DDoS Attack Mechanism - BEING HACKER

BEING HACKER

YOUR SECURITY IS OUR PRIORITY

    • Thursday, 12 October 2017

    Home DOWNLOAD ZONE HOW TO REAL WORLD HACK DDoS Attack Mechanism

    DDoS Attack Mechanism



    DDoS Attack Mechanism



     
     
     
    Liability Disclaimer

    The information provided in this ARTICLE is to be used for educational purposes only. The creator of this ARTICLE is in no way responsible for any misuse of the information provided. All of the information presented in this ARTICLE is meant to help the reader develop a hacker defence attitude so as to prevent the attacks discussed. In no way shall the information provided here be used to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” used extensively throughout this book shall be regarded as “Ethical Hack” or “Ethical hacking” respectively.

    You implement all the information provided in this book at your own risk. 
     
    CONTENTS
    •  DDoS MECHANISM
    • AGENT HANDLER MODEL
    • IRC BASED MODEL
    • TOOLS FOR DDoS ATTACK
    • COUNTERMEASURES 

     

    READ PART 1 HERE

     

    DDoS Attack Mechanism


    Now let us look at some of the DDoS attack models that are commonly in place:

    Agent Handler Model


    Agent handler model is one of the popular DDoS mechanisms where the attacker cleverly designs the attack in a hierarchical manner so as to improve its effectiveness and also make it hard to detect and trace back.


    At the first level, the attacker compromises a set of computers and installs a handler program on them. At the second level, the attacker compromises another large set of computers commonly referred to as “agents” or “zombies” which are controlled by the “handlers”.

     

    So, during the time of attack, the attacker cleverly sits at the top of the hierarchy controlling the handlers which in turn initiate the agents (zombies) to attack the target host (victim). Since the attacker safely hides in the background, this type of attack makes it really hard to trace back to the source.

    IRC Based Model

    IRC based model is similar to the above discussed “agent handler model” but the only difference is that, the attacker makes use of an “Internet Relay Chat (IRC) network” instead of handlers to connect to the agents.



     The advantage of this model is that the attacker can use legitimate IRC port to easily connect himself to agents and initiate the attack. Also, huge amount of traffic on IRC network makes it difficult for the network administrator to trace the presence of attacker on the server.

    Tools for DDoS Attacks


    The following are some of the popular tools used in performing DDoS attacks:

    1.    Trinoo

     Trinoo is a popular tool for DDoS attacks that has a record of taking down large sites like Yahoo! It is designed to cause coordinated DDoS attacks on the target from different locations. This tool basically uses the “remote buffer overrun” vulnerability of systems to get installed and later use them as zombies.

    2.    DDoSim

    DDoSim also known as Layer 7 DDoS simulator is an excellent tool to carry out DDoS attack on the target by simulating several zombies. These zombies create full TCP connection to the target using random IP addresses. It can also perform HTTP based DDoS attacks with both valid and invalid requests.

    3.    Tor’s Hammer

    This is another nice DDoS tool written in Python. It is a highly effective tool that has the capability to take down machines running Apache and IIS servers in a very short time. The advantage of this tool is that it has the ability to run through a TOR network ( anonymous network) to keep the whole attack unidentified.

    4.    Davoset

    Davoset is yet another impressive tool for performing DDoS attacks. It makes use of the

    “abuse of functionality” vulnerability on sites to use them as zombies and cause DDoS attacks on the target.

    COUNTERMEASURES

    After exploring a fair amount of information about different types DoS attacks, their mechanism and various tools used in performing them, let us now look at some of the countermeasures that one can take to stop or mitigate such attacks from happening on your systems.


    • Using an IDS (Intrusion Detection System) and IPS (Intrusion prevention System) can be of a great advantage when it comes to detection and prevention of DoS/DDoS attacks at an early stage.

    • Blacklist IP addresses that are found to be the source of a possible DoS attack.

    • Ingress Filtering: Make sure that the incoming packets are coming from a valid source.

    • Egress Filtering: Scan all the outgoing packets for malicious data before they actually leave the network.

    • Since it is possible to easily spoof the IP address of incoming DDoS packets, there is a good chance that the packets will not represent a valid source. So, configure the firewall to drop packets that do not represent a valid source address.

    • Place a firewall or packet sniffer that filters out all incoming traffic that does not have an originating IP address.

    • Increase the available bandwidth or resources to prevent the services from going down quickly during an attack.

    • Load Balancing: Use a multiple server architecture and balance the incoming load on each server. This can help improve performance as well as mitigate the effects of DDoS attacks.



    Tags
    Share This
    Author Image

    About pk

    By at
    Labels: , ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)

    Author Details

    Piyush KR is the Founder of BeingHacker. He writes about how to, tutorials especially on Android, Computer, Internet, Social Networks etc. Apart from this he is an Ethical Hacker. He loves to share his knowledge with others through blogging. You can contact him at admin@beinghacker.net