This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Ping flooding is one of the oldest but deadliest denial of service attacks used in todays society. It is mainly used to fill a network with useless network traffic, which, given enough time, can effectively take down a network for an extended period of time. In today's time it is not too common to see ping flooding for a few reasons. One if the attack is successful, the attacker's computer is locked during the attack because it has to constantly craft and send useless packets. Another reason is a growing number of network administrators are starting to not allow echo request from the network and has started using Intrusion Detection Systems (IDS) and its ability to constantly monitor any changes at the ISP level. It also needs a lot of bandwidth to be successful.
However, just because it is not common like it was earlier does not mean that these types of attacks will not happen. They still can take down large businesses for a good while. This is normally why attackers' can't flood any major network using ping unless there are multiple computers attacking a single server, though in those case it is known as a Distributed Denial of Service attack, known as DDoS. Those types of attacks will be discussed later in the report.
Fig 1: Ping Flooding at work
How Ping Flooding Works
To get a better understanding on how ping flooding works, one must understand how the ICMP works. The Internet Control Message Protocol (ICMP) is where ping is based on and it is basically a small piece of information that is sent between networks. Its function is to check the end-to-end connection in the networks. The host sends an ICMP packet, and waits for an ICMP packet from the other host. They do this and that is how connections between networks form and people will be able to send and receive data from each other. This is how computers using internet connections communicate with the servers
Fig 2: Basic diagram of Ping
Ping flooding works by flooding the server with massive amounts of junk ping, therefore overloading the server, causing it to shut down due to the high stress this generates. This can cause loss revenue due to down time. As stated earlier, it is uncommon these days due to the high amount of bandwidth the servers can take, especially ones for business. However it is still feasible today because of how information is send through the next work.
How Flooding work now
How IPv4 works in today's network is that packet send to an IP address containing all 1s in the host part of the address is destined to be processed by every host in the network. It means that one can send a request packet to a network's broadcast address and have everyone in the network reply to it. When spoofing the attacker uses a valid address of the victim, and has all hosts on the network that receive the broadcasted echo request reply to it.
Fig 2: Spoofed Packets going out.
By using this method, the computers on the network will spoof that junk packet to the victim, assuming that the attacker or attackers know the IP address of the victim.
Fig 2.5: Junk Ping attacking User
Types of Ping Flooding
There are a few types of ping flood anyone can do. The ones in the report will talk about three types: targeted local disclosed ping flood, router disclosed ping flood, blind ping flood and DDoS. DDoS attacks are more complicated to do, but are devastating to the network it attacks.
Targeted Local Disclosed Ping Flood
Targeted local disclosed ping flood attack is when the attacker knows the exact IP address they want to spoof directly on the network. This is usually done to attack a single computer. It is extremely easy to do and it can be done on a basic windows machine. All you need to do is start the command prompt and type ipconfig to get the IPv4 address. Note that this requires you to have access to the computer you wish to attack, therefore, getting permission to do so. Using a packet sniffing program is also viable so you can find a random IP address to do so. Not recommended because of legal reasons.
Fig 3: ipconfig results
Make a note of the address then on the machine you wish to attack from go to the command prompt and type in the following text: ping "ip address here" -t -l *insert number* where IP address here is where you put the IP address of the target and *insert number* is the amount of bytes you wish to send. The results should look like this:
Fig 3.1: All the pinging.
The attacked computer is using precious power to process the ping that was send from the attacking computer, slowing it down immensely. To put it bluntly, the -t specifies how long to ping the host. In this case it will keep pinging that host until the host disconnects or until you stop it. -l specifies how big the ping do you want to send. So basically it will keep running until the attacker stops or the victim disconnects. Using one computer to attack another is as basic as it gets. Usually they do not bother with attacking one computer.
Router Disclosed Ping Flood.
A router disclosed ping flood is the same thing as about, except you are attacking the router of the victim rather than the computer itself. When a router is flooded with useless IPs, the entire network that router is used is being stopped. One example, let's say that there are twenty computers that are connected to a router. That router, sooner or later, is getting attacked by someone flooding the network, the twenty computer connected to that router is cut-off from the network.
Getting the router IP address is the same way as getting the individual IP address of the computer except the default gateway is what you need.
Fig 3.2: Default Gateway Obtain
Repeat the same process as earlier and you will distrupt not only the router but the other computers on that router. The routers will take most of the damaged and will crash eventually, causing a hard reset of the routers. Now there twenty angry computer users wondering why they cannot get to the servers and the attacker is laughing to himself.
Blind Ping Flood
A blind ping flood is any kind is when the attacker does not know the IP Address of his target, so he uses technique to uncover them through external programs. There are many programs to get the IP address of the target. One such program is called Wireshark. It can basically be used to monitor traffic on a network, potentially getting IPs from anyone that is using the network and ruin their day.
Distributed Denial of Service Attack
This is by far the most deadly of all denial of service attacks, since an easy fix is hard to come by. Installing the latest hardware and software is largely ineffective against DDoS attacks and network administrators usually will need extra help to deal with these types of attacks. Distributed denial of service is ping flooding on a much larger scale, using computers whose owners are usually not be aware of the fact that they are attacking a website or network. Trojans and viruses commonly give the hacker control of a computer, and thus, the ability to use them for attack. In this case the victims' computers used in the attacks are called zombies.
Fig 3.5: DDoS Attacks
In most cases, the target goes offline almost instantly and it will continue to be bombarded by junk packets, keeping the server offline until the attackers stop. There are ways to protect oneself from DDoS attacks but they are known to be largely ineffective, many because the attacks is coming from different sources across multiple regions on the planet.
DDoS Intel Gap
The biggest problem is DDoS attacks is not just attacks themselves, rather it is the lack of intelligence within the information systems security community. Every day the media reports on DDoS attacks, outlines trends, creates infographics, and touts the latest in protection technologies. It is basically that yhere is very limited independently verifiable data available concerning the actual size and frequency of DDoS attacks. Even the most respected journalists and security experts are forced to rely on hearsay or potentially biased reports, whitepapers, and presentations.
There are many tools that attacks use to perform DDoS attack such as Low Orbit Ion Cannon (LOIC). It makes it even the inexperienced perform attacks that will stop servers dead for almost any reason. These attacks are no longer isolated incidents, attributed to the type of content hosted on a site or the actions of its owner. Instead, DDoS attacks are occurring for reasons such as extortion, political and ideological agenda, anti-competitive initiatives, and suppression of free speech, just to name a few. One of LOIC's features is known as "HIVE MIND," allowing a single LOIC user to control an entire network of LOIC daemons distributed globally.
Figure 3.6: LOIC interface window
Protection from Ping Floods
As with all attacks, one can defend themselves. For ping floods, they are simple to prevent. One way is to reconfigure the perimeter router or firewall to disallow ICMP echo requests (pings) on your internal network. This configuration will prevent flood attacks that originate from outside your network, but it will not prevent internal flood attacks. Another way is to ban the IP address from accessing the network. One last way is to enter the command "No ip verify unicast reverse-path" in the command prompt. Note that this does not work on zombie computers because they are nothing using their IP address.
DDoS attacks, however, are very tough to overcome. The first thing to do is to contact your hosting provider or internet service provider, depending on what is under attack. They will usually be able to filter out the bulk of the traffic based on where it's coming from. For even larger attacks you have to get creative in solving that. Usually DDoS attacks are handled in either buying an IDS or having an external group to repair access the damage. The worst case situation is waiting until whatever is attacking the network has decided to stop.
In short, the information in this report is to help better understand the importance of safeguarding the network and how to defend the network from ping floods, which is a denial of service attack (DoS) and DDoS from outside threats.References
"For Hackers and Crackers AlikeâÂ€Â¦Something for Every Computer Fan." Ghost Grid. N.p., n.d. Web. 18 Mar. 2013.
"Information Leak." Information Leak. N.p., n.d. Web. 18 Mar. 2013. <http://www.informationleak.net/index.php?p=tutorials>.
"Ping (flood a Site) with CMD (Command Prompt)." YouTube. YouTube, 08 June 2011. Web. 18 Mar. 2013. <http://www.youtube.com/watch?v=eY5sJvnSZX0>.
"Ping Flooding." Ping Flooding. N.p., n.d. Web. 18 Mar. 2013. <http://tomicki.net/ping.flooding.php>.
"Types of Denial of Service (DoS) Attack." DoS Attack (DDOS,Ping Flood,Smurf,Fraggle,SYN Flood,Teardrop). N.p., n.d. Web. 18 Mar. 2013.
Black Lotus. Advertisement. Â« DDoS Protection for Any Server or Network. N.p., n.d. Web. 16 Apr. 2013. <http://www.blacklotus.net/learn/about-ddos-attacks>.