denial of service denial of service
play

Denial of Service Denial of Service An attack designed to disrupt - PDF document

1 Denial of Service Denial of Service An attack designed to disrupt or completely deny legitimate users access to network, servers, services, or other resources Two basic favors: Target resource starvation Network


  1. 1 Denial of Service

  2. Denial of Service • An attack designed to disrupt or completely deny legitimate user’s access to network, servers, services, or other resources • Two basic favors: – Target resource starvation – Network bandwidth consumption 2

  3. 3 Resource Starvation

  4. Land Attack 1 • Targeting MS Windows NT 4.0 boxes pre-SP4 • Port 135 • It appears as if one RPC server sent bad data to another RPC server – A loop of REJECT packet 4

  5. Land Attack 2 - Snork • Against MS Windows NT 4.0 boxes • Allows an attacker with minimal resources to cause a remote NT system to consume 100% CPU usage 5 • http://www.securityfocus.com/bid/2234

  6. 6 WinNuke Attack

  7. WinNuke Attack – Con’t • CVE-1999-0153 • This attack attempts to connect to one of three NetBIOS ports (137-139), and send an out of band (OOB) nuke. • The exploit consists of setting the PSH-URG flag but not following it with data – When Windows NT is successfully attacked, it crashes 7

  8. One Dangerous Packet • IP version 0 and an IP header length of 0 • Kill certain processes that listen promiscuously on a network 8

  9. Telnet DoS Attack • A DoS attack against old SunOS and Solaris systems • Flooding the victim’s daemon with ctrl-D characters (0x04) • Target cannot cleanly close the connection with a FIN packet, and resorts to sending RST packets • When the attack stops, the target machine slowly returns to normal 9

  10. 10 Telnet DoS Attack – Con’t

  11. 11 Telnet DoS Attack – Con’t

  12. 12 Bandwidth Consumption

  13. 13 Smurf Attack

  14. 14 Smurf Attack – Con’t

  15. Smurf Attack • Two main components – Forged ICMP echo request packets – The direction of packets to IP broadcast address • Amplification attack – One packet generates many responses • Three parties: – The attacker – The intermediary – The victim 15

  16. 16 Looping Attacks – Echo-Chargen Loop

  17. Echo-Chargen Loop • When UDP port 7 (echo port) receives a packet, it checks the payload and then echoes the payload back to the source • When UDP port 19 (character generator port) receives a packet, it replies with a somewhat random string of characters • CVE-1999-0103 17

  18. 18 Spoofed DNS Queries – DoomDNS Attack

  19. DoomDNS Attack • DoomDNS sends odd queries to BIND servers that can elicit many responses from the server • It is possible to flood someone by sending a spoofed UDP QUERY to the DNS – A DNS query of just a few bytes (20-30) can achieve responses of around 400-500 bytes 19

Recommend


More recommend