Sunday, August 30, 2009

DOS & DDOS Attacks

Denial of Service (DOS) and Distributed Denial of Service (DDOS) are considering one of the most dangerous attacks nowadays that take the servers to be over. The hacker normally is looking for Root or Administrator privileges that can take all the system control and do whatever he wants like requesting ransom or just appear as a hero. If he could not do that, he will look then for local vulnerability and use it as starting of system's attack. The last option of hacker when he could not get either Root privileges or local vulnerability, he will think to do DOS or DDOS that corrupt your business or transactions.

Conducting of DOS and DDOS can done by sending big amount of packets against the servers that make them busy because they handle these packets. Also, they consume the bandwidth of the network that if any body order the service later, it will be OUT OF SERVICE!!

So, how we can stop or prevent like these attacks? Answering of this question is depend totally on your policy and the network transactions like which ports must be opened and which ones must be closed? Also, which computers can access the servers, ...., and many many factors.

In this post we will - inShaAllah - apply simple experiment (ping of death) that depicts what is exactly the DOS and how we can prevent them.

The requirements of experiment:
The scenario:

Assume one of Ubuntu OS is a victim and install EtherApe software on this operating system. The function of EtherApe software is giving graphical monitoring of network. All of these OS are installed on VirtaulBox, they are as a following:

  • First Ubuntu OS has IP=10.1.1.1 (a victim)
  • Second Ubuntu OS has IP=10.1.1.2
  • Third Ubuntu OS has IP=10.1.1.3
  • XP OS has IP=10.1.1.5
Now, we are ready to do the attack against the victim that has IP=10.1.1.1 , open EtherApe and System Monitor applications in Fisrt Ubuntu (10.1.1.1) to monitor the network and apply the following:


From both, Second & Third Ubuntu OS, in terminal type:

ping -s 65500 10.1.1.1














and from XP OS type in Command Prompt type:

ping -t -l 65500 10.1.1.1














Notice: rate of sent packets reached 320 KiB per second (look to System Monitor application), and it just form three computer (2 Ubuntu + 1 XP). In reality, medium companies are using 4 MiB per second for whole of their bandwidth. Means around 36 computers able to take this company OUT OF SERVICE!!!!!













System Monitor: victim's network activities















The end ;-)

Next post inShaAllah will explain how to prevent such attacks by using iptables Firewall. Keep connected ;-)
Posted by at 8 comments:

Saturday, August 29, 2009

Automatic logout in Ubuntu Servers

Hi my friends, i decided to open my blog that is focusing on Linux and Security. I hope you will get it useful and enjoyable and i hope i can hear from you and we can share the knowledge.

The first post is about:

How to configure: automatic logout in Ubuntu\Debian Server :


As we know in servers platforms (Hosting, ...), they are using only command line that there is no way for using screen-saver as auto log out of users/admin after certain time. Also, sometimes giving limited time for who logged in through SSH-Server or ftp or any thing by terminal. Solving of this problem by doing the following:

first, be a root

sudo -i
enter root password

edit /etc/profile file

# gedit /etc/profile &

add at the end of file TMOUT= number in seconds,

TMOUT=60

the last addition means, log out after 60 seconds.

To test it in your Ubuntu Box, change the TMOUT=3 and save the file. Now open the terminal and type:

sudo -i
enter the password

Now wait for three seconds, you will log out automatically, right?


That is all, i hope it is useful ;-)
Posted by at 2 comments:
Subscribe to: Posts (Atom)