Denial of Service (DoS) attacks may become a major threat to current computer networks. Even a teenager can lunch the DoS attack by using readymade DoS tools. DoS attack is an attack to slow down the legitimate user's computer by overloading its resources. The goal of DoS attack is to prevent the legitimate users to access the services, not to gain an unauthorized access or resources. Attackers prevent the legitimate users to access the services by doing flooding of the network, disrupt connections between two machines, and disrupt service to a specific user or system. In simple words, Denial of Service attack on a network is designed to take down the network by sending a large number of random packets.
Lunching DoS attack
I use the Panther2 tool to lunch a DoS attack. Panther2 is UDP-based attack design for 28.8 or 56 kbps connection. It would do great if attacker used it from fast connection. Panther2 is a nuker that pings multiple ports at once and floods the firewalls with 1000's attacks in very small time and causes firewall shutdown if used from computers with fast connections. Open the panther2 application to do DOS attack.
Type the victim's ip in the Host box that is "192.168.1.1" and choose the "ping -v icmp 127.0.0.1 1024" from the Data drop down menu and click Begin button to lunch the Denial of Service attack.
The effect of victim's machine
Pings the multiple ports at once in very small time increase the CPU consumption and cause the computer resources unavailable. The victim's firewall has to analysis the various ports and detects the every packet that is sent from the Panther2. In my attack, the machine of the victim just slow down a little bit. He complains that browsing the Network Places is take longer than normal and when he try to copy the file from one computer in the network, the process also takes longer than normal. But surfing the internet is still fine.
Protection from DoS or DDoS attacks
Denial of Service (DoS) attacks may become a major threat to current computer networks. Yahoo, E*Trade, Amazon.com and eBay were attacked by DDoS in the week of February 7, 2000. It can cause the loss of a lot of money if the attacker attacks like those sites. Defending and protecting your machine from DoS or DDoS attack is critical. There is no method to 100% secure from DoS or DDoS attack. There are various methods to prevent the machine from DoS or DDoS attack. Among these, there are main important 6 methods. They are ...
- Disabling unused services and ports
- Applying Security Patches and Updating the Software
- Using Firewall and Intrusion Detection System (IDS) software
- Protection against DDoS Attacks Based on Traffic Level Measurements
- Filtering Dangerous Packets
- Tuning System Parameters
Disabling unused services and ports
Disabling the UDP echo or character generator services will help to defend against DoS or DDoS attacks if they are not required. The unused network services and ports should be disabled to prevent the DoS or DDoS attacks.
Applying Security Patches and Updating the Software
The machine should be applied the latest security patches and update the system software. Applying security patches and updating the software can reduce the current system bugs and use the latest security techniques available to minimize the effect of DDoS attacks. It cannot protect when the attacker uses the packets that are similar to legitimate traffic or pure flood network bandwidth.
Using Firewall and Intrusion Detection System (IDS) software
A host computer and a network can guard themselves against being a victim of a DDoS attack if the system uses IDS software. IDS detect DDoS attacks either by using the database of known signatures or by recognizing anomalies in system behaviors.
Firewall can protect the unauthorized accesses from the outsiders. It blocks the unauthorized incoming traffics to the system, so the system must be safe within the safe limitation.
Protection against DDoS Attacks Based on Traffic Level Measurements
It defense against the DDoS attack by monitoring the traffic levels. A DDoS module is attached to a given server making it a virtual server and the module relies on a buffer through which all incoming traffic enters. If the traffic level becomes higher, almost all incoming packets will be dropped to make the stable of the machine. Illegitimate traffic is recognized by its higher mean of traffic level and can be effectively blocked the DDoS attacks.
Filtering Dangerous Packets
Most vulnerability attacks send specifically crafted packets to exploit vulnerability on the victim's machine. It requires inspection of packet headers and often deeper into the data portion of packets in order to recognize the malicious traffic and defense them. But most firewalls and routers cannot do the data inspection and filtering also requires the use of an inline device. Intrusion Prevention Systems (IPS) could be used to filter or alter them in transit. IPS acts like IDS, it recognizes the packets by signatures. Using IPS in high bandwidth networks can costly.
Tuning System Parameters
Tuning system parameters will help protect the network from small to moderate DoS or DDoS attacks.
Processor Utilization - some programs can show the processor loads. If a single program unusually take the high amount of CPU (>90%) this may be a vulnerable application targeted by a DoS attack.
Network I/O performance - dropped packets or network collisions can be seen by netstat command in the command prompt.
Memory Utilization - the memory usage of the programs can be viewed from Task Manager. Having large amount of free memory can be stabilized the system.
I used HxD Hexeditor version 184.108.40.206 and Hex Workshop version 6.0 to decipher the text.
HxD Hexeditor version 220.127.116.11
Open the HxD application.
The Deciphered text is "A password is a combination of characters associated with your user name that allow you to access certain computer resources. To help prevent unauthorized users from accessing those computer resources, you should keep your password confidential. As you enter your password, most computers hide the actual password characters by displaying some other characters, such as asterisks."
Open the Hex Workshop.
FileàNew to input the hex code and decipher.
The deciphered text is "A password is a combination of characters associated with your user name that allow you to access certain computer resources. To help prevent unauthorized users from accessing those computer resources, you should keep your password confidential. As you enter your password, most computers hide the actual password characters by displaying some other characters, such as asterisks."
- JelenaMirkovic, SvenDietrich, DavidDittrich, PeterReiher, Internet Denial of Service: Attack and Defense Mechanisms, Prentice Hall PTR, 2004, ISBN: 0-13-147573-8.
- Earl Carter, Cisco Secure Intrusion Detection System, Cisco Press 1st Edition, 2001, ISBN: 158705034X
- Robert J. Shimonski, Security+ Study Guide and DVD Training System, Syngress, 2002, ISBN: 1931836728.