Tuesday, November 24, 2015

Denial of Service Hack.

Introduction: Infrastructure.


Web Pages & the Internet Applications are services generated by the Hardware-Software infrastructure.

There's a Computer connected to the Internet, that runs a web page server or an application server software, client browsers connect to it.

Hardware-software infrastructure 'serves' or in other words: 'sends' pages to users, where these are displayed in browser windows or tabs.

That's how users communicate with application in the other parts of the Internet.

What if there are too many users for an hardware-software infrastructure to handle the service efficiently ?

There are delays in a service, or even an application crash can occur disabling the service for longer.

In practice it's rare for an application service provider to face too many users challenge, more often delays & crashes are because of an attack, a Denial of Service Hack.


A Web Application Service.




A Web Application Server Software with a Sample Application it runs.



A Web Application Software in itself is not enough, there must be application that it can run,

That is ... a Web App Server + a Web Application + Computer Hardware & the Internet: it's what's needed to run a Internet Application Service.


Denial of Service Hack.


Let's examine a common attack route on the Internet Application, a Denial of Service Hack.


   


Tor's Hammer & it's usage.
(click on image to enlarge it).



TOR (The Onion Router) is a software tool that increases users' anonymity in the internet.

TOR's Hammer is a software script (a program) that attacks the software parts of the Internet Application Service, by creating a very many of the Internet Connections at once, delaying or preventing connections with legitimate users of the Internet Application Service.

TOR's Hammer can work with or without TOR infrastructure, with increased anonymity or without that an advantage.




... waiting,
... forever ?

an Internet Application Service during a DoS attack.



IP address spoofing.


Every IP datagram sent in the Internet contains a source and destination IP address in its header. The source is the original sender of the datagram and the destination is the intended recipient. So, ignoring the role of NAT, when your computer contacts a server on the Internet, that server knows your IP address as it is included in the source field of the IP datagram. In some cases you may want to change the source IP address included in the IP datagram (without changing your actual computer IP address). For example, this can be useful for network testing and diagnostics, security penetration testing and performing security attacks (for learning purposes only, of course). Setting the IP source address of datagrams to be a fake address is called address spoofing. In Linux it is very easy to do using iptables.

Address spoofing can be performed with a single command using iptables.

For example, to change the source address included in IP datagrams that one's computer sends to 1.1.1.1, one can use a following command:

$ sudo iptables -t nat -A POSTROUTING -j SNAT --to-source 1.1.1.1

Source: Address Spoofing with iptables in Linux.

(i've not tested this part of this hack as of yet).

No comments:

Post a Comment