11 - Session Hijacking

Denial-of-service (DoS) is an attack on a computer or network that prevents legitimate use of its resources. In a DoS attack, attackers flood a victim’s system with illegitimate service requests or traffic to overload its resources and prevent it from performing intended tasks.

Module Objective

The objective of this lab is to help students learn to perform DoS attacks and to test network for DoS flaws.

In this lab, you will:

  • Create and launch a denial-of-service attack to a victim
  • Remotely administer clients
  • Perform a DoS attack by sending a huge amount of SYN packets continuously
  • Perform a DoSHTTP attack

Scenario

In computing, a denial-of-service attack (DoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. Denial-of-service attacks can essentially disable your computer or your network. DoS attacks can be lucrative for criminals; recent attacks have shown that DoS attacks a way for cybercriminals to profit.

As an expert ethical hacker or security administrator of an organization, you should have sound knowledge of how denial-of-service and distributed denial-of-service attacks are carried out, to detect and neutralize attack handlers, and to mitigate such attacks.

I. SYN Flooding a Target Host Using hping3

An SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

An SYN flood attack works by not responding to the server with the expected ACK code. The malicious client can either simply not send the expected ACK, or by spoofing the source IP address in the SYN, cause the server to send the SYN-ACK to a falsified IP address, which will not send an ACK because it "knows" that it never sent an SYN. The server will wait for the acknowledgement for some time, as simple network congestion could also be the cause of the missing ACK, but in an attack increasingly large numbers of half-open connections will bind resources on the server until no new connections can be made, resulting in a denial of service to legitimate traffic. Some systems may also malfunction badly or even crash if other operating system functions are starved of resources in this way.

As an expert ethical hacker or security administrator of an organization, you should have sound knowledge of denial-of-service and distributed denial-of-service attacks and should be able to detect and neutralize attack handlers. You should use SYN cookies as a countermeasure against the SYN flood which eliminates the resources allocated on the target host.

Lab Objectives

The objective of this lab is to help students learn to perform denial-of-service attacks and test the network for DoS flaws. In this lab, you will:

  • Perform denial-of-service attacks
  • Send huge amount of SYN packets continuously

Lab Analysis

In this lab, you have learnt how to perform denial-of-service attacks, and send a huge amount of SYN packets continuously. Document all the results gathered during the lab.

Module Syllabus

  • What is a Denial of Service Attack?
  • What is Distributed Denial of Service Attacks?
    • How Distributed Denial of Service Attacks Work?
  • Symptoms of a DoS Attack
  • Cyber Criminals
    • Organized Cyber Crime: Organizational Chart
  • Internet Chat Query (ICQ)
  • Internet Relay Chat (IRC)
  • DoS Attack Techniques
    • Bandwidth Attacks
    • Service Request Floods
    • SYN Attack
    • SYN Flooding
    • ICMP Flood Attack
    • Peer-to-Peer Attacks
    • Permanent Denial-of-Service Attack
    • Application Level Flood Attacks
  • Botnet
    • Botnet Propagation Technique
    • Botnet Ecosystem
    • Botnet Trojan: Shark
    • Poison Ivy: Botnet Command Control Center
    • Botnet Trojan: PlugBot
  • WikiLeaks Operation Payback
    • DDoS Attack
    • DDoS Attack Tool: LOIC
    • Denial of Service Attack Against MasterCard, Visa, and Swiss Banks
    • Hackers Advertise Links to Download Botnet
  • DoS Attack Tools
  • Detection Techniques
    • Activity Profiling
    • Wavelet Analysis
    • Sequential Change-Point Detection
  • DoS/DDoS Countermeasure Strategies
  • DDoS Attack Countermeasures
    • DoS/DDoS Countermeasures: Protect Secondary Victims
    • DoS/DDoS Countermeasures: Detect and Neutralize Handlers
    • DoS/DDoS Countermeasures: Detect Potential Attacks
    • DoS/DDoS Countermeasures: Deflect Attacks
    • DoS/DDoS Countermeasures: Mitigate Attacks
  • Post-attack Forensics
  • Techniques to Defend against Botnets
  • DoS/DDoS Countermeasures
  • DoS/DDoS Protection at ISP Level
  • Enabling TCP Intercept on Cisco IOS Software
  • Advanced DDoS Protection: IntelliGuard DDoS Protection System (DPS)
  • DoS/DDoS Protection Tool
  • Denial of Service (DoS) Attack Penetration Testing