Professional Documents
Culture Documents
Hacking
Hacking
Contents
Introduction ................................................................................................................................ 2 Study Area Coverage ................................................................................................................. 3 Technology & Further Exploration............................................................................................ 7 Conclusion ............................................................................................................................... 10 Personal Thought ..................................................................................................................... 11 References ................................................................................................................................ 12
[Type text]
Page 1
Introduction
Denial of Service (DoS) Attack, are attacks on computer systems that aim to disrupt or terminate services provided by the systems. On the Internet, this usually means (repeatedly) crashing services or exhausting some limited resource. DoS attacks can often be performed over the network, and exploit security flaws that exist in the services. DoS will probably block access to resources, flood network, degrade performance, causes server to fail. Another way to view this, DoS attacks is by exhausting the network bandwidth of a site, exhausting the inbound network connections of a service, crashing a service using some security flaw or crashing the computer running a service using some security flaw.
[Type text]
Page 2
CSC 1111 Fundamental of Trustworthy Computing weakest link in an environment, for example if a web-farm of a hundred servers relies on a single back office host to authenticate users, an application attack may be able to directly target it. Application attacks are harder to trace, because application level attacks normally use HTTP or HTTPS as their transport. Proxy servers can therefore be used to obfuscate the true origin of the attacker; and many are available for an attacker to redirect his malicious traffic. Many of these proxy servers do not keep logs of connection attempts and could therefore successfully hide the true origin of the attacking host. ` Automated data submission, web application architects and designers frequently
assume that the user of the application is a person and not an automated script. This assumption often leads to vulnerabilities that can be exploited by attackers who craft automated tools to attack the application. A simple example would be a dictionary attack on the authentication process. If a username is known, an attacker may automate the login process using passwords from a dictionary of common words until a match is found. There are many tools available to perform dictionary attacks on various protocols. Similarly, variations on this theme can be used to attack specific weaknesses in the applications design, for example by overwhelming application functions, invoking race conditions or systematically attacking multiple entities. Any data sent from the client-side may be manipulated by an attacker, from obvious form elements that are completed by the user to hidden fields, cookies and bespoke data channels. Commonly, manipulation of this data before sending it to the server results in errors or unusual application behaviour even as a result of simple modification such as sending letters instead of numbers. These back-end errors may in turn lead to exploitable vulnerabilities. Attack classes divided into 2 parts, resources abuse and starvation and exploitation. For resource abuse and starvation, The simplest way to attack an application is to exceed expected use beyond the capacity of the environment. This is conceptually very similar to a Network DoS attack in that it prevents legitimate users from accessing the application while it is forced to deal with many false requests. Exploitation is more sophisticated attacks based on an analysis of the application and its functionality, and identification of susceptible components. This may involve overflows on application buffers to crash the components on the servers themselves, or destruction of back-end data through SQL insertion for example. [Type text] Page 4
CSC 1111 Fundamental of Trustworthy Computing The Example of simple DoS attack.
[Type text]
Page 5
DDoS Attack
[Type text]
Page 6
[Type text]
Page 7
CSC 1111 Fundamental of Trustworthy Computing If you are running a network with outdated devices this will indeed be a possible threat to your network. In this case, upgrade your devices if possible. Phlashing is a permanent denial of service (DoS) attack that exploits a vulnerability in network-based firmware updates. Such an attack is currently theoretical but if carried out could render the target device inoperable. In the teardrop attack, packet fragments are sent in a jumbled and confused order. When the receiving device attempts to reassemble them, it obviously wont know how to handle the request. Older versions of operating systems will simply just crash when this occurs. Operating systems such as Windows NT, Windows 95, and even Linux versions prior to version 2.1.63 are vulnerable to the teardrop attack. As stated earlier, upgrading your network hardware and software is the best way to stay secure from these types of attacks.
[Type text]
Page 8
CSC 1111 Fundamental of Trustworthy Computing Detecting The Attacks Certain types of DDoS attacks are easy to detect as they make use of unusual protocols or attempt to send specific non-standard packets to the targeted systems. Attacks that mimic the behaviour of legitimate users by making repeated requests to the website or by sending a large volume of e-mails can be much harder to detect. Some network based Intrusion Detection Systems (IDS) and network monitoring tools can be used to identify anomalous behaviour on the network and configured to send alerts to the appropriate personnel. In some cases attacks may be indistinguishable (at the protocol level) from legitimate traffic and it is important that detection mechanisms are able to detect these attacks by analysing the volume of connections per host and not simply relying on attack signatures. The network monitoring tools currently used within your network should be investigated to determine whether they support detecting anomalous traffic patterns. Secondary monitoring procedures should also be in place to detect attacks that are not identified by the primary detection tool. These could be bespoke scripts that check the availability of the web site periodically, or a service provided by the ISP or other partner.
[Type text]
Page 9
Conclusion
Vulnerabilities in web applications can allow attackers to exhaust available resources and thereby deny access to legitimate users. Companies that rely on web applications to provide critical business functions are therefore at risk from attackers wishing to disrupt these functions by exploiting application level vulnerabilities. Application based DoS attacks require considerably less resource in terms of processing power and bandwidth on the part of the attacker, and therefore present a higher risk to business as the number of possible threat-agents is much greater. The possibility of a denial of service attack should be considered when designing, implementing and providing applications, and appropriate strategies and mitigation techniques put in place within the application.
[Type text]
Page 10
Personal Thought
Denial of Service (DoS) attack can be very useful and also can be very harmful. For example, for hacker, DoS have a lot of advantages for them because DoS can be very powerful tools to use to hack someone they dont like for some revenge. For example, if someone attacked a company using DoS attack, that might cost them to lose their business or maybe make their customer unhappy, which is a threat for the company. Company being attacked using DoS might face loss of revenue or prestige. If hacker use permanent Denial of Service attack (PDoS), it might harm their hardware also. That might cost them to lost a lot of money and slow down their business process. Another point of view, from the victims point of view, DoS can be very dangerous. Some of them dont know how to prevent DoS attack, probably, they dont even know what is DoS attack and they will not know who attacked them. The majority of denial of service attacks can be prevented through simply upgrading to the latest hardware and software. Generally, its a good idea to not make many enemies and keep a sharp watch on your network at all times. And in the event that you do track an attacker down, keep two things in mind. First, it may be a spoofed IP address, and thus, a false lead. Second, never attack back. Simply contact the authorities and wait for the justice system to do its work.
[Type text]
Page 11
References
http://en.wikipedia.org/wiki/Smurf_attack
http://www.youtube.com/watch?v=yoJIuz6wuXc
http://www.youtube.com/watch?v=6tAQWP3TQZk
http://www.iss.net/security_center/advice/Intrusions/2000012/default.htm
http://www.google.com.my/#hl=en&q=phlashing+attack&aq=f&aqi=&aql=&oq=&gs_rfai= &fp=b3c510282787d86b
http://www.securityhaven.com/tools.html
http://staff.washington.edu/dittrich/misc/ddos/
http://www.corsaire.com/en/
[Type text]
Page 12