Conducting of DOS and DDOS can done by sending big amount of packets against the servers that make them busy because they handle these packets. Also, they consume the bandwidth of the network that if any body order the service later, it will be OUT OF SERVICE!!
So, how we can stop or prevent like these attacks? Answering of this question is depend totally on your policy and the network transactions like which ports must be opened and which ones must be closed? Also, which computers can access the servers, ...., and many many factors.
In this post we will - inShaAllah - apply simple experiment (ping of death) that depicts what is exactly the DOS and how we can prevent them.
The requirements of experiment:
- 3 Linux Ubuntu OS
- 1 Windows XP OS
- Skills of iptables Firewall
Assume one of Ubuntu OS is a victim and install EtherApe software on this operating system. The function of EtherApe software is giving graphical monitoring of network. All of these OS are installed on VirtaulBox, they are as a following:
- First Ubuntu OS has IP=10.1.1.1 (a victim)
- Second Ubuntu OS has IP=10.1.1.2
- Third Ubuntu OS has IP=10.1.1.3
- XP OS has IP=10.1.1.5
From both, Second & Third Ubuntu OS, in terminal type:
ping -s 65500 10.1.1.1
and from XP OS type in Command Prompt type:
ping -t -l 65500 10.1.1.1
Notice: rate of sent packets reached 320 KiB per second (look to System Monitor application), and it just form three computer (2 Ubuntu + 1 XP). In reality, medium companies are using 4 MiB per second for whole of their bandwidth. Means around 36 computers able to take this company OUT OF SERVICE!!!!!
System Monitor: victim's network activities
The end ;-)
Next post inShaAllah will explain how to prevent such attacks by using iptables Firewall. Keep connected ;-)
s.a. Thank you very much for the good info. Now, i understood DOS and DDOS better. But, what happened to 1st OS (Ubuntu 10.1.1.1) as a result? Did it stop working properly??
ReplyDeletew.s, millions thanks for your comment. Regarding to 1st OS who is a victim, still under attack because in 2cd and 3rd Ubuntu OS, they continue send packets also for XP because we used -t (minus t flag with ping). Next post inShaAllah we will explain how to prevent these attacks by using iptables Firewall. Until now the attacks still sent to a victim (10.1.1.1).
ReplyDeleteSo, victim is still surviving :) . Can we guess when will it stop running because of attack? Because, aim of attack is to make PC out of service right?
ReplyDeleteYes victim still under attack (and will be under attack whole of the live if we did not do anything). Stopping sending of ping packets from hacker means stopping of attack too. Hacker's computer (2cd, 3rd, and 4th xp) will continue send ping packets even all the age of universe. Like this attack should be protected from victim's computer by one of protection system such as Firewall, NIDS, and HIDS. InShaAllah we will see all of these solutions. Thanks again ;-)
ReplyDeletesalam Friend first i like this 3i-zone.blogspot.
ReplyDeleteand we can use the tool like ftest to test the firewall to make a rule or control our firewall or we can implement the rule in any company depend on company requirement so we can open and close any port. second all this attack it comes througt the network layer the question is why people they don't use the application layer and i think this is the solution because if we secure our application layer with application progarames no one can attack us because the aim of the attacker to attack the database to get the information.
thanks.
Thanks Mustafa for the these valuable information and your interaction. Hope you feed us with more knowledge.
ReplyDeletesalam my friend m.abbas, iam mohammed alfateh
ReplyDeletebatch 25 and i want to thanks you for this great
work and batch 25 support you to go a head.
my question is:
is there any flag that help me to detect this
attack in the security tools like firewall?
thank you again...
w.salam, hello my great friend Mohd Alafateh. Yes look to next post that is DOS and DDOS attacks 2. thanks
ReplyDelete