In this post, we examine the DoS (Denial of Service attack), how it
works, what’s the impact of such an attack, and some tools to perform
this kind of exploitation in different vectors.
The DoS attack is one of the most destructive attacks on the web. It attempts to exhaust the resources of the victim and take down the victim’s server(s). But first, what it is a DoS attack?
A DoS attack, for Denial of
Service, commonly called a stress test, consists of flooding a target with a large quantity of requests that slows the traffic or prevents the victim from responding to legitimate requests.
You can visualize the daily DDoS attacks worldwide in real time to see the severity of this kind of attack on http://www.digitalattackmap.com/
Here’s an example of a simple DDoS Attack:
Download Scapy: https://github.com/secdev/scapy
DDOSIM is a popular DOS attacking tool. As the name suggests, it is used to perform DDOS attacks by simulating several zombie hosts. All zombie hosts create full TCP connections to the target server.
These are main features of DDOSIM
Slowloris
Slowloris is a low bandwidth HTTP that can perform DoS attacks. Slowloris holds connections open by sending partial HTTP requests. He tries to keep sockets from closing as long as possible.
The DoS attack is one of the most destructive attacks on the net and it’s really very difficult to detect. In the next articles, we will examine how to prevent it.
The DoS attack is one of the most destructive attacks on the web. It attempts to exhaust the resources of the victim and take down the victim’s server(s). But first, what it is a DoS attack?
A DoS attack, for Denial of
Service, commonly called a stress test, consists of flooding a target with a large quantity of requests that slows the traffic or prevents the victim from responding to legitimate requests.
You can visualize the daily DDoS attacks worldwide in real time to see the severity of this kind of attack on http://www.digitalattackmap.com/
Figure 1 Digital Map of DDos Attacks
It is important to understand the difference between DoS and DDoS. A
single attacker performs the DoS. Here’s an example of a simple DoS
Attack:
Figure 2 Simple DoS Attack
The DDoS attack, for Distributed Denial of Service, is a sort of DoS
attack but performed by a group of machines controlled by the hacker.
The hacker’s machine is called the Master computer, and the group of the controlled machines are called zombies or botnets.Here’s an example of a simple DDoS Attack:
Figure 3 DDoS Attack
The DoS attack can be performed in different vectors (This is not the exhaustive list):- Application Layer Attack: This attack is performed in the 7th layer, and both of DoS and DDoS can be used in this case.
Figure 4 Example of HTTP Flooding attack
- Network Layer Attack: These attacks are performed in the 3rd and 4th layer. The common case of this kind of attacks is the DDoS using exploitation like Syn flood or DNS amplification and others, with can cause several sorts of damage.
Figure 5 Network Layer Attack
The question now is what’s the tools that can be used to perform this kind of attacks.
If you want to try if a website is down or not, you can use the following website: http://www.upordown.org/home/
Figure 6 Up or Down Website Portal
Scapy
Scapy is a powerful packet manipulation tool for networks written in Python:
Scapy can do many tasks like forge, decode, send, capture packets or even scanning, tracerouting and attacking networks.
It’s one of the most popular and powerful DoS tools.
Figure 7 Scapy
Low Canon Orbit
Low Orbit Ion Cannon (LOIC) is an open source network stress testing and denial-of-service attack application. LOIC performs a DoS attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server.
Download LOIC: https://sourceforge.net/projects/loic/
Figure 8 Low Canon Orbit
Hing3
Hping3 is a free packet
generator and analyzer for the TCP/IP protocol. Hping3 is useful to
security experts and can perform multiple manipulations like idle scan, test firewalling rules, test IDSes also DoS attacks.
Figure 9 Hing3
DDOSIMDDOSIM is a popular DOS attacking tool. As the name suggests, it is used to perform DDOS attacks by simulating several zombie hosts. All zombie hosts create full TCP connections to the target server.
These are main features of DDOSIM
- Simulates several zombies in attack
- Random IP addresses
- TCP-connection-based attacks
- Application-layer DDOS attacks
- HTTP DDoS with valid requests
- HTTP DDoS with invalid requests (similar to a DC++ attack)
- SMTP DDoS
Slowloris
Slowloris is a low bandwidth HTTP that can perform DoS attacks. Slowloris holds connections open by sending partial HTTP requests. He tries to keep sockets from closing as long as possible.
Figure 10 Slowloris
Download Slowloris: https://github.com/llaera/slowloris.plConclusion
There are many cases that proof how DDOS attacks are powerful:- Attack against NASDAQ
- Attack against Turkey
- Russia VS Estonia
The DoS attack is one of the most destructive attacks on the net and it’s really very difficult to detect. In the next articles, we will examine how to prevent it.
0 comments:
Post a Comment