Anonymous’ Famous Revolunary DoS Attack Explained

10

What is a ‘denial of service’ attack (or ‘DOS’ attack)? To break it down as simple as possible, it is a malicious attempt wherein hackers make the available resources on a network or a server unavailable to the actual users; commonly by disturbing the services of the host connected to the internet.

However, there is more to it than simply unloading packets and bombarding them at a set internet protocol. The DOS attacks have three basic types:

loic

Image Source: Google Images – Low Orbit Ion Cannon (LOIC)  is an open source and entry level network stress testing and denial of service attack application, written in C#. LOIC was initially developed by Praetox Technologies, but was later released into the public domain, and now is hosted on several open source platforms. (http://sourceforge.net/projects/loic/)

1) Volume Based Attacks (Measured in Bits/Second), the main purpose of this is to saturate the bandwidth of the target. It includes a few of the following methods:

  • UDP Floods: ‘User Datagram Protocol’ is a connection-less computer network protocol. And it is used for checking applications listening at that port. It is also used to see if no application listens at that port. And finally, to reply with ICMP Destination Unreachable Packet.
  • ICMP Floods: It sends packets without waiting for replies. This attack is good for consuming both incoming and outgoing bandwidth, resulting in the victim’s overall system slowdown.
  • Spoofed Packet Floods: ‘Spoofing’ attack is a broad term. It consists of IP, DNS & ARP attacks. But we will just stick to the basic of it. This attack is used to mimic other devices or users on a network in order attack network hosts, hack information and spread viruses or bypass access controls.

 

vyatuhqyqgegustpafpz

Image Source: YouTube – A rad visualization of Distributed Denial of Service Attacks

2) Protocol Attacks (Measured in Packets/Second), this technique consumes actual server resources, such as firewalls and load balancers. It includes a few of the following methods:

  • SYN Floods: This attack is possible due to the vulnerability present in the TCP. The flooding is done by sending multiple SYN requests (with no responses given back to the sender) and the host system waits for acknowledgement. Since it is unable to do that, a new connection can be made and ultimately results in a denial of service.
  • Ping of Death: This attack requires the attacker to send many malformed or malicious pings to a computer.
  • Smurf Distributed Denial of Service (DDOS): ‘Smurf DDOS’ is a distributed attack, sending large amounts of ICMP packets with the intended victims’ spoofed source IPs broadcast to a computer network using the IP broadcast address.

3) Application Layer Attacks (Measured in Request/Second), is a way in which the hackers send a ‘legitimate request’. The main purpose: to crash the web server. It includes few of the following methods:

  • Slow Loris: This tool can be used on a low bandwidth network but is a highly targeted attack, enabling one server to take down another, thus creating a chain – without affecting other services or ports on the targeted network. It simply holds as many connections to the targeted web server, keeps them open for as long as possible and sends only partial requests of HTTP headers but never completes any request. This overflows the maximum connection pool and leads to denial of additional connections from legitimate clients.
  • Zero Day or Zero Minute Distributed Denial of Service Attack: These attacks are simply widely unknown or new attacks and this is very useful for hackers as the vulnerabilities do not have a solution yet.
  • HTTP Flood: In this attack, the hacker checks for seemingly legitimate HTTP GET or POST requests to attack the server. This technique does not use packets, spoofing or reflection techniques and require less bandwidth to bring down the targeted website or server. The attack is most effective when it forces the server or application to allocate the maximum resources possible in response to each single request.
  • NTP Amplification: In NTP Amplification attacks, the perpetrator exploits publicly accessible Network Time Protocol (NTP) servers to overwhelm the targeted server with User Datagram Protocol (UDP) traffic. In an NTP amplification attack, the query-to-response ratio is anywhere between 1:20 and 1:200, or more. This means that any attacker that obtains a list of open NTP servers (e.g. – by using tool like Metasploit or data from the Open NTP Project) can easily generate a devastating high-bandwidth, high-volume DDOS attack.

    Anonymous recommends: Protect your PC & mobile devices from hackers & governments & surf anonymously 


SOURCES:

http://ftp.ntua.gr/mirror/technotronic/denial/smurf.c

http://tools.ietf.org/html/rfc2827.html

http://www.cert.org/advisories/CA-1996-01.html

http://www.veracode.com/security/spoofing-attack

http://ha.ckers.org/slowloris/

http://en.wikipedia.org/wiki/UDP_flood_attack

http://en.wikipedia.org/wiki/Denial-of-service_attack

http://www.webopedia.com/TERM/D/DDoS_attack.html

CLICK HERE TO SUPPORT US VIA PATREON

Get Your Anonymous T-Shirt / Sweatshirt / Hoodie / Tanktop, Smartphone or Tablet Cover or Mug In Our Spreadshirt Shop! Click Here

 

10 COMMENTS

  1. I was curious by the title. And yes you definitely kept it simple enough for anyone with basic network knowledge can understand. It’s a fun read for me since it reminds me of some attacks I have not seen in a while.

LEAVE A REPLY

Please enter your comment!
Please enter your name here