The goal of a Denial of Service (DoS) attack is to disrupt some
legitimate activity, such as browsing Web pages, email functionality or
the transfer of money from your bank account. It could even shutdown the
whole Web server. This denial-of-service effect is achieved by sending
messages to the target machine such that the “message” interferes with
its operation and makes it hang, crash, reboot, or do useless work.
In a majority of cases, the attacker’s aim is to deprive clients of desired server functionality.
One way to interfere with legitimate operations is to exploit vulnerabilities on the target machine or application, by sending specially crafted requests targeting the given vulnerability (usually done with tools like Metasploit). Another way is to send a vast number of messages, which consume some key resource of the target machine, such as bandwidth, CPU time, memory, etc. The target application, machine, or network spends all of its critical resources on handling the attack traffic, and cannot attend to legitimate clients.
Of course, to generate such a vast number of requests, the attacker must possess a very powerful machine — with a sufficiently fast processor — and a lot of available network bandwidth. For the attack to be successful, it has to overload the target’s resources. This means that an attacker’s machine must be able to generate more traffic than a target, or its network infrastructure, can handle.
Let’s suppose that instead of a single
Such
a page, when loaded, will send the same request 1,000 times every 2
seconds, and will consume a lot of the Web server’s bandwidth. Thus, the
target server will not be able to respond to other clients, and
eventually, legitimate clients will be denied services from the server.
Now let us assume that an attacker would like to launch a DoS attack on
However, imagine the consequences if they got 100,000 machines under their control, in order to simultaneously generate requests to
Other Useful links:
Tools for DOS, DDOS
http://packetstormsecurity.org/distributed/
source: http://www.linuxforu.com/2011/12/cyber-attacks-explained-packet-spoofing/
In a majority of cases, the attacker’s aim is to deprive clients of desired server functionality.
One way to interfere with legitimate operations is to exploit vulnerabilities on the target machine or application, by sending specially crafted requests targeting the given vulnerability (usually done with tools like Metasploit). Another way is to send a vast number of messages, which consume some key resource of the target machine, such as bandwidth, CPU time, memory, etc. The target application, machine, or network spends all of its critical resources on handling the attack traffic, and cannot attend to legitimate clients.
Of course, to generate such a vast number of requests, the attacker must possess a very powerful machine — with a sufficiently fast processor — and a lot of available network bandwidth. For the attack to be successful, it has to overload the target’s resources. This means that an attacker’s machine must be able to generate more traffic than a target, or its network infrastructure, can handle.
Attack scenario
Here is a simple scenario: an attacker sends a large number of requests to a Web server — for example, a website that hosts HD image files at a particular URL, saywww.example.com/images/HD_images.html.
Let’s also assume that this page contains about 50-60 images. Now, every
time a user reloads this page, it consumes a large portion of the Web
server’s bandwidth. Now, here, an attacker could design a separate HTML
page, with an iframe embedded in it, like what’s shown below:<html> <iframe src=http://www.example.com/images/HD_images.html width=2 height=2></iframe></html> |
iframe, the attacker copies and pastes the above code 1,000 times in the same page, and also adds a meta refresh tag as follows:<html> <head> <meta http-equiv="refresh" content="2"> </head> <iframe src=http://www.example.com/images/HD_images.html width=2 height=2></iframe> <iframe src=http://www.example.com/images/HD_images.html width=2 height=2></iframe> : : : (1000 times)</html> |
Now let us assume that an attacker would like to launch a DoS attack on
example.com by bombarding it with numerous messages. Also assume that example.com
has abundant resources and considerable bandwidth (which is most often
the case). It is then difficult for the attackers to generate a
sufficient number of messages from a single machine (as in the above
scenario) to overload those resources.However, imagine the consequences if they got 100,000 machines under their control, in order to simultaneously generate requests to
example.com. Each of
the attacking machines (compromised machines that have been infected by
malicious code) may be only moderately provisioned (have a slow
processor and be on a mere modem link), but together, they form a
formidable attack network — which, with proper use, could overwhelm even
a well-provisioned victim site. This is a distributed denial-of-service
(DDoS) attack, and the machines under the attacker’s control are termed
as zombies/agents.Other Useful links:
Tools for DOS, DDOS
http://packetstormsecurity.org/distributed/
source: http://www.linuxforu.com/2011/12/cyber-attacks-explained-packet-spoofing/
No comments:
Post a Comment