Tuesday, March 6, 2012

DOS -Denial of Service Attack, Distributed-DOS and Tools to make Attacks | By Neoteric

Well Today we will talk about Denial of Service Attack or DOS and Distributed Denial of Service Attack. The Technical definition is that "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. or D-DOS.

Simple Denial of Service Attack :

In easy words it is when a hacker targets a server or a computer or a router etc. it constantly sends a set of fake requests to connect to server every second, and the server when takes up the request is not able to figure out what to do with all the requests, following its protocol it picks and acknowledges to the sender that yes i am ready to take your request but the sender does not reply, instead the sender wastes the little time allotted by server to sender, and during whole of this scenario there is a genuine user on the internet who also wants to use the server but server instead is busy with the hackers/fake sender's requests.

consider this situation a sender produces 1000 fake requests/second,
the capacity of server to hold requests in ready queue is 3000 requests,
now time taken per request is 1 second,

t= 1sec,         server recieves 1000 fake requests and 12 genuine requests so total of 1012 request

t=2sec,          server rejects request1, now server works on 2nd request,  now ready queue has 1000 new  fake requests, 23 genuine requests and 1011 previous requests. So a total of 2034 requests in queue

t=3sec            server rejects request2, now server works on 3rd request, now ready queue has 1000 more new fake requests, 21 new genuine requests and 2034 previous requests. So a total of 3055 requests are pending.
.
.
.
.
.
t= few minutes  our victim server is down..... ATTACK Successful.    
  
]Distributed Denial of Service Attack :
DDOS attack is a very planned attack it is same as the DOS attack but in this case the only difference is that instead of one person attacking there are multiple attackers and one victim server. the above attack is  applicable on small websites but not on big servers, because today the severs are programmed to such a n advanced level that they ignore the attacking computer or sender using honeypots. But even this trick becomes useless when we have have 10s ans 100s and 1000s or even 100,000s of system attacking a server at the same moment, the server at this moment is a prey to the army of ants or the dos attackers .
The Tools the attackers use are:

1. Goto windows-->type cmd press enter-->write ping www.sitename.extension -t or xxx.xxx.xxx.xxx  -t the IP address of server or website,
most of you might recognize the above as the ping tool or PING OF DEATH which is used to check if a server is responding or our net is working or not, This is a tool which was created for intranet but is used as a n attacking tool on the internet.
2.Crazy Ping: is a very interesting tool, have you ever tried opening multiple ping windows? well this tool does it automatically for you. You just require a Victim IP and you just need to select the count of number of ping windows you need to open and the size or bytes of data you want to load on the server. example: open crazy ping--> set windows to 30--> type the victim ip xxx.xxx.xxx.xxx ---> click on "Send the Bas**** to Hell". now goto sleep let it work for the whole night and in the morning you victim's server is DEAD.

3.RDOS: is another tool which makes more specific attack, It blows attack on particular port, for example the SMTP port, the FTP port, the HTTP port etc. this tools requires the victim's ip and the port you wish to attack, and press enter the tool will start attacking and trust me it sends like thousands of fake request at a moment and if you open even 10 such windows and attack a single ip of a website it takes less than 4 min and you will start noticing the affect on the victim website, as soon as you try to open the website using your browser. It will not open.
PS: you must know that DOS or DDOS are criminal activities, so if anyone who tries this is doing at his/her own risk.The website is for educational purpose not for promoting criminal activity.

No comments:

Post a Comment