Friday, September 20, 2019

Denial of Service (DoS) attacks

Denial of Service (DoS) attacks Denial of Service (DoS) attacks may become a major threat to current computer networks. Even a teenager can lunch the DoS attack by using readymade DoS tools. DoS attack is an attack to slow down the legitimate users computer by overloading its resources. The goal of DoS attack is to prevent the legitimate users to access the services, not to gain an unauthorized access or resources. Attackers prevent the legitimate users to access the services by doing flooding of the network, disrupt connections between two machines, and disrupt service to a specific user or system. In simple words, Denial of Service attack on a network is designed to take down the network by sending a large number of random packets. Lunching DoS attack I use the Panther2 tool to lunch a DoS attack. Panther2 is UDP-based attack design for 28.8 or 56 kbps connection. It would do great if attacker used it from fast connection. Panther2 is a nuker that pings multiple ports at once and floods the firewalls with 1000s attacks in very small time and causes firewall shutdown if used from computers with fast connections. Open the panther2 application to do DOS attack. Panther2 application Type the victims ip in the Host box that is 192.168.1.1 and choose the ping -v icmp 127.0.0.1 1024 from the Data drop down menu and click Begin button to lunch the Denial of Service attack. The effect of victims machine Pings the multiple ports at once in very small time increase the CPU consumption and cause the computer resources unavailable. The victims firewall has to analysis the various ports and detects the every packet that is sent from the Panther2. In my attack, the machine of the victim just slow down a little bit. He complains that browsing the Network Places is take longer than normal and when he try to copy the file from one computer in the network, the process also takes longer than normal. But surfing the internet is still fine. Protection from DoS or DDoS attacks Denial of Service (DoS) attacks may become a major threat to current computer networks. Yahoo, E*Trade, Amazon.com and eBay were attacked by DDoS in the week of February 7, 2000. It can cause the loss of a lot of money if the attacker attacks like those sites. Defending and protecting your machine from DoS or DDoS attack is critical. There is no method to 100% secure from DoS or DDoS attack. There are various methods to prevent the machine from DoS or DDoS attack. Among these, there are main important 6 methods. They are Disabling unused services and ports Applying Security Patches and Updating the Software Using Firewall and Intrusion Detection System (IDS) software Protection against DDoS Attacks Based on Traffic Level Measurements Filtering Dangerous Packets Tuning System Parameters Disabling unused services and ports Disabling the UDP echo or character generator services will help to defend against DoS or DDoS attacks if they are not required. The unused network services and ports should be disabled to prevent the DoS or DDoS attacks. Applying Security Patches and Updating the Software The machine should be applied the latest security patches and update the system software. Applying security patches and updating the software can reduce the current system bugs and use the latest security techniques available to minimize the effect of DDoS attacks. It cannot protect when the attacker uses the packets that are similar to legitimate traffic or pure flood network bandwidth. Using Firewall and Intrusion Detection System (IDS) software A host computer and a network can guard themselves against being a victim of a DDoS attack if the system uses IDS software. IDS detect DDoS attacks either by using the database of known signatures or by recognizing anomalies in system behaviors. Firewall can protect the unauthorized accesses from the outsiders. It blocks the unauthorized incoming traffics to the system, so the system must be safe within the safe limitation. Protection against DDoS Attacks Based on Traffic Level Measurements It defense against the DDoS attack by monitoring the traffic levels. A DDoS module is attached to a given server making it a virtual server and the module relies on a buffer through which all incoming traffic enters. If the traffic level becomes higher, almost all incoming packets will be dropped to make the stable of the machine. Illegitimate traffic is recognized by its higher mean of traffic level and can be effectively blocked the DDoS attacks. Filtering Dangerous Packets Most vulnerability attacks send specifically crafted packets to exploit vulnerability on the victims machine. It requires inspection of packet headers and often deeper into the data portion of packets in order to recognize the malicious traffic and defense them. But most firewalls and routers cannot do the data inspection and filtering also requires the use of an inline device. Intrusion Prevention Systems (IPS) could be used to filter or alter them in transit. IPS acts like IDS, it recognizes the packets by signatures. Using IPS in high bandwidth networks can costly. Tuning System Parameters Tuning system parameters will help protect the network from small to moderate DoS or DDoS attacks. Processor Utilization some programs can show the processor loads. If a single program unusually take the high amount of CPU (>90%) this may be a vulnerable application targeted by a DoS attack. Network I/O performance dropped packets or network collisions can be seen by netstat command in the command prompt. Memory Utilization the memory usage of the programs can be viewed from Task Manager. Having large amount of free memory can be stabilized the system. I used HxD Hexeditor version 1.6.1.0 and Hex Workshop version 6.0 to decipher the text. HxD Hexeditor version 1.6.1.0 Open the HxD application. The Deciphered text is A password is a combination of characters associated with your user name that allow you to access certain computer resources. To help prevent unauthorized users from accessing those computer resources, you should keep your password confidential. As you enter your password, most computers hide the actual password characters by displaying some other characters, such as asterisks. Hex Workshop Open the Hex Workshop. Fileƃƒ  New to input the hex code and decipher. The deciphered text is A password is a combination of characters associated with your user name that allow you to access certain computer resources. To help prevent unauthorized users from accessing those computer resources, you should keep your password confidential. As you enter your password, most computers hide the actual password characters by displaying some other characters, such as asterisks. References JelenaMirkovic, SvenDietrich, DavidDittrich, PeterReiher, Internet Denial of Service: Attack and Defense Mechanisms, Prentice Hall PTR, 2004, ISBN: 0-13-147573-8. http://www.cert.org/tech_tips/denial_of_service.html Earl Carter, Cisco Secure Intrusion Detection System, Cisco Press 1st Edition, 2001, ISBN: 158705034X Robert J. Shimonski, Security+ Study Guide and DVD Training System, Syngress, 2002, ISBN: 1931836728.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.