Denial-of-service (DoS) is an attack on a computer or network that prevents legitimate use of its resources. In a DoS attack, attackers flood a victim’s system with illegitimate service requests or traffic to overload its resources and prevent it from performing intended tasks.
The objective of this lab is to help students learn to perform DoS attacks and to test network for DoS flaws.
In this lab, you will:
In computing, a denial-of-service attack (DoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.
One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. Denial-of-service attacks can essentially disable your computer or your network. DoS attacks can be lucrative for criminals; recent attacks have shown that DoS attacks a way for cybercriminals to profit.
As an expert ethical hacker or security administrator of an organization, you should have sound knowledge of how denial-of-service and distributed denial-of-service attacks are carried out, to detect and neutralize attack handlers, and to mitigate such attacks.
An SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
An SYN flood attack works by not responding to the server with the expected ACK code. The malicious client can either simply not send the expected ACK, or by spoofing the source IP address in the SYN, cause the server to send the SYN-ACK to a falsified IP address, which will not send an ACK because it "knows" that it never sent an SYN. The server will wait for the acknowledgement for some time, as simple network congestion could also be the cause of the missing ACK, but in an attack increasingly large numbers of half-open connections will bind resources on the server until no new connections can be made, resulting in a denial of service to legitimate traffic. Some systems may also malfunction badly or even crash if other operating system functions are starved of resources in this way.
As an expert ethical hacker or security administrator of an organization, you should have sound knowledge of denial-of-service and distributed denial-of-service attacks and should be able to detect and neutralize attack handlers. You should use SYN cookies as a countermeasure against the SYN flood which eliminates the resources allocated on the target host.
Lab Objectives
The objective of this lab is to help students learn to perform denial-of-service attacks and test the network for DoS flaws. In this lab, you will:
Lab Analysis
In this lab, you have learnt how to perform denial-of-service attacks, and send a huge amount of SYN packets continuously. Document all the results gathered during the lab.