- [ Certified Ethical Hacker v10 ] :: [ TOC ]
- [ Certified Ethical Hacker v10 ] :: [ Syllabus ]
- [ Certified Ethical Hacker v10 ] :: [ Chapters 1 & 2 ] :: Footprinting and Reconnaissance
- [ Certified Ethical Hacker v10 ] :: [ Chapter 3 ] :: Scanning
- [ Certified Ethical Hacker v10 ] :: [ Chapter 3 cont’d ] :: Enumeration
- [ Certified Ethical Hacker v10 ] :: [ Chapter 3 cont’d ] :: Vulnerability Analysis
- [ Certified Ethical Hacker v10 ] :: [ Chapter 4 ] :: Sniffing, Evasion and Packet Analysis
- [ Certified Ethical Hacker v10 ] :: [ Chapter 5 ] :: System Hacking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 5 cont’d] :: Hash Cracking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 ] :: Web Servers and Applications
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: SQL Injection
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: sqlmap
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: Burp Suite
- [ Certified Ethical Hacker v10 ] :: [ Chapter 7 ] :: WiFi Hacking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 8 ] :: Hacking Mobile Devices
- [ Certified Ethical Hacker v10 ] :: [ Chapter 8 cont’d ] :: Hacking the Internet of Things
- [ Certified Ethical Hacker v10 ] :: [ Chapter 9 ] :: Hacking in the Cloud
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 ] :: Trojans, Backdoors, Viruses and Worms
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Denial of Service
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Buffer Overflow
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Session Hijacking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 11 ] :: Cryptography
- [ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Social Engineering
- [ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Physical Security
- [ Certified Ethical Hacker v10 ] :: [ Chapter 13 ] :: Pen Testing Methodology
- [ CEH Training ] :: [ Day 7 ]
- Using the GNU Debugger: John Hammond
- [ Review ] :: EC-Council’s iLabs Platform
- [ Certified Ethical Hacker v10 ] :: Using ngrok to Set a Trap From Inside NAT
- [ Certified Ethical Hacker v10 ] :: [ Practical ] :: Become a CEH Master
Chapter 10 Continued: Denial of Service
What It Looks Like
Digital Attack Map:
https://digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=18400&view=map
The VLS DDoS Attack, visualized with ApachePong / Logstalgia:
https://www.youtube.com/watch?v=hNjdBSoIa8k
https://logstalgia.io
Low Orbit Ion Cannon: a classic DDoS tool:
https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon
DoS Attack Types
- Fragmentation
- Volumetric
- Application
- TCP state-exhaustion
Example DoS Attacks
- SYN attack
- SYN flood
- ICMP flood
- Smurfing
- Ping of Death
- Teardrop
- LAND attack
- Peer to Peer
- Permanent
DDoS Tools
- Trinity
- Tribe Flood Network
- RUDY
- Slowloris
Types of Attacks
Service request flood
Simply make millions of page requests, for instance. See the effects:
https://www.youtube.com/watch?v=hNjdBSoIa8k
SYN attack/flood:
hping3 -i u1 -S -p 80 <target ip>
S = SYN flag, -p 80 = port 80, -i u1 = interval, 1 microsecond
ICMP floods
These include Smurfing, ICMP flooding and ping flooding.
A simple ICMP flood:
hping3 -1 --flood -a <target ip> <broadcast ip>
Ping of Death (note that this no longer works)
From a Windows machine:
ping -l 65500 <target ip> -w 1 -n 1
Teardrop attack
This involves fragmenting a packet but mis-matching the numbers where the segments should meet (the fragment offset).
Amplification attacks, which include:
Smurf attack
hping3 --icmp --spoof <target ip> <broadcast ip>
Fraggle attack
hping3 --udp --spoof <target ip> <broadcast ip>
LAND attack (Local Area Network Denial)
(no modern network is susceptible to this attack)
hping3 -V -c 1000000 -d 120 -S -w 64 -p 445 -s 445 --flood --rand-source <target ip>
https://en.wikipedia.org/wiki/LAND
Permanent DoS attacks
Phlashing is flashing malicious code to BIOS or any other firmware location. For most people, this is irrecoverable.
Application-level attacks
Flooding the network
Disrupting services, for instance the login service by making lots of failed attempts so that users get locked out
Jamming the network, usually by crafting SQL that locks or corrupts a database