Skip to main content

Dos&DDos Attacks - Zombie - Botnets

Hi all, today i am going to write about Dos & DDos Attacks. Cyber security is based on three components. These are Confidentiality, Integrity and Accessibility(CIA). This type of attack is in the class of accessibility component. The level of danger of Dos&DDos attacks is lower than the other attack types because there is no possibility of an attacker to infiltrate the system in this attack type.  
There are some things that need to be known before they go to Dos & DDos attacks.

  • If the incoming DDos attack is bigger than the bandwidth you have, there is nothing you can do. If you want to protect yourself in this case, you need to get support from your ISP.
  • The majority of Dos & DDos attacks are not bandwidth attacks.
  • You can not always out of service the victim. Sometimes you just slow it down.

Dos Attacks(Denial of Service)
Dos attacks are the type of attack to make systems unserviceable. Attackers perform Dos attacks using one or more computers. It is possible to perform Dos attacks on internet, local network and wireless networks. Blocking is easy because of the few attack resources, and blocking of attacking IP addresses often succeeds in stopping the attack. 
If IP Spoofing is enabled during the attack, the attack will appear to come from spoofed IP addresses. Depending on the number of spoofed IP addresses, it will not be possible to block the attack by blocking the source IP addresses.

DDOS Attacks(Distributed Denial of Service)
DDos attacks are similar to Dos attacks. But this time the attacker is attacking through hundreds or thousands of zombie computers. Zombie computers are computers that are under the control of an attacker, but who are unaware of it. In this type of attack, attackers successfully hide themselves because of using zombie computers. 

DDos Attacks
Components of DDos : 

Malware Harmful software that will turn victims into zombies.
Zombi / Botnet : Computers that will attack the target
Commend & Control Center : Where everything is managed

Why do attackers use Botnet Networks ? Is it the sole purpose of making the target out of service?
Actually not. Attackers do not always aim to make the target unserviceable. For example, if you click on ads on your webpage with zombie computer on your botnet network, you can earn a high amount of revenue. Moreover, all this operation will be completely realistic because it is only clicked once on different computers located in different parts of the world.
As a second example, we can give Online Surveys. If the option you voted on is behind the survey results, you can let the zombie computers on your Botnet Network vote for the option you want. It should not be forgotten that this applies only to surveys for which Captcha Security measures have not been taken.
Where do the attackers manage Botnet Networks ? Where are the Command & Control Centers located?
Botnet Networks were managed through IRC chat rooms until 2005. However,  IRC chat rooms are not used for Botnet C&C since access to IRC chat rooms is blocked by many companies. Today, Botnet C&C are located on HTTP, HTTPS and P2P. 
The most popular Botnet C&C is Twitter. Zombie computers that constantly check the tweets of a twitter account that attackers have already set up will recognize it when a new twit is shared and start attacking the Web Site or IP address in the twit.
Twitter Command & Control
TCP Flood Attacks
A TCP flood attack is a DDoS attack that tries to fill the processing capacity of packets of the target system by sending a large number of TCP packets to the target system. IP Spoofing can be used in this type of attack.
Most Common TCP Flood Types : SYN Flood, ACK Flood, FIN Flood.
Reminder: TCP connections first make The 3-Way Handshake. TCP sessions always start with the TCP SYN packet. 
3-Way Handshake
The most effective TCP flood attacks are SYN Food Attacks. Because operating systems are starting to allocate system resources with the first incoming SYN package before the 3-Way Handshake is complete. If no change is made, the system resource release time is 120 seconds. Let's do a little calculation to see the power of SYN Flood attacks. The size of one SYN package is 65 bytes. With 25 Mbps bandwidth, it is possible to produce an average of 50,000 packets per second. It is possible to generate an average total of 6 million packages within 120 seconds until the system resource allocated by the first package you send is released ! 
We can perform TCP flood attacks in Linux with Hping3 tool. In the next article, I will make tutorial how to make SYN Flood, ACK Flood, FIN Flood and IP Spoofing with Hping3 tool.
Labels:

Comments

Post a Comment

Popular posts from this blog

TCP Flood & IP Spoofing Tutorial - Hping3 (With Effective Tricks)

hping is a command-line oriented TCP/IP packet assembler/analyzer. Using hping3 you are able to perform at least the following stuff: Test firewall rules Testing Network performance using different protocols, packet size, TOS (type of service) and fragmentation Remote OS fingerprinting. TCP/IP stack auditing Today, we will use hping3 for testing network performance. In other words we will use it to do DDOS Attack Tests. We can start “Help Document” by typing “hping3 --help” on the command line. Hping3 Important Parameters :  The flood parameter : Activates the fastest packet sending mode The destport(p) parameter : Specifies the destination port The spoof(a) parameter : Specifies which IP Adress is to be spoofed The rand-source parameter : Activates the random source address mode Although the above parameters are important, it should be selected which flag is set to determine the main attack type.  Main Attack Types :  The syn(S) param...
Post a Comment
Read more

Increase computer performance by hidden REGISTRY HACK

Having a computer whatever it’s desktop or laptop we play games of do something crazy. We wants to make our computer faster and improve its performance. There’s a lot of video on youtube but this video is quite different. If you are looking for a cool way to improve computer performance this is the perfect video for you. In this video you are going to learn a cool registry hack. Don’t worry it’s legal. Let’s do it. First go to “RUN” and then type “regedit” Then follow my steps. Before doing this I’m recommending   you to clean up your registry errors. I personally use Ccleaner to do this. After all just restart your computer and watch the different. It will optimize your computer speed and you will get a cool gaming experience. I promise you this video will change your experience. You don’t need any extra software like Advanced System Care to Tune Up utilities. This is a hidden Microsoft secret that most of hackers use. Go crazy and enjoy it. Thanks for watching a...
Post a Comment
Read more

Add Perfect Meta tag in Blogger

Hey bloggers, you may know that how important is <meta> tag in SEO. Here is the way you can ad the perfect meta tag in you Blogger or Blogspot blogs.  Read here Step by Step to add Different Meta tags description For Each Post in your blogspot blog. Step 1 Install title tags optimized <b:include data='blog' name='all-head-content'/> <b:if cond='data:blog.pageType == &quot;index&quot;'> <title><data:blog.pageName/> | <data:blog.title/></title> <b:else/> <title><data:blog.pageTitle/></title> </b:if> <b:skin> Step 2 Add Meta tag Description and Meta Keywords <b:if cond='data:blog.url == data:blog.homepageUrl'> <meta content=' Your home page description ' name='description'/> <meta content=' your keywords, keywords1, keyword2 ' name='keywords'/> </b:if> <b:if cond='data:blog.pageType ==...
Post a Comment
Read more