UDP Flood Attack is one of the attacks causing host based Denial of Service. UDP is a connectionless protocol and it does not require any connection setup procedure to transfer data. A UDP Flood Attack is possible when an attacker sends a UDP packet to a random port on the victim system. When the victim system receives a UDP packet, it will determine what application is waiting on the destination port. When it realizes that there is no application that is waiting on the port, it will generate an ICMP packet of destination unreachable to the forged source address. If enough UDP packets are delivered to ports on victim, the system will go down.
UDP Flood Attack Mitigation
The UDP Flood Attack can be effectively reduced by deploying Firewalls at critical locations of a network to filter un-wanted traffic and from iffy sources. In addition, the following actions should be taken in your network:
1. Disable and filter chargen and echo services.
2. Disable and filter other unused UDP services.
3. If you must provide external access to some UDP services, consider using a proxy mechanism to protect that service from misuse.
4. Monitor your network to learn which systems are using these services and to monitor for signs of misuse.
UDP Flood Attack from CMD
Ping of Death...
The ping of death involves commanding the slaves to send a command such as !p4 192.168.0.1. This launches the same command that can be performed in windows by typing ping 192.168.0.1 -l 65500 -n 10000. This, in effect, pings the target machine 192.168.0.1 continuously [10,000 times] with 64 kBs of data. A ping command is not a problem because many programs will use an initial ping before connecting to a host. However, if this is done by multiple machines, the target machine can become congested with ping requests and will be unable to processes legit requests.
Usefull programs for DDOS attaks
Nmap - Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Snort - is an open source network intrusion prevention system capable of performing real-time traffic analysis and packet logging on IP networks. Snort can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
UDP Unicorn - UDP Unicorn is a Win32 UDP flooding/DoS (Denial of Service) utility with multithreading. Uses Winsock to create UDP sockets and flood a target. For network security testing.
TXDNS - Those eXtra Domain NameS. A Multithreaded Digger/Brute Forcer For DNS.
HeXHub - HeXHub is an IOCP-based file-sharing hub and web server with anti-flood protection, built-in firewall designed to filter DDoS, and to prevent most common forms of DoS currently used against hubs, anti-spam protection, content filtering and more.
DLR_DoS - DLR DoS is a tool to make DoS attacks. More information about DoS attacks: http://de.wikipedia.org/wiki/Denial_of_Service. The tool makes a (D)DoS attacks to any IP address,with a user selected port and a user selected protocol. DLR DoS is in my tests a little more powerful as loic (low orbit cannon).
Hyenae - Hyenae is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant.
Anon Cannon - LOIC-like program used to coordinated DDoS attacks.
distributedPHP client - distributedPHP client is a simple PHP script that can simultaneously activate/send data to as many web scripts as you want. You must open and configure the distributedPHP .php file prior to running it. ditributedPHP client supports activating scripts without data, sending the same data to all scripts, sending unique data to each script or sending user input to each script. Examples of use include: distributed math computation, encryption breaking, SETI@home/folding@home (well, if they made the projects in php..) distributed bruteforce attacks, ddos attacks, distributed processing, etc.. distributedPHP client can be configured to distribute computing to scripts written in a language other than php as long as the script supports html form input (or doesn't require input at all).
PyLoris - PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.
PDoS - PDoS it's a new concept of the Distributed Denial of Service technic. it use Proxies instead of infected PCs for requesting all the images on the target.
HTTP Bog - HTTP Bog is a slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses.
ArpSpoofTool - ARP Poisoning - Show denial of service and man in the middle attacks using raw socket in c - http://proxytype.blogspot.com
PacketCast - A Cross Platform Network Stress Tester / UDP Denial of Service Utility... Written in Perl.
Kollapse Lite: Null Byte - This is a "Lite" version of Kollapse. This utility is designed to test a web server for the Null Byte vulnerability. If a web server is vulnerable to the Null Byte attack a Denial of Service (DoS) results. This causes the web page to be unavailable.
TCPView - TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
UDP Flood Attack Mitigation
The UDP Flood Attack can be effectively reduced by deploying Firewalls at critical locations of a network to filter un-wanted traffic and from iffy sources. In addition, the following actions should be taken in your network:
1. Disable and filter chargen and echo services.
2. Disable and filter other unused UDP services.
3. If you must provide external access to some UDP services, consider using a proxy mechanism to protect that service from misuse.
4. Monitor your network to learn which systems are using these services and to monitor for signs of misuse.
UDP Flood Attack from CMD
Ping of Death...
The ping of death involves commanding the slaves to send a command such as !p4 192.168.0.1. This launches the same command that can be performed in windows by typing ping 192.168.0.1 -l 65500 -n 10000. This, in effect, pings the target machine 192.168.0.1 continuously [10,000 times] with 64 kBs of data. A ping command is not a problem because many programs will use an initial ping before connecting to a host. However, if this is done by multiple machines, the target machine can become congested with ping requests and will be unable to processes legit requests.
Hello skiddies! Do not use these applications to IP addresses in the datacenters! You have been warned! :)
Usefull programs for DDOS attaks
Nmap - Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Snort - is an open source network intrusion prevention system capable of performing real-time traffic analysis and packet logging on IP networks. Snort can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
UDP Unicorn - UDP Unicorn is a Win32 UDP flooding/DoS (Denial of Service) utility with multithreading. Uses Winsock to create UDP sockets and flood a target. For network security testing.
TXDNS - Those eXtra Domain NameS. A Multithreaded Digger/Brute Forcer For DNS.
HeXHub - HeXHub is an IOCP-based file-sharing hub and web server with anti-flood protection, built-in firewall designed to filter DDoS, and to prevent most common forms of DoS currently used against hubs, anti-spam protection, content filtering and more.
DLR_DoS - DLR DoS is a tool to make DoS attacks. More information about DoS attacks: http://de.wikipedia.org/wiki/Denial_of_Service. The tool makes a (D)DoS attacks to any IP address,with a user selected port and a user selected protocol. DLR DoS is in my tests a little more powerful as loic (low orbit cannon).
Hyenae - Hyenae is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant.
Anon Cannon - LOIC-like program used to coordinated DDoS attacks.
distributedPHP client - distributedPHP client is a simple PHP script that can simultaneously activate/send data to as many web scripts as you want. You must open and configure the distributedPHP .php file prior to running it. ditributedPHP client supports activating scripts without data, sending the same data to all scripts, sending unique data to each script or sending user input to each script. Examples of use include: distributed math computation, encryption breaking, SETI@home/folding@home (well, if they made the projects in php..) distributed bruteforce attacks, ddos attacks, distributed processing, etc.. distributedPHP client can be configured to distribute computing to scripts written in a language other than php as long as the script supports html form input (or doesn't require input at all).
PyLoris - PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.
PDoS - PDoS it's a new concept of the Distributed Denial of Service technic. it use Proxies instead of infected PCs for requesting all the images on the target.
HTTP Bog - HTTP Bog is a slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses.
ArpSpoofTool - ARP Poisoning - Show denial of service and man in the middle attacks using raw socket in c - http://proxytype.blogspot.com
PacketCast - A Cross Platform Network Stress Tester / UDP Denial of Service Utility... Written in Perl.
Kollapse Lite: Null Byte - This is a "Lite" version of Kollapse. This utility is designed to test a web server for the Null Byte vulnerability. If a web server is vulnerable to the Null Byte attack a Denial of Service (DoS) results. This causes the web page to be unavailable.
TCPView - TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
update Ultima actualizare: 05/04/2012
done Informatiile cuprinse in aceasta sectiune sunt verificate si actualizate periodic.
list Articole recente
arrow_back Inapoi
done Informatiile cuprinse in aceasta sectiune sunt verificate si actualizate periodic.
list Articole recente
arrow_back Inapoi