Denial of Service Denial of Service An attack designed to disrupt - - PDF document

▶

Apr 04, 2024 220 likes •432 views

1 Denial of Service Denial of Service An attack designed to disrupt or completely deny legitimate users access to network, servers, services, or other resources Two basic favors: Target resource starvation Network

SLIDE 1

Denial of Service

SLIDE 2

Denial of Service

An attack designed to disrupt or completely

deny legitimate user’s access to network, servers, services, or other resources

Two basic favors:

– Target resource starvation – Network bandwidth consumption

SLIDE 3

Resource Starvation

SLIDE 4

Land Attack 1

Targeting MS Windows NT 4.0 boxes pre-SP4
Port 135
It appears as if one RPC server sent bad data to another RPC

server

– A loop of REJECT packet

SLIDE 5

Land Attack 2 - Snork

Against MS Windows NT 4.0 boxes
Allows an attacker with minimal resources to cause a remote

NT system to consume 100% CPU usage

http://www.securityfocus.com/bid/2234

SLIDE 6

WinNuke Attack

SLIDE 7

WinNuke Attack – Con’t

CVE-1999-0153
This attack attempts to connect to one of three

NetBIOS ports (137-139), and send an out of band (OOB) nuke.

The exploit consists of setting the PSH-URG flag

but not following it with data

– When Windows NT is successfully attacked, it crashes

SLIDE 8

One Dangerous Packet

IP version 0 and an IP header length of 0
Kill certain processes that listen promiscuously on a

network

SLIDE 9

Telnet DoS Attack

A DoS attack against old SunOS and Solaris systems
Flooding the victim’s daemon with ctrl-D characters (0x04)
Target cannot cleanly close the connection with a FIN packet, and resorts to

sending RST packets

When the attack stops, the target machine slowly returns to normal

SLIDE 10

Telnet DoS Attack – Con’t

SLIDE 11

Telnet DoS Attack – Con’t

SLIDE 12

Bandwidth Consumption

SLIDE 13

Smurf Attack

SLIDE 14

Smurf Attack – Con’t

SLIDE 15

Smurf Attack

Two main components

– Forged ICMP echo request packets – The direction of packets to IP broadcast address

Amplification attack

– One packet generates many responses

Three parties:

– The attacker – The intermediary – The victim

SLIDE 16

Looping Attacks – Echo-Chargen Loop

SLIDE 17

Echo-Chargen Loop

When UDP port 7 (echo port) receives a

packet, it checks the payload and then echoes the payload back to the source

When UDP port 19 (character generator port)

receives a packet, it replies with a somewhat random string of characters

CVE-1999-0103

SLIDE 18

Spoofed DNS Queries – DoomDNS Attack

SLIDE 19

DoomDNS Attack

DoomDNS sends odd queries to BIND servers

that can elicit many responses from the server

It is possible to flood someone by sending a

Denial of Service Denial of Service An attack designed to disrupt - - PDF document

Denial of Service

Denial of Service

deny legitimate user’s access to network, servers, services, or other resources

– Target resource starvation – Network bandwidth consumption

Resource Starvation

Land Attack 1

server

Land Attack 2 - Snork

NT system to consume 100% CPU usage

WinNuke Attack

WinNuke Attack – Con’t

NetBIOS ports (137-139), and send an out of band (OOB) nuke.

but not following it with data

– When Windows NT is successfully attacked, it crashes

One Dangerous Packet

network

Telnet DoS Attack

Telnet DoS Attack – Con’t

Telnet DoS Attack – Con’t

Bandwidth Consumption

Smurf Attack

Smurf Attack – Con’t

Smurf Attack

– Forged ICMP echo request packets – The direction of packets to IP broadcast address

– One packet generates many responses

– The attacker – The intermediary – The victim

Looping Attacks – Echo-Chargen Loop

Echo-Chargen Loop

packet, it checks the payload and then echoes the payload back to the source

receives a packet, it replies with a somewhat random string of characters

Spoofed DNS Queries – DoomDNS Attack

DoomDNS Attack

that can elicit many responses from the server

spoofed UDP QUERY to the DNS

– A DNS query of just a few bytes (20-30) can achieve responses of around 400-500 bytes