1. Topic: Denial of service(DOS),
Distributed Denial of service(DDOS)
ASSIGNMENT
2. What is denial of service
What is Distributed denial of service
Types of DDos
Symptoms of a Dos attack
Botnets
DDOS attack tools
DDOS using Hulk
DOS/DDOS Countermeasures
3. Lets start
what is Denial of service(Dos):
Dos is an attack on a computer or network that prevents legitimate
use its resources
In a computing, a denial of service attack is an attempt to a make a
machine or computer resources unavailable to its intended users
It generally consists of the efforts of one or more people to
temporarily or indefinitely interrupt or suspend services of a host
connected to the internet
DENIAL OF SERVICE(DOS)
4. A Distributed denial – of –service attack involves a multitude of
compromised systems attacking a single target, there by causing
denial of service for users of the targeted systems
To launch a DDos attacker, an attacker uses botnets and attacks a
single system
DISTRIBUTED DENIAL OF
SERVICE(DOS)
5. HOW DISTRIBUTED DENIAL OF SERVICE
ATTACKS WORK
In a DDos attack , the target browser or network is pounded by many
applications with fake exterior requests that make the system, network
browser, or site slow,useless,and disabled or unavailable.
The attacker initiates the attack by sending a command to zombie
agents send a connection request to a genuine computer system
7. TYPES OF DDOS ATTACKS
DDOs attackers can be categorized into three types
Bandwidth attacks
Syn flood attacks
Program and application attacks
8. TYPES OF DDOS ATTACKS
Bandwidth attacks:
A bandwidth attack floods a network with a large volume of
malicious packets in order to overwhelm the network bandwidth.
The aim of a bandwidth attack is to consume network bandwidth of a
targeted network to such an extent that is starts dropping packets.
Typically a large no.of machines is required to generate the volume of
traffic required to flood a network.as the attack is carried out by
multiple machines that are combined together to generate overloaded
traffic
9. TYPES OF DDOS ATTACKS
ICMP FLOOD :
Using botnets and carry out DDos attacks by flooding with ICMP
ECHO packets
Internet Control Message Protocol (ICMP) is a connectionless
protocol used for IP operations, diagnostics, and errors. An ICMP
Flood - the sending of an abnormally large number of ICMP packets
of any type (especially network latency testing “ping” packets) - can
overwhelm a target server that attempts to process every incoming
ICMP request
11. Syn flood attacks:
A SYN attack is a simple form of Dos attack. in this attack an attacker
sends a series of syn requests to a target machine(victim).
When a cilent wants to begin a Tcp connection to the server, the
client and the server exchange a series of a messages as follows
The attacker sends a fake TCP SYN requests to that target
server(victim)
The target machine sends back a SYN ACK in a respones to the
request and waits for the ACK to complete the sessions setup
The target machine never gets the respones because the sources’s
address is fake
TYPES OF DDOS ATTACKS
13. TYPES OF DDOS ATTACKS
Program and application attacks:
Program and application attacks are carried out by causing a critical
error on a machine to halt the machine’s capability of operating.
These types of attack(listed here) can occur when an attacker exploits
a vulnerable program, sends a large amount of data or sends weird
malformed packets
14. TYPES OF DDOS ATTACKS
PING OF DEATH:
Ping of death is a denial of service (DoS) attack caused by an attacker
deliberately sending an IP packet larger than the 65,536 bytes allowed
by the IP protocol.
cmd : ping Target site -t -l 65500
15. SYMPTOMS OF A DOS ATTACK
Based on the target machine the symptoms of a Dos attack may vary
There are four types of dos attacks
Unavailability of a particular wedsite
Inability to access any wedsite
Dramatic increase in the amount of spam emails received
Unusually slow network performance
16. BOTNET
Botnet:
The term botnet is derived from the word robot network which is also called
zombie army. A botnet is a huge network of compromised systems.it can
compromised huge numbers of machines without the intervention of a
machine owners. Botnets consists of a set of compromised systems that are
monitored for a specific command infrastructure
17. BOTNET
Purpose of Botnets:
Allows the intruder to operate remotely
Scans environment automatically, and spreads through vulnerable
areas gaining access via weak passwords and other means
Allows compromised a host’s machine through a variety of tools
Creates Dos attacks
Enables spam attacks that cause Smtp mail relays
Enables click fraud and other illegal activities
18. DDOS ATTACK TOOLS
Nemesy
Http unberable load king
Lizard Stresser
High Orbit Ion Cannon
Low Orbit Ion Cannon
Land and LA Tierra
Blast
Panther
Botnets
24. Now the Directory changes to hulk & enter : hullk.py
DDOS ATTACK USINGHULK((HTTP
UNBEARABLE LOAD KING)
25. Now enter hulk.py target url:http://www.srisai.co.in
DDOS ATTACK USINGHULK((HTTP
UNBEARABLE LOAD KING)
26. When the Attack started check the website
which you have Targeted:
DDOS ATTACK USINGHULK((HTTP
UNBEARABLE LOAD KING)
27. Intrusion Detection Systems (IDS) and an Intrusion Protection
Systems (IPS).
Strong anti-virus and anti-spyware software on all systems with
Internet connectivity
File and folder hashes on system files and folders to identify if they
have been compromised
Reverse DNS lookup to verify the source address
Once a DoS attack begins, you can minimize its effects by
implementing filters to block unwanted traffic. You can also contact
your ISP to implement filtering closer to the source and reduce the
bandwidth used by the attack.
Hardening practices on all machines, especially publicly exposed
servers and directory and resource servers
DOS/DDOS COUNTERMEASURES
28. DOS/DDOS COUNTERMEASURES
The strength of an organization’s network security can be increased by
putting the proper countermeasures in the right places
To detect or prevent a potenital DDos attack that is being launched,
ingress filtering,engress filtering and TCP intercept can be used
Disable unused and insecure services
Update kernel to the latest release
The DDos attack can be stopped by detecting and neutralizing the
handlers which are intermediaries to initiate attacks.
29. DOS/DDOS COUNTERMEASURES
Using Mitigate attacks or stopped(using load balancing,throttling)
Analyze router, firewall and IDS logs to identify the source of the
Dos traffic
DDos attack traffic patterns can help the network administrators to
develop new filtering techniques for preventing it from entering or
leaving their networks
Using deflect attacks (honey pots)