C EH

Lab M a n u a l

D e n ia l o f S e r v ic e
M o d u l e 10
M odule 10 - D enial o f S e rv ic e

D e n ia l o f S e r v i c e

Denialof Se ic (DoS) isa attack o a c m ue orn t oktha...
M odule 10 - D enial o f S e rv ic e

& T o o ls
d e m o n s tr a t e d in
t h i s la b a r e
a v a ila b le in
D:CEHT oo ...
M odule 10 - D enial o f S e rv ic e

S Y N

F lo o d in g

a

T a r g e t H o s t U s in g

h p in g 3
hpingJ is a comman...
M odule 10 - D enial o f S e rv ic e

& T o o ls
d e m o n s tr a t e d in
th i s la b a r e
a v a ila b le a t
D:CEHT oo ...
M odule 10 - D enial o f S e rv ic e

*

*

root(afbt: -

File Edit View trm inal Help
>
syn
set SYN flag
<
‫־־‬rst
set RS...
M odule 10 - D enial o f S e rv ic e

7.

G o to d ie v ic tim ’s m a c h in e (W in d o w s 7). In stall a n d la u n c h...
M odule 10 - D enial o f S e rv ic e

Lab

H T T P

F lo o d in g

U s in g

D o S H T T P

D oS H T T P is an H T T P flo...
M odule 10 - D enial o f S e rv ic e

& T o o ls
d e m o n s tr a t e d in
t h i s la b a r e
a v a ila b le in
D:CEHT oo ...
M odule 10 - D enial o f S e rv ic e

3.

C lick d ie D o S H ttp 2 .5 a p p fro m d ie S t a r t m e n u a p p s to la u ...
M odule 10 - D enial o f S e rv ic e

H

nn^HTTP ? S 1 - W kpfcnft npf [Fvaliiatmn Mnrlp]

File

O p tio n s

*1

H elp

D...
M odule 10 - D enial o f S e rv ic e

^^t info Mr sf oprt nDv  P65lD^C E ^6E88W^
j" pjr gr micooKr oa!oAe!nN^0F 12MAA^4AC ...
M odule 10 - D enial o f S e rv ic e

2.

D e te rm in e h o w y o u c a n p re v e n t D o S H T T P attack s 0 11 a n e ...
Upcoming SlideShare
Loading in...5
×

Ceh v8 labs module 10 denial of service

299

Published on

Published in: Sports, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
299
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
81
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ceh v8 labs module 10 denial of service

  1. 1. C EH Lab M a n u a l D e n ia l o f S e r v ic e M o d u l e 10
  2. 2. M odule 10 - D enial o f S e rv ic e D e n ia l o f S e r v i c e Denialof Se ic (DoS) isa attack o a c m ue orn t okthatpe e ts rv e n n o p t r ew r rvn le itim teueof its r s uc s g a s eo r e. ICON KEY V a lu a b le in fo r m a tio n L a b S c e n a r io 111 c o m p u tin g , a d e n ia l-o f -s e rv ic e a tta c k (D o S a tta c k ) is a n a tt e m p t to m a k e a m a c h in e o r n e tw o r k re s o u rc e u n a v a ila b le to its in te n d e d u s e rs . A lth o u g h th e Test yo u r m e a n s to earn* o u t, m o tiv e s fo r, a n d ta rg e ts o f a D o S a tta c k m a y van*, it g e n e ra lly c o n s is ts o f th e e f f o r ts o f o n e o r m o r e p e o p le to te m p o ra r ily 0 1 ‫־‬ ^ W e b e x e r c is e W o r k b o o k re in d e fin ite ly in t e r r u p t 0 1 ‫ ־‬s u s p e n d s e iv ic e s o f a h o s t c o n n e c t e d to th e I n te r n e t. P e r p e tr a to r s o f D o S a tta c k s ty p ic a lly ta r g e t sites 0 1 ‫ ־‬s e iv ic e s h o s t e d 0 1 1 h ig h p ro f ile w e b s e n ‫־‬ers s u c h as b a n k s , c r e d it c a rd p a y m e n t g a te w a y s, a n d e v e n r o o t n a m e s e iv e r s . T h e te r m is g e n e ra lly u s e d re la tin g to c o m p u te r n e tw o rk s , b u t is n o t lim ite d to tin s field ; fo r e x a m p le , it is a ls o u s e d 111 r e f e r e n c e to C P U r e s o u r c e m a n a g e m e n t. O n e c o m m o n m e t h o d o f a tta c k in v o lv e s s a tu ra tin g th e ta r g e t m a c h in e w ith e x te r n a l c o m m u n ic a tio n s re q u e s ts , s u c h th a t it c a n n o t r e s p o n d to le g itim a te tra ffic , o r r e s p o n d s so slo w ly as to b e r e n d e r e d e ss e n tia lly u n a v a ila b le . S u c h a tta c k s u su a lly le a d to a s e iv e r o v e rlo a d . D e 111 al-o f-se n * 1 ce a tta c k s c a n e sse n tia lly d is a b le y o u r c o m p u t e r 0 1 ‫ ־‬y o u r n e tw o rk . D o S a tta c k s c a n b e lu c ra tiv e fo r c rim in a ls; r e c e n t a tta c k s h a v e s h o w n th a t D o S a tta c k s a w a y fo r c y b e r c rim in a ls to p ro f it. A s a n e x p e r t e th ic a l h a c k e r 0 1 ‫ ־‬s e c u r i t y a d m i n i s t r a t o r o f a n o rg a n iz a tio n , y o u s h o u ld h a v e s o u n d k n o w le d g e o f h o w d e n ia l - o f - s e r v i c e a n d d i s t r i b u t e d d e n ia l - o f - s e r v i c e a tta c k s a re c a rr ie d o u t, to d e t e c t a n d n e u t r a l i z e a tta c k h a n d le r s , a n d to m i t i g a t e s u c h a tta c k s. L a b O b je c t iv e s T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a r n to p e r f o r m D o S a tta c k s a n d to te s t n e tw o r k fo r D o S flaw s. 1 1 1 d iis la b , y o u w ill: ■ C re a te a n d la u n c h a d e 11 ia l‫־‬o f ‫־‬se 1v ic e a tta c k to a v ic tim ■ R e m o te ly a d m in is te r c lie n ts ■ P e r f o r m a D o S a tta c k b y s e n d in g a h u g e a m o u n t o f S Y N p a c k e ts c o n tin u o u s ly P e r f o r m a D o S H T T P a tta c k C E H Lab Manual Page 703 Ethical Hacking and Countemieasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  3. 3. M odule 10 - D enial o f S e rv ic e & T o o ls d e m o n s tr a t e d in t h i s la b a r e a v a ila b le in D:CEHT oo lsC E H v 8 M o d u le 1 0 D en ialo f-S e rv ic e L a b E n v ir o n m e n t T o e a rn ‫ ־‬o u t th is, y o u n eed : ■ A c o m p u te r ru n n in g W in d o w S e rv e r 2 0 0 8 ■ W in d o w s X P / 7 ru n n in g 111 v irtu a l m a c h in e ■ A w e b b ro w s e r w ith I n te rn e t access ■ A d m in istra tiv e privileges to m n to o ls L a b D u r a tio n T im e: 60 M in u te s O v e r v ie w o f D e n ia l o f S e r v ic e D e n ia l-o f-se rv ic e (D o S ) is a n a tta c k o n a c o m p u te r o r n e tw o rk th a t p r e v e n t s leg itim ate u se o f its re so u rc e s. 111 a D o S attack , atta c k e rs flo o d a v ic tim ’s sy ste m w ith illegitim ate service re q u e s ts o r t r a f f i c to o v e r l o a d its re s o u rc e s a n d p re v e n t it fro m p e rfo rm in g in t e n d e d tasks. Lab T asks O v e rv ie w P ic k a n o rg a n iz a tio n th a t y o u feel is w o rth y o f y o u r a tte n tio n . T in s c o u ld b e an e d u c a tio n a l in s titu tio n , a c o m m e rc ia l c o m p a n y , o r p e rh a p s a n o n p ro f it charity. R e c o m m e n d e d lab s to assist y o u in d en ial o f service: ■ S Y N flo o d in g a ta rg e t h o s t u sin g 11pi11g3 ■ H T T P flo o d in g u sin g D o S H T T P L a b A n a ly s is A n aly ze a n d d o c u m e n t th e resu lts re la te d to th e la b exercise. G iv e y o u r o p in io n o n y o u r ta rg e t’s secu rity p o s tu re a n d e x p o su re . P L E A S E T A L K T O Y O U R I N S T R U C T O R R E L A T E D C E H Lab Manual Page T O T H I S I F Y O U H A V E Q U E S T I O N S L A B . Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  4. 4. M odule 10 - D enial o f S e rv ic e S Y N F lo o d in g a T a r g e t H o s t U s in g h p in g 3 hpingJ is a command-line oriented T C P / IP packet assembler/ analyser. ■ n co k ey 1 ^ ~ / V a lu a b le in fo r m a tio n y *' Test yo ur L a b S c e n a r io A S Y N flo o d is a f o r m o f d e n ia l-o f-s e rv ic e a tta c k 111 w h ic h ail a tta c k e r s e n d s a s u c c e s s io n o l S Y N re q u e s ts to a ta rg e t's s y s te m 111 a n a tt e m p t to c o n s u m e e n o u g h s e rv e r re s o u rc e s to m a k e th e s y s te m u n re s p o n s iv e to le g itim a te tra flic . k n o w le d g e A S Y N flo o d a tta c k w o rk s b y n o t r e s p o n d in g to th e s e r v e r w ith th e e x p e c te d * * W e b e x e r c is e m W o r k b o o k r e v ie w A C K c o d e . T h e m a lic io u s c lie n t c a n e ith e r sim p ly n o t s e n d th e e x p e c te d A C K , o r b y s p o o lin g th e s o u r c e IP a d d re s s 111 th e S Y N , c a u se th e s e r v e r to s e n d th e S Y N -A C K to a fa lsifie d I P a d d re s s , w h ic h w ill n o t s e n d a n A C K b e c a u s e it "k n o w s" th a t it never sen t a SYN. The s e rv e r w ill w a it fo r th e a c k n o w le d g e m e n t f o r s o m e tim e , as s im p le n e tw o r k c o n g e s tio n c o u ld a lso b e th e c a u s e o f th e m is s in g A C K , b u t 111 a n a tta c k in c re a s in g ly la rg e n u m b e r s o f h a lf - o p e n c o n n e c tio n s w ill b in d re so u rc e s on th e s e rv e r u n til no new c o n n e c tio n s c a n b e m a d e , re s u ltin g 111 a d e n ia l o f se rv ic e to le g itim a te tra ffic . S o m e sy s te m s m a y a ls o m a lf u n c tio n b a d ly o r e v e n c ra s h if o th e r o p e r a tin g s y s te m f u n c tio n s a re s ta rv e d o t re s o u rc e s 111 tin s w ay . A s a n e x p e r t e t h i c a l h a c k e r o r s e c u r i t y a d m i n i s t r a t o r o t a n o r g a n iz a tio n , y o u s h o u ld h a v e s o u n d k n o w le d g e o f d e n ia l - o f - s e r v i c e a n d d i s t r i b u t e d d e n ia l-o f s e r v i c e a tta c k s a n d s h o u ld b e a b le to d e t e c t a n d n e u t r a l i z e a tta c k h a n d le rs . Y o u s h o u ld u se S Y N c o o k ie s as a c o u n te r m e a s u r e a g a in s t th e S Y N flo o d w h ic h e lim in a te s th e re s o u rc e s a llo c a te d o n th e ta r g e t h o s t. L a b O b je c t iv e s T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a r n to p e r f o r m d e n ia l-o f-s e rv ic e a tta c k s a n d te s t th e n e tw o r k f o r D o S flaw s. 1 1 1 tin s la b , y o u w ill: ■ ■ C E H Lab Manual Page 705 P e r f o r m d e n ia l-o t-s e r v ic e a tta c k s S e n d h u g e a m o u n t o f S Y N p a c k e ts c o n tin u o u s ly Ethical Hacking and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  5. 5. M odule 10 - D enial o f S e rv ic e & T o o ls d e m o n s tr a t e d in th i s la b a r e a v a ila b le a t D:CEHT oo lsC E H v 8 M o d u le 1 0 D en ialo f-S e rv ic e L a b E n v ir o n m e n t T o e a rn ’ o u t d ie lab , y o u need: ■ A c o m p u te r r u n n in g W in d o w s 7 as v ic tim m a c h in e ■ B a c k T ra c k 5 r3 ru n n in g 111 v irtu a l m a c h in e as a tta c k e r m a c h in e " W ir e s h a rk is lo c a te d a t D :C EH -ToolsC EH v 8 M o d u le 0 8 S n iffin g S n iffin g T oolsV W iresh ark L a b D u r a tio n T u n e : 10 M in u te s O v e r v ie w o f h p in g 3 11pu1g3 is a n e tw o rk to o l ab le to se n d c u s to m T C P / I P p a c k e ts a n d to d isp lay ta rg e t rep lies like a p in g p ro g ra m d o e s w ith IC M P replies. 11pu1g3 h a n d le s fra g m e n ta tio n , a rb itra n ‫ ־‬p a c k e ts b o d y , a n d size a n d c a n b e u s e d u i o rd e r to tra n s fe r hies e n c a p su la te d u n d e r s u p p o r te d p ro to c o ls. Lab T asks — j F lo o d SYN P a c k e t 1. L a u n c h B a c k T a c k 5 r3 o n th e v irtu al m a c h in e . 2. L a u n c h d ie h in g p 3 utility fro m th e B a c k T ra c k 5 r3 v irtu al m a c h in e . S elect B a c k T r a c k M e n u -> B a c k t r a c k -> I n f o r m a tio n G a th e r i n g -> N e tw o r k A n a ly s is -> I d e n tif y L iv e H o s t s -> H p in g 3 . ^^Applications Places System ( r 3 j Sun Oct 21. 1:34 PM V Accessories inform ationG athering ... N ork Analysis etw W Appl ^ eb ^ Graphics ► ‫ ״‬vulnerability Assessment ^| ^ ‫ #- ״‬Exploitation Tools ‫ |ף‬Database ^ aiiveo ► ^ arei lvf internet S B (yfke System Tools 9 Wine Wireless ^ ► i Maintaining Access | Other !f, Sound & Video 0=5! hping3 is a command-line oriented TC P/IP packet assembler/analyzer. Pnvilege Escalation Otrace ‫ ־‬f; arping ,c • ^ Reverse Engineering .!4 Network T a f c Analysis rfi detect*new‫־‬ ip6 ‫ ;ן ״‬RFID Tools ” dnmap *b >n OSIMT Analysis ► tj StressI c t n fsig ^ fping R oute Analysis »!. hplng2 .‫־‬H service Fin erp tin g rin g forensics ^ R eportin T o g o ls hpingj ^ netAscovcr ^ netifera << back . t nmap ^ Pn b j sctpscan t ae rc® traceroute wle o^ zenmap 1y=I Type only hping3 without any argument. If hping3 was compiled with Tel scripting capabilities, you should see a prompt. C E H Lab Manual Page 706 Figure 1.1: BackTrack 5 r3 Menu 3. T h e h p in g 3 u tility starts in d ie c o m m a n d shell. Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  6. 6. M odule 10 - D enial o f S e rv ic e * * root(afbt: - File Edit View trm inal Help > syn set SYN flag < ‫־־‬rst set RST flag * ‫־־‬push set PUSH flag v ack set ACK flag ‫־־‬urg set U flag RG -‫־‬xnas set X unused flag (0x40) ynas set Y unused flag (0x80) ■tcpexitcode use last tcp->th flags as exit code tcp-tinestaTp enable the TCP timestamp option to guess the HZ/uptine J ( f data size data fron file add ,signature* Bum packets in (default is 0) e olt p O O tS . na T 'T ro R mn | 1 -u ^ end te ll you reacheJ EO and prevent reAind F •T -•traceroute traceroute m ode (Implies ••bind and ‫־־‬t t l 1) --tr-stop Exit when receive the firs t not ICMP in traceroute node tr <ccp t t l Keep the source TTL fixed, useful to nonitor ]ust one hop **tr*no-rtt Don't calculate/show RTT information in traceroute node ARS packet description (new, unstable) apd send Send the packet described with apo (see docs/APO.txt) F IG U R E 1.2: BackTrack 5 13 Command Shell with hping3 4. 111 th e c o m m a n d shell, ty p e h p in g 3 - S 1 0 .0 .0 .1 1 - a 1 0 .0 .0 .1 3 - p 2 2 -flo o d a n d p re s s E n te r . m First, type a simple command and see the result: #hping3.0.0-alpha1> hping resolve www.google.com 66.102.9.104. m The hping3 command should be called with a subcommand as a first argument and additional arguments according to die particular subcommand. a v * root(abt: - File Edit View Terminal Help F IG U R E 1.3: BackTrack 5 r3 11ping3 command 5. L i d ie p re v io u s c o m m a n d , 1 0 .0 .0 .1 1 (W in d o w s 7 ) is th e v ic t im ’s m a c h in e IP a d d re ss, a n d 1 0 .0 .0 .1 3 ( B a c k T r a c k 5 r3 ) is th e a t t a c k e r ’s m a c h in e IP ad d ress. /v v x root(§bt: - File Edit View *fenminal Help ‫״‬ootebt:-# hp1ng3 -s 10.0.0.11 ■ 10.0.0.13 • 22 •■flood a p HPING 10.0 9.11 (ethO 10.6.0.11): S set, 40 headers 0 data hping in flood node, no replies w ill be show n << b a c k H y1 The hping resolve = command is used to convert a hostname to an IP address. C E H Lab Manual Page 707 tra c k F IG U R E 1.4: BackTrack4 Command Shell with hping3 6. 11pi11g3 flo o d s th e v ic tim m a c h in e b y se n d in g b u lk S Y N p a c k e ts a n d o v e rlo a d in g v ic tim reso u rc es. Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  7. 7. M odule 10 - D enial o f S e rv ic e 7. G o to d ie v ic tim ’s m a c h in e (W in d o w s 7). In stall a n d la u n c h W ire sh a rk , a n d o b se rv e th e S Y N p ack ets. 12(SVN Rev445202 ‫ ט‬Micro o tC r o a i n PeviceNPFJ605FlD17-52CF-4EA9-BA6P-5E43A8Dro2DD [ i e sf oprto: W r shark Pile Edit View Gc Capture Analyze Statistics Telephony Tools Internals Help 0. < 0 1 m m » a . m IBTal hping3 was mainly used as a security tool in the past. It can be used in many ways by people who don't care for security to test networks and hosts. A subset of the things you can do using hping3: ■ Firewall testing ‫ י‬Advanced port scanning ‫ י‬Network testing, using various protocols, TOS, fragmentation ■ Manual path M TU discovery ■ Advanced traceroute, under all the supported protocols ■ Remote OS fingerprinting * Remote uptime guessing ■ TC P/IP stacks auditing m D estination Protocol Length Info ‫31 .כ‬ ‫31 .כ‬ ‫31 . נ‬ ‫31 . נ‬ 10.0.0.11 TCP 10.0.0.11 10.0.0.11 1 10.0.0.11 TCP TCP TCP TCP |G l . IE Ij 54 [TCP Pert numbers 54 [TCP Pert numbers 54 [TCP Pert numbers 54 [TCP Port numbers ■ ff1i‫ ־‬r 3 ^ T M7‫־‬ 54 [TCP Port numbers reused] reused] reused] reused] T T 1 reused] 53620 53621 53622 53623 > > > > ssh ssh ssh ssh [SYN] 5 [SYN] s [SYN] 5 [SYN] 5 13771■3 53625 > ssh [SYN] 5 1 U-tI& W 7 ZW tt M Frame 1: 54 b/tes on wire (432 b it s ) , 54 bytes captured (432 b its ) on in te rface 0 Ethernet I I , Src: Microsof_a8:78:07 (00:15:5d:a8:78:07), Dst: M'crosof_a8:78:05 (00:15:5d:a Internet Protocol version 4, src: 10.0.0.13 (10.0.0.13), Dst: 10.0.0.11 (10.0.0.11) Transmission control Protocol, src Po rt: 11766 (11766), Dst Port: ssh (22), seq: 0, Len: 0 OO O O 0019 0020 0030 0015 0028 00Ob 0200 5d dl 2d ee as 3a f6 df 78 00 00 00 05 00 15 00 40 06 16 3a a9 00 5d a8 78 07 OS 00 45 00 95 7e Oa 00 00 Od Oa 00 09 f c 61 62 d6 d7 50 02 . .] .x .. . ].X ...E . •(• :..®. —........ O Fl:*CUsenAdminAppDataLocalTemp... P c e s 119311 D s l y d 119311 M r e . P o i e D f u t ie akt: ipae: a k . . rfl: e a l FIG U R E 1.5: Wireshark with SYN Packets Traffic Y o u se n t h u g e n u m b e r o l S Y N p a c k e ts, w h ic h c a u se d d ie v ic tim ’s m a c h in e to crash . L a b A n a ly s is D o c u m e n t all d ie resu lts g a d ie r d u rin g d ie lab. T o o l/U tility I n f o r m a tio n C o ll e c te d / O b j e c ti v e s A c h ie v e d S Y N p a c k e ts o b s e r v e d o v e r flo o d in g th e r e s o u rc e s in h p in g 3 P L E A S E T A L K v ic tim m a c h in e T O Y O U R I N S T R U C T O R R E L A T E D T O T H I S I F Y O U H A V E Q U E S T I O N S L A B . I n te rn e t C o n n e c tio n R e q u ire d □ Y es 0 No P la tfo rm S u p p o rte d 0 C E H Lab Manual Page 708 C la s s ro o m 0 1L a b s Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  8. 8. M odule 10 - D enial o f S e rv ic e Lab H T T P F lo o d in g U s in g D o S H T T P D oS H T T P is an H T T P flood denial-of-service (D oS) testing toolfor Windows. D o S H T T P includesp o rt designation and reporting. ICON KEY L a b S c e n a r io / V a lu a b le in fo r m a tio n H T T P flo o d in g is a n a tta c k th a t u se s e n o rm o u s u seless p a c k e ts to jam a w e b server. 111 tliis p a p e r, w e u se lu d d e n se m i-M a rk o v m o d e ls (H S M M ) to d e s c n b e W e b - .-* v Test yo ur ______ k n o w le d g e b ro w s in g p a tte rn s a n d d e te c t H T T P flo o d in g attack s. W e first u se a large n u m b e r o f leg itim ate re q u e s t seq u e n c e s to tra in a n H S M M m o d e l a n d th e n u se tins leg itim ate m . W e b e x e r c is e m o d e l to c h e c k ea c h in c o m in g re q u e s t se q u en c e . A b n o rm a l W w b traffic w h o se lik e lih o o d falls in to u n re a s o n a b le ra n g e fo r th e leg itim ate m o d e l w o u ld b e classified as p o te n tia l a tta c k traffic a n d sh o u ld b e c o n tro lle d w ith special a ctio n s su c h as filtering 01 ‫ ־‬lim itin g th e traffic. F inally w e v alid ate o u r a p p ro a c h b y te stin g d ie m e th o d w ith real data. T h e re su lt sh o w s th a t o u r m e th o d c a n d e te c t th e a n o m a ly w e b traffic effectively. 111 th e p re v io u s lab y o u le a rn e d a b o u t S Y N flo o d in g u sin g 11p111g3 a n d th e c o u n te rm e a s u re s th a t c a n b e im p le m e n te d to p re v e n t su c h attack s. A n o th e r m e th o d th a t atta c k e rs c a n u se to a tta c k a se rv er is b y u sin g th e H T T P flo o d a p p ro a c h . A s a n e x p e rt e th i c a l h a c k e r a n d p e n e tr a ti o n t e s t e r , y o u m u s t b e aw are o f all types o f h a c k in g a tte m p ts 0 11 a w e b serv er. F o r H T T P flo o d in g a tta c k y o u sh o u ld im p le m e n t a n a d v a n c e d te c h n iq u e k n o w n as “ ta rp ittin g ,” w h ic h o n c e esta b lish e d su ccessfu lly w ill set c o n n e c tio n s w in d o w size to few bytes. A c c o rd in g to T C P / I P p ro to c o l d esig n , th e c o n n e c tin g d ev ice w ill initially o n ly se n d as m u c h d ata to targ et as it tak es to fill d ie w in d o w u n til th e serv er re s p o n d s. W ith ta rp ittin g , th e re w ill b e 110 re s p o n s e b a c k to th e p a c k e ts fo r all u n w a n te d H T T P re q u e sts, th e re b y p ro te c tin g y o u r w e b server. L a b O b je c t iv e s T h e o b je c tiv e o f tin s la b is to h e lp s m d e n ts le a r n H T T P flo o d in g d e m a l-o t se rv ic e (D o S ) a tta c k . C E H Lab Manual Page 709 Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  9. 9. M odule 10 - D enial o f S e rv ic e & T o o ls d e m o n s tr a t e d in t h i s la b a r e a v a ila b le in D:CEHT oo lsC E H v 8 M o d u le 1 0 D en ialo f-S e rv ic e L a b E n v ir o n m e n t T o e a rn ’ o u t th is lab , y o u n eed : ■ D oSH T T P to o l lo c a te d a t D :C E H -ToolsC E H v 8 M o d u le 1 0 D enial-ofS e rv ic e ' DDoS A tta c k T o o lsD o S H TTP ■ Y o u c a n a lso d o w n lo a d th e la te s t v e r s io n o f D o S H T T P f r o m th e lin k h ttp : / / w w w .s o c k e ts o f t. 11 e t / ■ I f y o u d e c id e to d o w n lo a d th e l a t e s t v e r s io n , th e n s c r e e n s h o ts s h o w n 111 th e la b m ig h t d if fe r ■ A c o m p u te r m m iu ig W in d o w s S e r v e r 2 0 1 2 as h o s t m a c h in e ■ W in d o w s ■ A w e b b ro w s e r w ith an I n te r n e t c o n n e c tio n ■ A d m in istra tiv e p rivileges to m il to o ls 7 ru n n in g o n v irtu a l m a c liu ie as a tta c k e r m ac liu ie L a b D u r a tio n T u n e : 10 M in u te s O v e r v ie w o f D o S H T T P D o S H T T P is an H T T P H ood d en ial-o f-se rv ic e (D oS ) te stin g to o l fo r W in d o w s. I t in clu d e s U R L v e rific atio n , H T T P re d ire c tio n , a n d p e rfo rm a n c e m o n ito rin g . D o S H T T P u ses m u ltip le a s y n c h ro n o u s so c k ets to p e rf o rm a n e ffectiv e H T T P flo o d . D o S H T T P c a n b e u s e d sim u lta n e o u sly o n m u ltip le clients to e m u la te a d is tn b u te d d e n ial-o f-serv ice (D D o S ) attack . T in s to o l is u s e d b y I T p ro fe ssio n a ls to te s t w e b se rv er p e rfo rm a n c e . Lab T asks 1. 2. D oSH T T P F lo o d in g In sta ll a n d la u n c h D o S H T T P u i W in d o w s S e r v e r 2 0 1 2 . T o la u n c h D o S H T T P , m o v e y o u r m o u s e c u rs o r to lo w e r le ft c o rn e r o f d ie d e s k to p a n d click S ta r t. FIG U RE 2.1: Windows Server 2012 Desktop view C E H Lab Manual Page 710 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  10. 10. M odule 10 - D enial o f S e rv ic e 3. C lick d ie D o S H ttp 2 .5 a p p fro m d ie S t a r t m e n u a p p s to la u n c h d ie p ro g ra m . Adm inistrator ^ Start Cro c c Ur Tf ac Mngr a ae Miilla o Feo irf x * DoSHTTP is an easy to use and powerful HTTP Flood Denial of Service (DoS) Testing Tool for Windows. DoSHTTP includes U R L Verification, H TTP Redirection, Port Designation, Performance Monitoring and Enhanced Reporting. y * © • Cmad om n Po p r mt rr‫־‬ N otefao* r S TP wHT S V n tr tmK Hp fV yo N« kk Wb lc t oC n % ‫וי‬ Cn to e l ■ FIG U R E 2.2: Windows Server 2012 Start Menu Apps T h e D oSH T T P m a in scre e n ap p e a rs as s h o w n 111 th e fo llo w in g figure; 111 d iis lab w e h a v e d e m o n s tra te d trial v e rsio n . C lick T ry to c o n tin u e . | File O p tio n s H elp D T o o ls d e m o n s tr a t e d in t h i s la b a r e a v a ila b le in D:CEHT oo lsC E H v 8 M o d u le 1 0 D en ialo f-S e rv ic e X DoSHTTP 2.5.1 - Socketsoft.net [Loading...] H DoSHTTP Registration H‫־‬ Ta r / U nreq istered V ersion V ( Sa J 3 Close Us [m fry You have 13 days or 3 uses left on your free trial. Enter your Serial Number and click the Register button. 3 Register jSerial Number I C‫׳‬sc 3 r-sr t‫־‬ttD://w w w .so cketsoft. ret‫׳‬ ' 1 R eady FIG U R E 2.3: D oSH TIP main window 5. E n te r d ie U R L o r IP a d d re ss 111 d ie T a r g e t URL field. 6. S elect a U s e r A g e n t, n u m b e r o f S o c k e t s to se n d , a n d th e ty p e o f R e q u e s ts to sen d . C lick S ta r t. 7. C E H Lab Manual Page 711 m DoSHTTP includes Port Designation and Reporting. 111 d iis lab , w e are u sin g W in d o w s 7 I P (10.0.0.7) to flo o d . Ethical Hacking and Countemieasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  11. 11. M odule 10 - D enial o f S e rv ic e H nn^HTTP ? S 1 - W kpfcnft npf [Fvaliiatmn Mnrlp] File O p tio n s *1 H elp DoSH TTP HTTP Flood Denial of S ervice (DoS) Testing Tool Target URL 10.0.0.11 Usei Agent |Mozilla/6.0 (compatible; MSIE 7.0a; Windows NT 5.2; SV1) Sockets Requests 1 500 ▼ Verify URL jStart FloodJ ] ▼ | |Continuous Close httD://www.socketsoft.ret‫'׳‬ Leca D s c a mer Ready -------- !-------------------------- J FIG U R E 2.4: DoSHTTP Flooding N o te: T h e s e I P a d d re sses m a y d iffe r 111 y o u r la b e n v iro n m e n t. 8. C lick OK m th e D o S H T T P e v a lu a tio n p o p -u p . H DoSHTTP 2.5.1 - Socketsoft.net [Evaluation Mode] File y DoSHTTP uses multiple asynchronous sockets to perform an effective H TTP Flood. DoSHTTP can be used simultaneously on multiple clients to emulate a Distributed Denial of Service (DDoS) attack. O p tio n s x H elp DoSHTTP E valuation m o d e w ill o n ly p e rfo rm a m a x im u m o f 10000 requests per session. OK Lees D - S c a rrer t ‫־‬ttD:.|’ , www.soctetsoft.ret/ . ‫׳‬ Ready FIG U R E 2.5: DoSHTTP Evaluation mode pop-up 9. L a u n c h d ie W ir e s h a rk n e tw o rk p ro to c o l an aly zer 111 d ie W in d o w s 7 v irtu a l m a c h in e a n d sta rt its in terfa ce. 10. D o S H T T P sen d s a s y n c h r o n o u s so c k e ts a n d p e rfo rm s H TT P flo o d in g o f d ie y DoSHTTP can help IT Professionals test web server performance and evaluate web server protection software. DoSHTTP was developed by certified IT Security and Software Development professionals C E H Lab Manual Page 712 ta rg e t n etw o rk . 11. G o to V irtu a l m a c h in e , o p e n W ire s h a rk . a n d o b se rv e th a t a lo t o f p a c k e t traffic is c a p tu re d b y W iresh a rk . Ethical Hacking and Countenneasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  12. 12. M odule 10 - D enial o f S e rv ic e ^^t info Mr sf oprt nDv P65lD^C E ^6E88W^ j" pjr gr micooKr oa!oAe!nN^0F 12MAA^4AC 2 Fl £ i View ie d t £0 Capture Analyze S a i t c Telephony Tools I t rnals Help ttsis ne pyai Fle itr No. ojai 1 ‫* ט‬ m » m | |E p e s o . C e r Apply Save ▼ xrsin. la Time Source 81 14.2268530 10.0.0.10 85 85 87 83 89 90 91 92 93 94 95 Dsiain etnto 10.0.0.11 P otocol Length I f r no • * TCP 66 57281 > http [SYN] Sec 14. 9489030 Del 1_c3:c3:cc Broadcast 15.4810940 1 0 .0 .0 .1 0 1 0.0.0.255 15.4812800 fe80: : 38aa: 6390 : 554 f f 02: :1:3 15.4813280 10.0.0.10 224.0.0.252 15. 9012270fe80: :38aa:6390:554ff02: :1:3 15 9013020 10.0.0.10 224.0.0.252 15 9494970 De11_c3:c3:cc Broadcast 16 2313280 10.0.0.10 10.0.0.255 16 9962120 10.0.0.10 10.0.0.255 17 7675600 f p80 : : 38aa : 6390 :5 54 f f 0?: :1 7 18 4547800 D e l1 _c 3 :c3 :c c M icro sof_a8 :7 8 :0 5 ARP NBNS llnnr LLNNR LLNNR llnnr ARP NBNS nbns DHCPv6 ARP 42 who has 10.0.0.13? Te 92 Nam query NB W e PAD<00> 84 standard query 0xfe99 64 stardard query 0xfe99 84 Stardard query 0xfe99 64 stardard query 0xfe99 42 who has 10.0.0.13? T€ 92 N e query NB wpad< am 00> 92 N e query NB WPAD<00>. am 157 S o lic it XTD: 0xa QQ84 C 42 who has 10.0.0.11? T€ w Frane 1: 42 bytes on wire (336 bits). 42 bytes captured (336 bits) on interface 0 • Ethernet I I , src: De11_c3:c3:cc (d4:be:d9:c3:c3:cc), Dst: Broadcast ( f f : f f : f f : f f : f f : f f ) E Address Resolution Protocol (request) 0000 0010 0020 f f f f f f f t f t f f d4 be 0800 06 04 00 01 d4 be 0000 00 00 00 00 Oa 00 d9 c3 c3 cc 08 06 00 01 d9 c3 c3 cc Oa 00 00 Oa 00 O d FIG U R E 26: Wireshark window DoSHTTP can be used simultaneously on multiple clients to emulate a Distributed Denial of Service (DDoS) attack. 12. Y o u see a lo t o l H T T P p a c k e ts are flo o d e d to d ie h o s t m ac h in e . 13. D o S H T T P u se s m u ltip le a s y n c h ro n o u s so ck e ts to p e rf o rm a n H T T P flo o d ag ain st d ie e n te re d n e tw o rk . L a b A n a ly s is A n a ly z e a n d d o c u m e n t d ie resu lts re la te d to d ie lab exercise. T o o l/U tility I n f o r m a tio n C o ll e c te d / O b j e c ti v e s A c h ie v e d D oSH TTP P L E A S E T A L K H T T P p a c k e ts o b s e r v e d flo o d in g th e h o s t m a c h in e T O Y O U R I N S T R U C T O R R E L A T E D T O T H I S I F Y O U H A V E Q U E S T I O N S L A B . Q u e s t io n s E v a lu a te h o w D o S H T T P ca n b e u se d sim u lta n e o u sly o n m u ltip le clients a n d p e rfo rm D D o S attacks. C E H Lab Manual Page 713 Ethical Hacking and Countemieasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  13. 13. M odule 10 - D enial o f S e rv ic e 2. D e te rm in e h o w y o u c a n p re v e n t D o S H T T P attack s 0 11 a n e tw o rk . In te r n e t C o n n e c tio n R e q u ire d □ Y es P la tfo rm S u p p o rte d 0 C E H Lab Manual Page 714 C la s s ro o m 0 !L a b s Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.

×