l secondary victims.
L dng tn cng rt kh c th pht hin bi tn cng ny c sinh ra t nhiu a ch IP trn
Internet.
Nu mt a ch IP tn cng mt cng ty, n c th c chn bi Firewall. Nu n t 30.000 a ch
IP khc, th iu ny l v cng kh khn.
Th phm c th gy nhiu nh hng bi tn cng t chi dch v DoS, v iu ny cng nguy
him hn khi chng s dng mt h thng mng Bot trn internet thc hin tn cng DoS v c
gi l tn cng DDoS.
3. Tn cng DDoS khng th ngn chn hon ton.
Cc dng tn cng DDoS thc hin tm kim cc l hng bo mt trn cc my tnh kt ni ti
Internet v khai thc cc l hng bo mt xy dng mng Botnet gm nhiu my tnh kt ni ti
Internet.
Mt tn cng DDoS c thc hin s rt kh ngn chn hon ton.
Nhng gi tin n Firewall c th chn li, nhng hu ht chng u n t nhng a ch IP cha c
trong cc Access Rule ca Firewall v l nhng gi tin hon ton hp l.
Nu a ch ngun ca gi tin c th b gi mo, sau khi bn khng nhn c s phn hi t nhng
a ch ngun tht th bn cn phi thc hin cm giao tip vi a ch ngun .
Tuy nhin mt mng Botnet bao gm t hng nghn ti vi trm nghn a ch IP trn Internet v
iu l v cng kh khn ngn chn tn cng.
4. K tn cng khn ngoan.
Gi y khng mt k tn cng no s dng lun a ch IP iu khin mng Botnet tn cng ti
ch, m chng thng s dng mt i tng trung gian di y l nhng m hnh tn cng DDoS
a. Agent Handler Model
K tn cng s dng cc handler iu khin tn cng
b. Tn cng DDoS da trn nn tng IRC
K tn cng s dng cc mng IRC iu khin, khuych i v qun l kt ni vi cc my tnh
trong mng Botnet.
IX. Phn loi tn cng DDoS
Tn cng gy ht bng thng truy cp ti my ch.
+ Flood attack
+ UDP v ICMP Flood (flood gy ngp lt)
Tn cng khuch i cc giao tip
+ Smurf and Fraggle attack
Tn cng DDoS vo Yahoo.com nm 2000
S phn loi tn cng DDoS
S tn cng DDoS dng Khuch i giao tip.
Nh cc bn bit tn cng Smurf khi s dng s Ping n a ch Broadcast ca mt mng no m
a ch ngun chnh l a ch ca my cn tn cng, khi ton b cc gi Reply s c chuyn ti
a ch IP ca my tnh b tn cng.
X. Tn cng Reflective DNS (reflective phn chiu).

Hiepnt@

p 9 of 17

a. Cc vn lin quan ti tn cng Reflective DNS

Mt Hacker c th s dng mng botnet gi rt nhiu yu cu ti my ch DNS.
Nhng yu cu s lm trn bng thng mng ca cc my ch DNS,
Vic phng chng dng tn cng ny c th dng Firewall ngn cm nhng giao tip t cc my tnh
c pht hin ra.
Nhng vic cm cc giao tip t DNS Server s c nhiu vn ln. Mt DNS Server c nhim v
rt quan trng trn Internet.
Vic cm cc giao tip DNS ng ngha vi vic cm ngi dng bnh thng gi mail v truy cp
Website.
Mt yu cu v DNS thng chim bng 1/73 thi gian ca gi tin tr li trn my ch. Da vo yu
t ny nu dng mt Tools chuyn nghip lm tng cc yu cu ti my ch DNS s khin my ch
DNS b qu ti v khng th p ng cho cc ngi dng bnh thng c na.
b. Tool tn cng Reflective DNS ihateperl.pl
ihateperl.pl l chng trnh rt nh, rt hiu qu, da trn kiu tn cng DNS-Reflective
N s dng mt danh sch cc my ch DNS lm trn h thng mng vi cc gi yu cu Name
Resolution.
Bng mt v d n c th s dng google.com resole gi ti my ch v c th i tn domain
thnh http://www.vnexperts.net hay bt k mt trang web no m k tn cng mun.
s dng cng c ny, rt n gin bn to ra mt danh sch cc my ch DNS, chuyn cho a
ch IP ca my c nhn v thit lp s lng cc giao tip.
XI. Cc tools s dng tn cng DDoS.
Trong ton b cc tools ti gii thiu trong bi vit ny hu ht l cc tools c v khng hiu qu, v
ch mang tnh cht s phm cc bn c th hiu v dng tn cng DDoS hn m thi. Di y l
cc Tools tn cng DDoS.
Trinoo Tribe flood Network (TFN) TFN2K Stacheldraht Shaft
Trinity Knight Mstream Kaiten
Cc tools ny bn hon ton c th Download min ph trn Internet v lu l ch th y l cc
tools yu v ch mang tnh Demo v tn cng DdoS m thi.
Ngun tin:Vnexperts.net
ARP spoofing v Cain & Abel
Mc ch ca bi vit : Khai thc ARP trong mng LAN v cch phng trnh
Attacker v mun nghe ln cuc ni chuyn gia 2 my A v B. Gi s A mun ni chuyn vi B
nhng n ch bit a ch IP ca B m khng bit a ch MAC ca B, A lp tc gi 1 gi tin ARP
Request ra ton mng v hi rng: , ku no c a ch IP l x.y.z.t ni tao bit a ch MAC ca my
l nhiu?. Khi , c my B ln my Attacker u nhn c gi tin ny, nhng ch c B hi p li
cho A bng 1 gi tin ARP Reply, bo cho A bit a ch MAC ca mnh. Khi c thng tin v a
ch IP v MAC ca my B, A bt u trao i d liu vi B. a ch MAC ca B s c A lu li
trong Cache ln sau nu c trao i d liu vi B th khng cn phi hi a ch MAC na.
Tuy nhin, vn nm ch giao thc ARP hot ng tng 2, trong khi a ch IP li nm tng 3
(trong m hnh 7 tng OSI) nn A s khng th kim chng c thng tin c ng l my B vi a
IP x.y.z.t c a ch MAC nh vy khng. By gi, Attacker ch cn gi 1 gi tin ARP Reply cho A v
bo rng: , tao B n. Gi a ch MAC ca tao l a-b-c-d ch khng ging hi ny na nha. V
khng th kim chng c thng tin ny nn A cng nhm mt a chn ghi thng tin ny vo
Cache, ln thng tin chnh xc v B ghi nhn bc trc, nh vy, by gi mi ln thay v A
gi d liu cho B th n li gi n my Attacker.
Nhng mt vn khc li xy ra: nu thng tin khng n c my B th my B u c bit m tr
li my A, vy sao gi l nghe ln A v B ni chuyn c? Cch n gin l Attacker nh la
lun c B B tng my Attacker l my A, khi d liu t A gi n B (nhng thc ra l n
Attacker), Attacker s gi li 1 bn v chuyn tip n cho B. Khi B tr li li cho A (cng li n
Attacker), Attacker cng s gi li 1 bn v chuyn tip n cho A. n y th chc cc bn cng
hnh dung ra cch m Attacker nghe ln A v B ni chuyn ri h. Attacker trong trng hp ny c
gi l Man-in-the-middle.

Hiepnt@

Mt vi Tool Hack hay

1.Tool Scan link admin
Download Now

2.Tool SQL Injection ProSQLExec v0.5final

http://rapidshare.com/files/181177873/prosql0.5.rar
3.Tool SQL Injection Helper
http://rapidshare.de/files/40875064/Video.rar.html
4.XSS Scanner v1.0

http://www.4shared.com/file/81088771ghiit_com.html
5. Tool hack li SQL Injection a nng cho hacker
Video: http://www.vimeo.com/1536040?pg=embed&sec=1536040

p 10 of 17

Hiepnt@

Download: https://labs.portcullis.co.uk/downloSetup-0909.exe
Update: Pass Unrar www.vnghiit.com
===Admin===

Hack Tools for Hacker

1. CNG C I PH:
+Black Ice by Network ice
http://www.networkice.com
+CyberCop Monitor by Network Associates
http://www.nai.com
+Hidden Object Locator
http://www.netwarefiils/hobjloc.zip
+Ippl
http://www.via.ecp.fr/~hugo/ippl/
+ITA from AXENT
http://www.axent.com
+Kane Security Monitor
http://www.intrusion.com
+Netguard
http://www.Genocide2com/~tattooman/
+Network Flight Recorder Protolog
http://www.nfr.net
http://www.grigna.coolog/index.html
+Psionic Portsentry from the Abacus project
http://www.psionic.com/abacus/
+RealSecure by Internet Security System(ISS)
http://www.iss.net
+Scanlogd
http://www.Genocide2com/~tattooman/
+Secure by Memco
http://www.memco.com
+Secure Shell(SSH)
http://www.ssh.fi
http://www.datafellows.com
+Abirnet/Platinum Technology
http://www.abirnet.com
2. TN CNG T CHI DCH V
+Land and Latierra
http://www.rootshell.com/
+Netcat
http://www.10pht.com/~weld/netcat/
+Portfuck
http://www.stargazerez/portfuck.zip
+Smurft&Fraggle:
http://www.rootshell.com/
+Synk4
http://www.jabukie.cSourcez/synk4.c
+Teardrop, newtear, bonk, syndrop
http://www.rootshell.com/
http://www.rootshell.com/

p 11 of 17

Hiepnt@

3. CNG C LIT K

+Bindery
http://www.nmrc.org/are/bindery.zip
+LEGION
http://www.rhino9.com
+NetBIOS Auditing Tool (NAT)
ftp://ftp.technotronft/nat10bin.zip
+Netviewx
http://www.ibt.ku.dk/jesper/NTtools/
+Nslist
http://www.nmrc.org/tware/nut18.zip
4. CNG C IN DU CHN
+ARIN database
http://www.arin.net/whois/
+Cyberarmy
http://www.cyberarmy.com
+Dogpile
http://www.dogpile.com
+USENET Searching
http://www.deja.com
+WS_Ping Propack
http://www.ipswitch.com
5. CNG C XM NHP CA SAU
+Elitewrap
http://www.multimaniuster/elite.zip
+Getadmin
http://www.ntsecuritty/getadmin.htm
+Hunt
http://www.Genocide2er/hunt-1.3.tgz
+Invisible Keystroke
http://www.amecisco.com/iksnt.htm
+NetBus
http://www.netbus.org
+NTFSDOS
http://www.sysinternals.com
+SNMPsniff
http://packetstorm.hniff-1.0.tar.gz
6. XA DU VT
+Cygwin Win32 cp and touch
http://www.cygnus.com
+Wipe
ftp://ftp.technotrons/wipe-1.00.tz/
7. CNG C QUT
+Bindview
http://www.bindview.com
+Hping
htpp://www.kyuzz.org/antirez/

p 12 of 17

Hiepnt@

+Internet Scanner by ISS

http://www.iss.net
+Nmap
http://www.insecure.org/namp
+NTInfoScan
http://www.infowar.co.uk/mnemonix/
+Scan
http://www.prosolve.com
1. Password cracker, hacking web-site, hacking win9x
+Webcracker:
http://www.zone-x.czeb/webcrack.rar
+BRUTUS AE v.20
http://217.125.24.22/h/brutus.zip.
+GINDERhttp:Scanner automatized
http://packetstormsehino9/grinder11.
+LEGION: legion v.2.1 Scanner
http://packetstormsehino9/legionv21.
+NETCAT: netcat para NT v1.1
http://safariexample01719568/Misc/N
+CAIN: Cain v 2.5 beta 47
http://www.oxid.it/ds/cain25b47.exe
+WINPCAP:
http://winpcap.politWinPcap_3_0.exe
+RAINBOW
http://www.antsight.ack/rainbowcrac
+IRS: Service scanner
http://www.oxid.it/downloads/irs18.exe
+CRACK-FTP
http://217.125.24.22/h/Crackftp.zip
+UDP FLOOD
http://217.125.24.22/h/udpflood.zip
+UDP FLOOD:
http://www.foundstonzips/udpflood.z
+PANTHER:
http://217.125.24.22/h/panther.zip
+WEBSCAN
http://217.125.24.22/h/webscan.tar.gz
+XNSSCAN:
http://217.125.24.22can-0.22.tar.gz
+SHOWPASS:
http://www.ipwar.it/showpassv10.zip
+IP TOOLS:
http://ks-soft.mastaownload/ip-tool
+ESSENTIAL NETTOOLS
http://www.all-nettools.com/ent3.zip
+MSWIN
http://217.125.24.22/h/mswinsck.zip
+SCANNER NETBIO
http://217.125.24.22/h/pqwak2.zipS
+ARP INJECT
http://www.security.es/PTwebdav.zip
+IIS WEBDAV:
http://packetstormsen/arpinject.zip
+HTTP BRUTE:
http://ns13.eb1.biz/nt/mbhttpbf.exe

p 13 of 17

Hiepnt@

+HTTP FLOODER
http://217.125.24.22ketStorm1.3.zip
+RPC SCAN
http://217.125.24.22/h/RpcScan101.zip
+MD5 BRUTE FORCE CRACKER
http://dev.code-mx.nf/md5_bf.tar.gz
+MDCRACK
http://mdcrack.df.rurack-1.2.tar.gz
+GENXE
http://genxe.sourcef-beta-0.9.0.zip
2. HACKING NT/2000
+NT-rookit 0.40
http://www.megasecur/Nt_rootkit0.40
+Hacker Defender v1.0
http://hxdef.czweb.ose/hxdef100.zip
+RK DETECTOR 0.62
http://www.haxorcitotectorv0.62.zip
+NETBIOS AUDITING TOOL
http://217.125.24.22/h/nat.zip
+GET ADMIN
http://217.125.24.22/h/getadmin.zip
+PWD-DUMP2(extract info del SAM file)
http://packetstormse/NT/pwdump2.zip
+PWD-DUMP3
http://packetstormse/NT/pwdump3.zip
+LOPTH: CRACKEADOR PASSWORD
http://217.125.24.22/h/lopth.zip
+NTFS DOS
http://217.125.24.22/h/ntfsdos.zip
+UNICODE Scanner del Unicode
http://217.125.24.22/h/URLScanner.zip
+IIS-CRASH
http://217.125.24.22/h/Iiscrash.zip
+SQLPOKE: MSSQL SERVERS
http://packetstormseers/Sqlpoke.zip
3. KEYLOGGERS-SNIFF
+WINDOWS KEY LOGGER 5.04
http://www.littlesister.de/keylog5.exe
+PERFECTKEY v.1.4
http://217.125.24.22/h/i_bpk2003.zip
+NUCLEAR keys v.1.0
http://www.nuclearwilear%20Keys.zip
+SNORT 2.1.1(Sniffer)
http://www.snort.orgrt-2.1.1.tar.gz
+RP-KEYLOG
http://217.125.24.22ylogger-0.1.zip
+XLOG
http://217.125.24.22/h/xlog2.21.zip
+TECLAS:KEYLOGGER
http://217.125.24.22/h/teclas.zip
+SCKEYLOG
http://www.astalavista.com/tools/
+TINY KEYLOGGER

p 14 of 17

Hiepnt@

http://217.125.24.22/h/TinyKL.zip
+INVISIBLE KEY LOGGER
http://www.amecisco.com/iksv12d.exe
+SPYNET
http://packetstormset/spynet312.exe
+SNIFFER
http://217.125.24.22/h/Sniffer.zip
+WINSNIFFER v.1.22
http://www.securityftools/ws122.exe
3. CRACKEADORES
+ADVANCED ACT PASS
http://www.elcomsoftACTPR/actpr.zip
+ADVANCE OUTLOOK EXPRESS PASS
http://www.elcomsoftAOEPR/aoepr.zip
+ADVANCE PDF PASS
http://217.125.24.22/h/apdfpr.zip
+ADVANCE OFFICE XP PASS
http://www.crackpassdl/aoxppr_s.zip
+ADVANCE RAR PASS
http://www.elcomsoft.com/ARPR/arpr.zip
+ADVANCE INSTANT MESSENGERS
http://www.elcomsoftAIMPR/aimpr.zip
+PASS CACHE
http://217.125.24.22/h/E-pwdcache.zip
+IM PASS RECOVERY
http://www.elcomsoftAIMPR/aimpr.zip
+MS-OFFICE CRACKING
http://217.125.24.22/h/Msofpas.zip
+ADVANCE ZIP PASS
http://www.elcomsoft.com/AZPR/azpr.zip
4. BIOS
+BIOS
http://217.125.24.22/h/BIOS320.zip
+OS-CRACK
http://217.125.24.22/h/cmospwd.zip
+AWARD MODULE BIOS 4.50
http://217.125.24.22/h/awardm.zip
+WIN-BIOS
http://217.125.24.22/h/winbios.zip
+KILL CMOS32 v.1.0
http://217.125.24.22/h/k-cmos32.zip
5. SCANNERS
+APPACHE
http://datafull.com/acheChunked.exe
+RANGE SCANNER
http://217.125.24.22angeScanner.zip
+HTTP:
http://217.125.24.22PCracker1_0.zip
+MULTI SCANNER EXPLOIT
http://217.125.24.22ultiExploit.zip
+UNPERSCAN

p 15 of 17

Hiepnt@

http://www.foundstons/superscan.exe
+SAINT
http://www.saintcorp.com/downloads/
+NMAP
http://download.inseapwin_1.3.1.exe
+NET-SCAN
ftp://ftp.netscantoo/pub/nst420.zip
+LANGUARD:
ftp://ftp.languard.com/lannetscan.exe
+SHADOW
http://www.safety-lab.com/SSS.exe
+SHADOW
http://www.rsh.kiev.ua/ShadowScan.exe
+NECROSOFT SCAN
http://217.125.24.22can0666b14f.zip
+PORTSCAN
http://217.125.24.22/h/portscan12.zip
+PORTMON (TCP/IP)
http://217.125.24.22/h/portmon301.zip
+EXPLOIT SCAN
http://www.megasecurloitscan2.0.zip
+PORT TEST
http://217.125.24.22/h/porttest.zip
+SCAN-DMN
http://217.125.24.22/h/domainscan.zip
+IP-SEARCH
http://www.panix.comh/iptoolb2i.exe
+AMAP
http://packetstorm.security-guide.de/
6. TROJAN
+INSUREC:
http://www.evileyesonsurrection.zip
+OPTIX
http://www.evileyesoes/OptixPro.zip
+TROJAN HACK TOOL
http://217.125.24.22/h/Skanner.zip
+URKTROJAN
http://www.turkojan.com/turkojan.zip
+CS-TROJAN
http://home.arcor.depter/trojan.zip
+ASSSIN
http://www.evileyesoes/assasin2.zip
+CYN v.2.1
http://217.125.24.22/h/CynV2.1.zip
+NEXUS
http://217.125.24.22rtalInstall.zip
+NETDEVIL
http://217.125.24.22/h/netdevil_15.zip
+NETBUS
http://home.t-onlinege/nbpro201.exe
+SUB7
http://www.sub7filesv2.1.2_Muie.zip
http://www.sub7filesv2.1.1_Gold.zip
http://www.sub7filesv2.1.2_Muie.zip

p 16 of 17

Hiepnt@

http://www.sub7files2.1.3_Bonus.zip
http://www.sub7files1.4_Defcon8.zip
http://www.sub7filess/Sub7_v2.2.zip
+BIONET
http://217.125.24.22ioNet_4-0-5.zip
7. FLOOD
+SMURF
http://217.125.24.22/h/Winsmurf.zip
+X-FLOOD
http://217.125.24.22/h/X-flood.zip
+ICMP BOMB
http://217.125.24.22/h/Icmp.zip
+WIN-BNC
http://217.125.24.22/h/winbnc.zip
+NSBNC
http://217.125.24.22/h/nsbnc.tar.gz
8. BOMB MAIL
+MINOZA
http://www.sunmatrix.net/do/minoza.zip
+DEMAIL
http://www.zstools.cad/edeb_set.zip
+MBBOMBER
http://www.softheap.load/bomber.zip
+UBI
http://217.125.24.22i_anonymous.zip
+KABOOM
http://217.125.24.22/h/kaboomv3.0.zip
+FMBOMB
http://217.125.24.22/h/fmbomb.zip
+X-MAS2000
http://217.125.24.22/h/xmas2000.zip
+BOMBITA
http://217.125.24.22/h/bombita.zip
+BTOPMAIL
http://217.125.24.22/h/topmail.zip

p 17 of 17