One tactic used in malicious attacks, particularly in DDoS, is IP spoofing. In normal IP communications, the header field contains the source IP address and the destination address as set by the default network socket operations. IP spoofing occurs when a malicious program creates its own packets and does not set the true source IP address in the packet’s header. It is easy to craft individual packets with full control over the IP header and send them out over the network if one has sufficient privileges within the operating system. This is referred to as raw socket access.
A natural question to ask is why does this capability exist in the TCP/IP stack? There are perfectly legitimate reasons to craft packets by hand and transmit them on the network, rather than only use functions provided by a given TCP/IP stack’s API; for example, in mobile IP environments, where a roaming host must use a “home” IP address in a foreign network, virtual private networks that set the host IP to an address local to the organization’s network, etc.
Read the rest of this entry »
Posted on: Internet, Network
We had discussed it earlier about the distributed denial of services (DDoS) impact in previous articles, lets get to know more deeper about its primary target. Creating a DoS effect is all about breaking things or making them fail. There are many ways to make something fail, and often multiple vulnerabilities will exist in a system and an attacker will try to exploit (or target) several of them until she gets the desired result: The target goes offline.
Exploiting a Vulnerability
Vulnerability attacks involve sending a few well-crafted packets that take advantage of an existing vulnerability in the target machine. The vulnerability in the above kernels causes the machine to become unstable when improperly fragmented packets are received, causing it to hang, crash, or reboot. This vulnerability can be exploited by sending two malformed UDP packets to the victim. There were several variations of this exploit fragments that indicate a small overlap, a negative offset that overlaps the second packet before the start of the header in the first packet, and so on. These were known as the bonk, boink, teardrop, and new tear exploits
Read the rest of this entry »
Posted on: Internet, Network
Distributed denial of services or DDoS attack have been serious treat to some internet sites, it was comes up since 1999. Now the question in mind is how about your site security is it vulnerable on the attack? As long your site connected in to the internet, you are the perfect target of DDoS attack. A DDoS attack can target any IP address and, if the attack is strong enough, it is likely to be successful. Large and small businesses, ISPs, government organizations that rely on networking, and even private individuals are among those who may be damaged by a DDoS attack. The more use you have for the Internet in your enterprise, the greater the damage you will suffer if a DDoS attack takes it offline for an extended period.
Read the rest of this entry »
Posted on: Internet, Security
Commonly attackers using using distributed techniques in order to spread their worm, but it’s also poses a challenge for an attacker itself. For example, imagine that a DoS attack based on pure flooding originates at a single machine with a 10-Mbps link and is directed toward a victim machine that has a 100-Mbps link. In an attempt to overwhelm the victim’s link, the attacker will flood his own network and deny service to himself. To successfully disrupt the victim’s communication, the attacker must compromise an agent machine that has more network resources than the victim. Locating and breaking into such a machine might be difficult, especially if they targeting a good and well-provisioned site.
Thus those good and well saved sites could get the impact as well, you might want to consider if the same attack is performed in a distributed manner, assumed it by hundred machines. Each machine sends 1 Mbps toward the victim, then assume all hundred machines have 10-Mbps links, none of them generates enough traffic to cause serious harm to its own local network. But the Internet delivers all attack traffic to the victim, overwhelming its link. Thus, the victim’s service is denied, while the attackers are still fully operational.
Read the rest of this entry »
Posted on: Internet, Network
With lots of resources in the internet, everyone could build their own program, either its for good purposes nor for bad ones. Thus there were out of numbers and yet only few attackers have been caught and prosecuted, but those left track when they performing Dos attack which you could learn easily and find the solution.
It is impossible to judge the profile of perpetrators from such a small sample of provable crimes. Still, from the lack of sophistication in many attacks, it is safe to assume that a very large percentage seem to be perpetrated by inexperienced hackers, so-called script kiddies. These hackers download crude attack tools from the Internet and use them unaltered. While such attacks can still severely cripple the victim, sufficient traces sometimes exist for investigators to be able to understand much about the attacker. Such crude attacks also frequently generate an easily recognizable traffic pattern that can be controlled by simple filters.
Read the rest of this entry »
Posted on: Network, Security