DoS Attack Scenario
DoS stands for Denial of Service which is a method used by penterators to overload a server with high amount of traffic which causes a disruption of its service to the intended users. A DoS attack only uses one computer to target a system in a network. In the real world, DoS attack is executed by groups of compromised systems that is also used to make the attack, this is what they call a DDoS (Distributed Denial of Service Attack).
First, an attacker will use all kinds of measures to try and compromise other computer systems to use it as their tool. These compromised computer systems are usually called “zombie bots” as it is controlled by the attacker and a group of these zombie bots are called a botnet. Once the botnet are built and set, the attacker can launch the DDoS attack by sending large amount of packets to the target system and disrupts its system. This kind of attack will enable the hacker to use many internet connections to flood the targets bandwidth.
The impact of this DDoS attack may not just interrupts services, it can actually impact the internet connection traffic because of large amount of communications are made. This will affect a lot more systems within the area that the internet connection covers. DDoS attack could also be escalated through misconfigured services as it increases the server workload. If the targeted services has stop responding, than the DDoS attack is considered successful.
There are 3 types of DDoS attack, the first one targets ones internet connection by flooding with large amount of bandwidth until it is ineoperative. Next type targets the network or transport layer by exploiting protocols and sending floods of TCP, UDP or ICMP packets to an IP. Last one disrupts the applications itself by sending a lot of requests until the applicaiton loses its functionality.
Hping3 for DoS attack
Hping3 is a tool that is mainly purposed for penetration testing. This tool works by sending custom TCP/IP packets to a targeted network or system. It is used to test the network security and firewall. There are a lot of customization that can be done in hping3 as it is used to test various aspects of the network.
In the lab we used only one line of code to execute a DoS attack which was
hping3 192.168.0.2 -p 80 -i u10 -S -q –rand-source
The line of code basically says the IP 192.168.0.2 will be flooded by SYN packets every 10 microseconds which will use random spoofed IP (fake IP source) to the TCP port 80. But it seems that the attack is not enough to slow down the machine.
I made a little modification to the code as shown below
hping3 192.168.0.2 -p 80 -d 120 -S -q –rand-source –flood
With this code, I added the flood command which is to send the packets as fast it can without replies. I also specified the data size which i put at 120 bytes. After the line of code is executed, the target computer stopped working altogether which means the DDoS Attack was successful.
Anti-phishing tools
Phishing is a technique hacker use to gather informations about its target. It is usually in a form of email or a website. Phishing emails are constructed like a real email which insists its target to enter sensitive information and send it to them as for (mostly) emergency measures. Phishing websites is almost the same, it looks like a real and legit website but they are actually a fake one which they can trick people to enter their information and send it to the attacker, for example a fake online shop website.
Phishing kits are the tools hacker use to easily create a fake website that is purposed to steal credentials an other sensitive informations. As time goes, phishing kits are getting more and more realistic and it is hardly recognizable as a fake one. These information-stealing website will be sent to the target through email or other methods.
To mitigate the risks of phishing attacks, we could apply certain preventive measures. There are several sites, like Phishtank, that keep track of active phishing kits and websites. Utilizing an anti-phishing software will help users to be warned or blocked from accessing these reported phishing sites. An anti-phishing toolbar is also a good tool to use as it is easy to install and can prevent user from accessing phishing websites. Netcraft toolbar is believed to be one of the best in its field. Eventually, the most essential preventive measure is to always becareful of where you put in your sensitive informations in and do not easily trust a suspicious website.
Critical Thinking & Analysis
IoT manipulation
IoT (Internet of Things) devices are getting more and more available for everybody. These IoT devices are mostly a vulnerable target for attackers to be compromised and recruit it as a botnet in DDoS attack scenario. Its lack of security and unpatched software makes IoT devices easy prey for hackers to manipulate. Mirai is one of the malware that mainly infects IoT devices and use it as a part of the attacker’s botnet. The 2016 Dyn DDoS attack was one of the famous cyberattack that falls victim to Mirai botnets.
Defense against DDoS attack
DDoS attacks are unfortunately impossible to be fully prevented, though what we can do is to minimize the impact as much as possible. There are several actions to mitigate a DDoS attack. The simplest one but a costly one is increasing your network bandwidth, this will ensure that small scale DDoS attack will not really affect you services.
Optimizing the firewall is another way to mitigate risks of a DDoS attack. Configure certain types of traffic to be dropped as required for your network. For example you could block TCP port 80 if there is no website hosting available or block DNS responses on port 53 to prevent a ping-based attacks.
Spreading out servers through out different networks can also be implemented to minimize the risk of a DDoS attack. With proper load balancing, the server will less likely to go offline as it may be in different place geographically. There are also various protectionn software that can be utilized in hardware to protect your system from DDoS attack as needed in your network security.
Another way to mitigate a DDoS attack is to use services where its sole purpose is to prevent incoming DDoS attack. It helps filter out unwanted and abnormal packets also blocking certain traffic to prevent it entering the network.
Marcellus's Blog 