Scribd Logo
Upload

Welcome to Scribd!

  • CEHv10 Module 10 Denial-Of-Service

    Uploaded by

    Андрей Скворцов
    70 views37 pages
    Denial-Of-Service

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Denial-Of-Service

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    Download as pdf
    70 views37 pages

    CEHv10 Module 10 Denial-Of-Service

    Uploaded by

    Андрей Скворцов
    Denial-Of-Service

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    Download as pdf
    of 37
    CEH Lab Manual Denial-of-Service Module 10 vibe P enya inollge Bi wrowie D wostenkeniee Grits Mime Pt Denial of Service Denial of Serie (Da8) isa type of attack on «computer or network that prevents egitiuate use of its resorees, Lab Scenario In computing, « denal-of service (DoS) attack isan atempt to malee a machine for network resource unavailable to its intended users, Although che means, ‘motives, and targets of a DoS stack may vay, it generally consists of the efforts ‘of one or more people to temporarily or indefinitely interrupt or suspend services of «host connected tothe lntemet. Pespetrtors of DoS attacks typically target sites or services hosted on high- profile web servers suchas banks, credit-card payment gateways, and even root (One common method of attck involves saturating the target machine with ‘external eommanications requcr, so that it cannot re=pond to legitimate rfc, for it responds 20 slowly as to be rendered essentally unavailable. Such atacks vusuly Teed to a server ovesload, DoS attacks can essentially diable your ‘compinter of your network. DoS stacks can be hcrative for criminals recent tucks have shown that DoS stacks are away for eyber criminals to profit Asan expert Fihical Hacker or Pen Teste, sound knowledge of Denial of Service snd Distributed Denial of Service attacks is must in onder to detect and nevtrlize stack handlers and mitigate such atacks. The labs ia this module give a hands- ‘on experience in auditing a network against DoD and DDoS attacks. Lab Objectives “The objective ofthis ab isto help students eam to pesform Denil of Service artcks and testa network for DoS favs. In this ab, you wil * Pesform a DoS attack by sending a large number of SYN packets continuously + Pesfarm a FITTP flooding attack + Peefosm a DDoS attack Detect and analyze DoS attack trafic Bram Overview Lab Emvironment “To complete this lab, you wil need Window Server 2016 running in viral machine 4+ Windows 10 running in vr machine 1 Windows Server 2012 running vir) machine + Windows® munning in imal machine ‘+ Kali sunning in virmaal machine + Avwel browser with Internet acces Administrative peiigges to sun vols Lab Duration “Time: 6 Minates Overview of Denial of Service Denial of Service (DeS) is aa atack on a computer oF nework that prevents legiimate use of its resources. In a DoS attack, attackers flood a viti’s system ‘with legitimate service requests of tafie to overload its resources and prevent it fom performing intended tasks Lab Tasks Recommended labs to asst you in Denil of Servos: 1 SYN Flooding 2 Target Fost using Metasploit 1+ SYN Flooding a Target Ho sing mpings ‘+ Performing Distrbted Denial of Service Attack using MONE. + Dewesing and Andyaing DoS Atuck Tiffic using KFSensor snd Lab Analysis, Aralye and document ihe rest elated to this hb execs. Give yon opinion of your eget secriy postr and exponire. PLEASE TALK 70 YOUR INSTRUCTOR IP YOU HAVE QUESTIONS “carta viamal byea®——~SCS*S*~S*SCSCSSC ge CON Miaipecowwes tpmctons cy Poe vie F Teej tole BD webomie DD wertont iw tT inal Pa SYN Flooding a Target Host using Metasploit A SYN flo isa form of deni of sevice attack: in which an aback rnd a sceston of SYN requests fa targt machine ina attempt exhausts rerarces cand ruck it weresponsive tliat incoming trie Lab Scenario oS anacks area kind of security break that does not generally result the thet of information. However, sexe atacks can harm the target in tems of time and resources. On the ober hand, failure might mean the loss ofa service such as email. Tnaworstease scenario, aD attack cia mean th acintaldestruson ofthe ies ‘and programs of milios of people who happen tobe surfing the Webatthetime of the auack “Though tbe chances of sicxsfl SYN floding are fever because of alvanced netweing devices ad tafe contol mechans, atackers can lunch SYN ‘ooding stacks cay wing packet cafing tol As an eal hacket or pen eter, “You must assess your network resources for a SYN flooding attack. Lab Objectives “The objetive isto hlp stents ween hwo: 1 Spoof iP Address ofthe Atacker Machine + Pesorm SYN Fling onthe Tage Machine Lab Environment “Topaorm this, you net: Windows Server 2016 machine Kall Linax viru machine Windows 10 vital machine Biagictncel epcichen hed eh Draen ‘Tost for pon Port Ca ak anal ac "+ Wireshark locate! at ZACEH Tool\CEMV10 Module 10 Deniabot- ServiceiWreshark ‘+The atest version of Wireshark can be alae at netpastww wireshark orp(download tm! 1 Adiministative Privileges to ran the tools "+ Ifyou decide wo doweload the atest wos, sereanshors might differ Lab Duration “Time 15 Minuses Overview of the Lab ATCP Sesion establishes » connection wsing « three-way handshake meckanism. “The source sends a SYN packet to the destination, The destination, on receiving the SYN packet, esponds by sending a SYN/ACK packet back to the source, This SYN/ACK packet confirms the arival of the fist SYN packet to the source In ‘condusion, the soure sends an ACK packet for the ACK/SYN packet sent bythe desaasion. Ina SYN attack, dhe attacker exploits the duee-way handshake mediod. Fir the attacker sends fake TCP SYN request to the target server, and when the sever sends a SYN/ACK in response 0 the cent (atsckes) request, the client never sends an ACK response This aves the server waiting o complete the connection. Lab Tasks (Note: Before beginning this Ib, log on to the Windows 10 vrrul machine and ensure thatthe firewall is tured off 1, Log into the Kall Line virmal machine 2. In this lab, we ate peing to perform SYM Moding on the Windows 10 machine rough port 24 3, So, let us determine whether port 21 i open or not. We shall be using [Nanap to determine state of the port 4. Type the command nmap -p 24 [IP Addross of Windows 10} and press Enter ‘Note: "The IP addsess of Windows 10 usd in this ais 4 ‘might vary in your ab environment. 1400, which ‘The resaltrenuned by Neap states thatthe por is open. HGR Cc Open Ho Note: Ifthe port tums out t be closed, look forthe other open ports using Ninup. 6. Now thatthe result stating the pos is apen, perform SYN Bonding on the victim machine (Windows 8) using port 21 7. In this ab, use an auxiliary mode named synflood to perfou DoS steack on the machine. Launch this module from mafeonsol Foon 8. “Type mafeonsole from 1 command-line terminal, and press Enter to a launch msfeonsok. 9. “Type the command use auxliarylositepisynfload 2nd press Enter 10. This launches the synflood modal 11, Let us determine which module options need to be configured to begin the DoS attack 12, So, type show options and press Enter. ‘Tis displays all the options associated withthe awilary module 13, Here, SYN floading oa port a4 of the Windows 40 eachine will be performed by spoofing the IP Address of Kall Linux with that of the Windows Server 2016 machine. 14, Issue the following commands: 4. Sot RHOST IP Addross of Windows 10] D. set RPORT 21 set SHOST IF Address of Windows Server 2016] 15, By sezing the SHOST option to [Address of Windows Server 2016), you are spoofing the IP Address of Kall Linux machine with that of Windows Server 2016, 16, Once the suxiliry modi i configured by sering stat the DoS attack on Windows 40 machine ne required options, 17, To begin, type explo and press Enter, 1K, This begins the syn fonding om the Windows 40 machine Trance a — 19. To confiam, switch to the Windows 10 machine, launch the Wireshark SS application, select an interface, and click Start. FICE png Tigh Waka 20, Wireshark displays the traffic coming from the machine, a8 shown in the "Gomme 21, Here, you can observe thatthe source IPaddeess i that of the Windows Server 2016 machine.'This implies thatthe IP Adds of Kal Linsx has ‘been spoofed, 22, Now, open Task Manager in che machine, aud cick Performance tab, Wait for 1048 seconds; you will observe that the CPU usage has increased drastically, which implies that the Dos attack i in progress on the machine. If the attack is continued for some time, the machine's resources would be completely exhausted, and it wil stop responding, “Geir Mimal yea) —~—~SCS~*~*S*S*SCSTSC a Game Ci Oe Ke Bagi dol pec ae es 23, Once the performance analysis ofthe machine i done, switch tothe Kali Linax machine and press Gtr+€ to terminate the atack. 24, Thus, you have mccesflly spoofed the IP airess and performed the [DoS ntack onthe vic machine Lab Analysis Analg nl document he reacted othe lab exerci Give your opinion about the woges sects pose ad exponie Dyes S.No Pam Suppor | classroom Mitabs | Va F rotyour Bi waves Dveitenk ew SYN Flooding a Target Host using hping3 bping3 io command line oriented TCP/IP packet assembler] analyzer Lab Scenario [A SYN flood iss form of denial sevice attack in which an attacker sends a ‘succession of SYN requests to the tange's system to cossume enough server resources 19 make the system unresponsive to legitimate wae. [A SYN flood attack works by not responding tothe server withthe expected [ACK code. ‘The malicious client can either not send the expected ACK, or spoof ‘the source IP address in the SYN, causing the server to send the SYN-ACK to a falsified IP address—which will not send an ACK because it "koows" that it ‘never cent a SYN, The server will wait for the acknowledgement for some time, ‘as simple nenwork congestion could alzo be the eause of the missing ACK, bat in ‘an attack increasing lange rumbers of half-open connections will bind resources ‘on the server unt no new connections is be made, resulting ina denial of service +0 legitimate taf, Some systems may elso malfanetion badly or even crash iF ‘other operating system functions ae starved of resources i ths way. ‘As an expert Ethical Hacker or Security Administrator of an omguniaation, you should have sound knowledge of DoS and DDoS attacks and should be able to detect and neutralize attack handlers. You should use SYN cookies a8 4 ‘countermeasure aginst the SYN flood, which eliminates the resource, allocated fon the target host, Lab Objectives “The objective of this abi to help suadents learn to perform Dos attacks and test the network for DoS fas In this ab, you wil: 1+ Perform DoS attacks Send huge amount of SYN packets continuously "Ekectnweed tpactoes aay Make ‘tis ab are valle at Tools CEMVIO Module 10 Deniat otaen Pertorm SYN Flooding using ‘pings Lab Environment ‘To complete thi © Windows 10.5 the victim machine ‘+ Kuli Tin viral michine as the atacer machine "+ Wireshark is located at ZACEM-ToolSICEHV10. Module 10 Denial. ‘ServicelWireshark Lab Duration “ime: Mines Overview of hping3 log ia network toal able to send estan TCP/IP packets and to pay get repli inthe same way that pln progam doce with ICMDP reps ping Randes ffagmentation, abivary packes’ body and size, and can be wed to taser les ‘encapmiatd under supported protocols Lab Tasks 1, Before begining this ab, login wo the Windows 40 virtual mechine and keep the machine ntact nb, you will need Login to dhe Kali Linux vistal machine. “Launch the hinge uly ftom the Kai Linux Applications menu, 4. To launch, go 10 Applications > 01 - information Gathering > Live Host Identification > hping®. FAAP LEE P RSE 5. 6. In command shell, ype hping -5 [IP Address of Windows 10) -a 40.10.40.44 -p 22 flood and pres Enter Note: Ie this lab, the IP Adkkess of Windows 10 (tin) machine is 110.10.40.10; this ight vary in yout ab environment 110.10.10.14 refers tothe TP adres of the atacker machine Le, Ka Linux and the IP Address of this machine might vary in your ab environment. 11. This inkistes the SYN flooding on Windows 10. I as 8. ping floods the victim machine by sending bulk SYN packets and overloading victim resets 9. Switch co the vet's machine (Windows 10) Ins and Inch Wireshark, select an interfice, and sat capering, 10, You will observe dat the applicaon eapuires tac, as shown in the serershote DA ipecs min eioie Sriaee neces Soca ~ ina owe "Terenure 11. You sent hoge number of SYM packets, which caused the victin’s machine ‘ocrash, Lab Analysis ‘cue the ess gered crn hs ab PLEASE TALE TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS “Gamat SSC gad Ge Ci Oy BE “Eijcinwen peters dy ee Performing Distributed Denial of Service Attack Using HOIC A ditribated devial of seria (DDoS) attack inobes a group of compromised sprtens wcualy infected with Trans used 0 perform a DoS tac on a tr syste or network: Lab Scenario A disributed denial of service (DDoS) atack is» mote sophinisted form of DoS. TTESHTET— tack in which, n some cates, itis dificult to tce the atackers.A DDoS attack sa vane Iasgesal, coordinated atack on the availablity of services on a victim's sytem oF ‘nian eswork,aunched indeed Hough may exmpeomised comps on the Ieee. 7 age: A DDoS stack uses many computers to launch a cooadinated DoS attack against oe vale ot mote targets. Using client/server technology the perpetrator ible to mip the are, ‘ffecivenest of the DoS significantly by hamessing the resources of muliple A Nice — owing accomplice computizs, which serve as attack platforms. ‘The Hood of ‘incoming messages event forces the target system to shut down, thereby denying service mlegimate uses "These attacks come for various machines that can bein the sme location or various “otherlocstons. Aslatge mimbers of “zombies” panicipate in his artack, an enoemoas mount of tfc is directed onto the vicim machine, resling in temporary oF permanent damage of is rscutces, [Asanexpert Ethical Hacker snd Penetation Tester, you must he awate ofl ypes ‘of DoS temps eid prevent them from affesing information systems, Lab Objectives “The objective of this lab is to help students lear how to perform « DDoS ateack—in this ese, HTTP Flooding, ‘Gata Maal Pest Fo Te0te “demonstrated in ‘TootsicEHwI0 Module 10 Denia rere Log nto Lab Environment "To complete thi Ib, yo will need: 4+ HOIC wool located st ZACEH ToolICEHV10 Module 10 Doniatot- ‘SorvicoDoS and DDoS Attack TeotsiMigh Orbit lon Cannon (HOIC) You can download the latest version of HOIC from the link ttpztzourcetorge.netprojecteinighorbitioncannon’ 1+ IFyos decide to dawnload the latest version, then sereenshots shown in the ab might differ 1+ Windows Server 2012, Windows 10 and Windows 8 viemal machines a5 attacker machines ‘+ Kal Linux viral machine as target machine 1 Administasive privileges wo nan vols Lab Duration “Time: 20 Minutes Overview of HOIC “igh Orbit Ton Cannoa!” of HOTC for short isa neswore stress testing tool for Junching DDoS atacks HOIC eases DoS through the wse of HTTP floods, HOIC thas a built-in scripting sytem that accepts oie file called “boosters,” allowing wer to implement some anti DDoS randomization countermeasures, a¢ well as increase the magoimde ofthe aac. Lab Tasks 1. Before begining this lab, log into the Windows 10, Windows Server 2012, Windows 8, nd Kal-Liine viral machines. 2, In dae Windows 8 view machine, navigate 10 ZACEM-Tooks\CEHV10 Module 10 Denial Service\DoS and DDOS Attack Toots nd copy the Migh Orie Jon Cannon (HOIG) folds onto the Desktop. ‘Note: To perform the DDoS aac, un this tool from various viral machines st once So, when you san the tol det fom 7: (in virtual machines at tine), terors might geo. To avoid errs, copy the folder High Orbit fon Cannon (1G ecvidually onto each machine, and then run the to. 3, Smiley, follow the previous step and copy the High Orbit fon Cannon {HOIC) folder on the other vinual machines respective Descops. "ie tig Gone Cah © Em ‘iis lcerel Rpmdet ch) Peta = 4A. Now, switch tothe window 10 virtua machine TAS Navigate to the Desktop, open High Orb fon Gannon (OIC), and double- ‘configure Hote ick hole2.A.ene OIC GUI sppears on the sereen, dick “+” (below TARGETS), The MOIC- [Target] pop-up appears. Type th yet URL itpuP Addross ofthe targot machine] inte URI. field dle the power har‘ Migh, select ‘GenerieBoosthole booster rom the drop-down lis, and cick Add [Note:The IP sxkdress cour in thi lab that ofthe Kal Lins veal machine and might differ in you ab environment corey Target un fae Troro TO = Teton Tah Boose (eve lank less u know what din) POURS NO imple 8. Set the THREADS vaixe o 20 by clicking the > button uni the wale reached. 9. Now, suich to Windows Server 2042 ar] Windows 8 veal machine and follow te stops $8 10 launch HOIC and coniigure it Barre — 10. Once HOIC is contigured on all the machines, switch w each machine and = click FIRE TEM LAZERI. 1, This ints the DDoS auack on the target Mall Linx machine 12 Seitch 10 the Kaw Linux virual machine, and lawnch the command tine terminal 13, Type wireahark in the termi, an pross mtr. T=aeuET eee] coe ua Eto dng loading: [string ssharewreshardint.ua 4: doe hasbeen 15, The Wireshark GUI appears; select a network interface an click Start Copture ng tn Ear age =] tate ton Giga 9 See rence ca: 1S fins ue seer ee Learn Unde WA ected ees - iste “oven et 24 (tev Union om io URES Sani ote ape “Glavtakitomar gs —~SS*S*SC a Once Capa sm Tiida keen scr Me 10 -Denatot Serve 1G, Observe that Wireshark stars capeuring a large volume of packets, which means the machine is expericncing a huge number of incoming packets "These packets ae coming rom the Windows Sorvor 2012, Windows 10, an Windows 8 vr machines. Ca a Maal 10, Leave the machine inact fo 5-10 minutes, nd then open it again. You will ‘observe that the performance of the machine is slighty affected, and its ‘response dowing down, 18, In this, only three machines are demonstrate flooding a single machine. there ses lsge number of machines performing foading, then the get Kal Linux machine's resources ere completely consumed an the machine ‘overwhelmed, 19, In geal ime, a group of hackers operating hundreds or thousands of machines ‘configure this tool on their machines, comminicate with each other throngh IRGS, and simulete the DDoS stack by flooding target machine/ website at the same time, The target is overwhelmed and stops responding to user requests or starts deopping packets coming from legiimate users. The lager the number of attacker machines, the higher the impact ofthe attack on the target machine/webste 20, On completion ofthe lb click FIRE TEM LAZER! again, and then dose the HOIC window inal the attacker vital machines Also close the Witeshaske ‘window in Kat Linux, "teal aking nd Goce Cosh sm Mitten eptetone Sey eee Lab Analysis. Analyze and document the results rated to this ab exercise. PLUASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS Intemet Connection Required Yes RINo Platform Supported, © Classroom Babs Sa Cg Com ap “ith tenral mn ey Poe Py vaabe F onyne Tnosllge Ba whew GD wert veo ‘aia Nan as Detecting and Analyzing DoS Attack Traffic using KFSensor and Wireshark KP Sensor is a Network Intrusion Detection Tol that is equipped with several ‘mechanisms to counter DOS attacks. The tol alos yu to termine the maine: ber of. connaton othe machine per TP adres, Lab Scenario KiSemsorisa Windows-based honeypot Intrusion Detection System (IDS) Ie acts as ‘honeypot to atc and detect hacker and worms by simalating vulnerable sytem services and Trojns. By acting as a decoy server, it ean diver stacks from cical systems and provides s higher evel of information than firewalls sod NIDS alone. IKSemmor i dodged for use in « Window bed corponte envionment and comin eit sod iss Bacal sciva tae merece Soot comple sigan engine snd emulsions of Windows neworkag protocols AS tn cil beter oe sexy admins, you ean at Kent aot Jour ework nasroctare past Do ack. Lab Objectives ‘The chron ft nt hep deo noasnd hore + Devt De stck sing KFSenior 1) nmi the ncn pct dump ing Wisc: Lab Environment “operon this ab, yo wl na + Windows Server 2016 machine + Kaioux vista machine Windows 10 imal madine Gran 1+ WF Sonsor locscd st 2ACEM-ToolSCEHV10 Module 10 Deniatof Service\Honeypot ToolaikFSensor ‘+The latest version of KFSensor can be avaiable st httptlwnm eyfocus.nethfsonsoridownload + Wireshark locata! st ZACEH-ToolsCEHv10 Module 10 Deniatof. ServceiWireshark ‘+The latest version of Wireshark can be avaiable st hitpstlwrw.wireshark.orp download. tm! 1 Adminitaive Paivleges to nun the tools 1+ Ifyou decide o download the test tools, serenshows might dif Lab Duration "Time: 20 Minutes Overview of the Lab KFSenso's rule bate danatre engine can densify known attack patterns which helps in analyzing the nature of an event. It contains a Windows eeworking/ ‘NeBIOS/SMB/CIFS eration hoveypot his unique feature enables it wo detect, theatre ofatacks om fie shares and Windows administrative service, curently the ment prevalent and damaging on the lternet. "This ab demonstates che proces of DoS atuck deweson, Here, we will fis search {foe an open port cathe target machine (here, Windows 10} and perform DoS attack though an open port on the machine. Lats, we vill use KPSensor to detect the suck, and then examine the packets that were logge by KT Senso. Lab Tasks ‘Note: Launch the Windows 10 and Kali Linux virtual machines before begining this lb, 1, In Windows 40 virual machine, navigate to ZICEHToolSCEHVIO Module 10 Denlal-ot Serviceonoypot ToolsiKFSonsor and double- click kfsons40.mat, 2. fa User Account Control pop-up appears, click Wes, Gata Mana Pea ‘iBall 3. The KFSonsor Evaluation Setup window spear; folow the wizard- eiveninsalltion teps to install the application [i cco Ranwonsae = z Welcome to the KFSensor Evaluation ‘Setup Wizard grayer Cat serine Cres Demme sete 4, Completed the KFSensor Evaluation Sotup wizard eppecrs, uncheck Launch KFSensor option end cick Finish. Fe = x Completed the KFSenser Evaluation Setup Wizard “ “Best epeicho ed a-ryrrea Configure KFSoncor 5. Launch KPSeasor as Adminstrator, navigate to Start > KFBensor and tight-dick on KFBen the seteenshot > More > Run ae administrator s shown in 6. the User Account Control pop-up appears, click Yes. ‘When the aplication is being launched forthe fist im the KFSensor Sot Up Wizard wiedow appew ike Cane! button, 8. Inthe KFSensor application window, click settings from the menu-bar snd cick Set Up Wizard... shown inthe sereemshot 9. ‘The KI'Sensor Sot Up Wizard appears click Next bation, Up Wiad * “The KFSengr Set Up Ward witake you though _anunber of seps to corigae you seem, Af these can crfigratons canbe node ater ‘sngthne men eptone ‘Yount tke to readthe manus atthe porto lem how KFSentor wots andthe concept behind Gag ted Fa ent cere Sp Wend Wat | Giese SC een “SR oel hapesctons ety Pe 10, Inthe Set Up Wizard - Port Classes window, check all the port classee to include, an click Next. L,In the Set Up Wizard - Native Services wizard, check all the ports with all active native services, and cick Next Bp Ward Nae Some [UDP 3702-WSOscovey Sena can rata he act tte xing ces coset Shectg toa haw theses bork nam eases nt Sogetsonanancn “a alon KFS mono pat dec men ncheck (feor the nconenaed somiorscomrosned Setyle besten we BBCP olsen (Waste = CD ow ‘Gta Maal Pe ‘ial ekg oe Canc Cop Oy Emel Tips toweet upmctons td Rae 12. Inthe Sot Up Wizard - Domain window, lave the Domain Name field set to defale, apd click Met. 13. In the Sat Up Wirard - EMail Alerts window, leave the options set 1 default and click Next. 14. In the Set Up Wizard - Options wizard 1. Select Cautious from Denial OF Service Options drop-down lst 1h Select Enable packet dump files from the Network Protocol ‘Anaiyzer drop-down lit 15, Click Next. ‘ttt Waal Pao "Bika Hacking al Coma Crh Ey Enc “itdtrtoel sinters Sexy eet 16. This sets the DoS options to Cautions mode and saves the packet dump files at the time ofthe DoS attack OUR 431 Opn Wid 17. In the Sot Up Wizard - Systoms Service wizard, leve the option set 10 ‘default and cick Next. Up Wand Seen semee ina as tes serve Antara tron a eos yor cl cleten Pat Wodont arene Reged ond amen carcastoa UNC ‘he Sec See become nner eed ter 20YoUcan (jl wh enon cv logon aang The Kare Serer can be corfgundto ata oman ene ise verbo slg ‘Yeoman cope mathe Adee as atene ance, Gaia se SSSSCSCSC*R Rg Gm Co ‘igi kneal gett Sey a Moa 10 -Doiatat Serve 18, Ln dhe final step ofthe Sot Up Wizard wizard, click Finish. Up Waaard- Finch ‘The KF Sensor Set Up Wizard ha now os althe fomation reeds to cofgure yur sem Tereadp on whareto go fom here clck the btn below Gating Stated te onthe Evataton Veron Wie hope hat yout he KFSenor evan hl pero flour to evaute KFSereer Fyou wouldiketo Mave an ‘Geended wal pened ohave ursona eltedto the rodut ther gat touch mh use ip mw keyocusrtcrtac/ 19, The KFSensor Professional window appesrs Click FTP under TEP, “Gatiatea Rene Ei tacngad omen cn Ting tnorl Rebelo Sy Peer Brasxs Do Attack CTT Mena Pao "Ek Hag Coma 20, IF the FP icon is green, and the FIP section is empty, itmeans curendly there fs no naff though port 21. 21, Now, KFSensor is configured to detect the DoS stacks that would be perlormed oa the Windows 40 machises from this point forward 22, So, perform 2 DoS stuck on this machine through port 24 from an stacker machine, Kall Linux. 23, Switch tothe Kall Linux viral machine and open command prompt. First tas is to check whether port 21 is open on the target machine by sing Nmap. 24, The command used to check the status ofthis ports nmap +p 21 (1 [Address of Windows 10), Note: The IP Address of windows 10 machine in this lab is 10.40.10.40, ‘which might difer in your lab environment. "ixtsetooral Racket sb Poe 25. Observe that port 21 is open, as shown in the screenshot 26. Use this port w ood the victim machine, 27, Pecfoum SYN flooding on the victim machine using hping3. 28, To begin flooding, ype the command mping3 -# 100 -p 21 flood [1 ‘Address of Windows 10] and press Enter. ‘Note: The IP address of Windows 10 machin is 19.10.10.10, Tao 29, Here, we are performing SYN flooding (8) onto the viesim machine through port 21 (— 24), where the data size of each packet going tothe machine is 100 bytes ( 100) aia ingame SEE Ra 30, Once you enter the command, switch to the Windows 10 machine and ty to explore i, Observe that the machine's screen is frozen, which means thatthe resources of Windows 10 are completely exhausted, "This means thatthe DoS attack ie being successfully performed. 31, Now, switch to the Kall Linux machine, and prest Ctr to terminate SYN Booding Rrasn 32, Switch o the Windows 410 machine; you should now be able vo access it Detect 53, Now the FTP icoa inthe left pene changes to red, and the FIP section os attack in the right pane is flooded with a lst of events, 34, Scroll down the section; you can se an event withthe name DOS Attack, @sahuynss 35. This concludes thaca DOS KFSensor has detected the DoS attack 36. Choose a random event, pht-lick of it, and select Event Details.‘ view deta ofthe selected event. Gia SCR aa Co Tier omve apenas Sy eat 37. An Event window appears, displaying the event summary (on the ‘Summary tab), which contains che severgy level ofthe event (Migh), the

    You might also like