Ceh v8 labs module 10 denial of service

CEH Lab Manual
Denial of Service
Module 10

Module 10 - Denial of Service
Denial of Service
Denialof Service (DoS) is an attack ona con/pnterornetwork thatprevents
kgitimate use of its resources.
Lab Scenario
111 com puting, a denial-of-service attack (DoS attack) is an attem pt to m ake a
m achine or netw ork resource unavailable to its intended users. A lthough the
m eans to earn* out, m otives for, and targets o f a D oS attack m ay van*, it
generally consists o f the efforts o f one or m ore people to tem porarily 01‫־‬
indefinitely interrupt 01‫־‬ suspend seivices o f a host connected to the Internet.
P erpetrators o f D oS attacks typically target sites 01‫־‬ seivices hosted 011 high-
profile w eb sen‫־‬ers such as banks, credit card paym ent gateways, and even root
nam eseivers. T he term is generally used relating to com puter netw orks, but is
n o t lim ited to tins field; for exam ple, it is also used 111 reference to CPU
resource m anagem ent.
O ne com m on m ethod o f attack involves saturating the target m achine w ith
external com m unications requests, such that it cannot respond to legitim ate
traffic, or responds so slowly as to be rendered essentially unavailable. Such
attacks usually lead to a seiver overload. D em al-of-sen'ice attacks can essentially
disable your com puter 01‫־‬ your netw ork. D oS attacks can be lucrative for
crim inals; recent attacks have show n that D oS attacks a way for cyber crim inals
to profit.
As an expert ethical hacker 01‫־‬ security administrator o f an organization, you
should have sound know ledge o f how denial-of-service and distributed
denial-of-service attacks are carried out, to detect and neutralize attack
handlers, and to mitigate such attacks.
Lab Objectives
T he objective o f tins lab is to help students learn to perform D oS attacks and to
test netw ork for D oS flaws.
111 tliis lab, you will:
■ Create and launch a denial-of-senTice attack to a victim
■ Rem otely adm inister clients
■ Perform a D oS attack by sending a huge am ount o f SYN packets
continuously
I C O N K E Y
Valuable
information
Test your
^ Web exercise
Workbook re
Perform a D oS H T T P attack
Ethical H acking and Countenneasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
C EH Lab M anual Page 703

Lab Environment
T o earn‫־‬ out this, you need:
■ A com puter running W indow Server 2008
■ W indows X P /7 running 111 virtual machine
■ A web browser w ith Internet access
■ Administrative privileges to rnn tools
Lab Duration
Time: 60 Minutes
Overview of Denial of Service
Demal-of-service (DoS) is an attack on a com puter or network that prevents
legitimate use o f its resources. 111 a D oS attack, attackers flood a victim’s system
w ith illegitimate service requests or traffic to overload its resources and prevent it
from perform ing intended tasks.
Lab Tasks
Pick an organization that you feel is w orthy o f your attention. Tins could be an
educational institution, a commercial company, or perhaps a nonprofit charity.
Recom m ended labs to assist you in denial o f service:
■ SYN flooding a target host using hping3
■ H T TP flooding using D oSH TTP
Lab Analysis
Analyze and docum ent the results related to the lab exercise. Give your opinion on
your target’s security posture and exposure.
PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS
RELATED TO THIS LAB.
Ethical H acking and Countermeasures Copyright © by EC-Council
& Tools
demonstrated in
this lab are
available in
D:CEH-
ToolsCEHv8
Module 10 Denial-
of-Service
Overview
C EH Lab M anual Page

SYN Flooding a Target Host Using
hping3
hpingJ is a command-line orientedTCP/IPpacketassembler/ analyser.
■con key Lab Scenario
A SYN flood is a form o f dem al-of-service attack 111 w hich ail attacker sends a
succession of SYN requests to a target's system 111 an attem pt to consum e
enough server resources to m ake the system unresponsive to legitim ate traffic.
A SYN flood attack w orks by not responding to the server w ith the expected
A C K code. T he m alicious client can either simply n ot send the expected A CK ,
or by spoofing the source IP address 111 the SYN, cause the server to send the
SY N -A C K to a falsified IP address, w hich will n o t send an A C K because it
"know s" that it never sent a SYN. T he server will w ait for the
acknow ledgem ent for som e tim e, as sim ple netw ork congestion could also be
the cause o f the m issing A C K , but 111 an attack increasingly large num bers o f
half-open connections will bind resources on the server until no new
connections can be m ade, resulting 111 a denial o f service to legitim ate traffic.
Som e system s m ay also m alfunction badly or even crash if other operating
system functions are starved of resources 111 tins way.
As an expert ethical hacker or security administrator of an organization, you
should have sound know ledge o f denial-of‫־‬service and distributed denial-of-
service attacks and should be able to detect and neutralize attack handlers.
Y ou should use SYN cookies as a counterm easure against the SYN flood w hich
elim inates the resources allocated on the target host.
Lab Objectives
T he objective o f tins lab is to help students learn to perform denial-of-service
attacks and test the netw ork for D oS flaws.
111 tins lab, you will:
■ P erlorm denial-ot-service attacks
■ Send huge am ount o f SYN packets continuously
1^~/ Valuable
information
y*' Test your
knowledge
** Web exercise
m Workbook review
CEH Lab M anual Page 705

Lab Environment
T o earn’ out die k b , you need:
■ A com puter m nning W indows 7 as victim machine
■ BackTrack 5 r3 running 111 virtual m achine as attacker machine
" Wireshark is located at D:CEH-ToolsCEHv8 Module 08 SniffingSniffing
ToolsWireshark
& Tools
demonstrated in
this lab are
available at
D:CEH-
ToolsCEHv8
Module 10 Denial-
of-Service
Lab Duration
Tune: 10 Minutes
Overview of hping3
11p111g3 is a network tool able to send custom T C P /IP packets and to display target
replies like a ping program does with ICM P replies. 11p111g3 handles fragmentation,
arbitrary packets body, and size and can be used 111 order to transfer hies
encapsulated under supported protocols.
Lab Tasks
1. Launch BackTack 5 r3 on the virtual machine.
2. Launch die hingp3 utility horn the BackTrack 5 r3 virtual macliine. Select
BackTrack Menu -> Backtrack -> Information Gathering -> Network
Analysis -> Identify Live Hosts -> Hping3.
rj 3 SunOct 21. 1:34 PM
.!4 NetworkITaffic Analysis
n OSIMTAnalysis>
»!.Route Analysis
K service Fingerprinting-‫־‬
. . . Network Analysis
Web Appl ^ Otrace
‫|ף‬ Database ^ aiiveo
^ Wireless ^ alrvefi
‫־‬, fc; arping
^ (Jetect*new‫־‬ip6
”*b dnmap
^ fping
^ hplng2
hpingj
^ netciscovcf
^ netifera
t
. nmap
^ Pbrj
sctpscan
tiacefi
araceroute
wo»-e
^ zenmap
^^Applications Places System (
V Accessories
►C<. information Gathering
►‫״‬^ | vulnerability Assessment
‫״‬ -# Exploitation Tools
► Pnvilege Escalation
► i| Maintaining Access
• Reverse Engineering
‫ן‬‫״‬ ; RFIDTools
► t j StressIfcsting
forensics
Repotting Tools
^ Graphics
^ internet
SB cyftce
Other
!f, Sound & Videc
System Tools
9 Wine
<< back
— j
Flood SYN Packet
0=5! hping3 is a
command-line oriented
TCP/IP packet
assembler/analyzer.
Figure 1.1: BackTrack 5 r3 Menu
3. The hping3 utility starts 111 die com m and shell.
1y=I Type only hping3
without any argument. If
hping3 was compiled with
Tel scripting capabilities,
you should see a prompt.
C EH Lab M anual Page 706 Ethical H acking and Countenneasures Copyright © by EC-Council

* * root(afbt: -
File Edit View trm in a l Help
> sy n s e t SYN f la g
t ‫־‬ ‫־‬ r s t s e t RST f la g -
* ‫־‬ ‫־‬ p ush s e t PUSH f la g
v a ck s e t ACK f la g
J ‫־‬ ‫־‬ u rg s e t URG f la g
( - ‫־‬ xnas s e t X unused f la g (0x40)
f ynas s e t Y unused f la g (0x80)
■ tcp e x itc o d e u se l a s t tc p -> th f la g s a s e x i t code
tcp-tinestaTp enable th e TCP tim estam p o p tio n to g u e ss th e H Z /u p tin e
(default is 0)d a ta s iz e
d a ta fro n f i l e
add , sig n a tu re *
Bum packets in
enoalt pTO'TOrotSR. | 1
-u ^ e nd t e l l y o trv tttn re a c h e J EOF and p r e v e n t reA ind
•T - • tr a c e r o u te tr a c e r o u te mode ( Im p lie s ••b in d and ‫־‬ ‫־‬ t t l 1)
- - t r - s t o p E x it when r e c e iv e th e f i r s t not ICMP in tr a c e r o u te node
t r <cep t t l Keep th e s o u rc e TTL f ix e d , u s e f u l to n o n ito r ] u s t one hop
* * tr * n o - r tt D o n 't c a lc u la te /s h o w RTT in fo rm a tio n in tr a c e r o u te node
ARS p a c k e t d e s c r ip tio n (new , u n s ta b le )
apd send Send th e p a c k e t d e s c r ib e d w ith apo (se e d o c s/A P O .tx t)
FIGURE 1.2: BackTrack 5 13 Command Shell with hpiug3
4. 111 die com m and shell, type hping3 -S 10.0.0.11 -a 10.0.0.13 -p 22 --
flood and press Enter.
a v * root(abt: -
File Edit View Terminal Help
FIGURE 1.3: BackTrack 5 r3 11ping3 command
5. Li die previous com m and, 10.0.0.11 (Windows 7) is die victim’s maclune
IP address, and 10.0.0.13 (BackTrack 5 r3) is die attacker’s maclune IP
address.
/v v x root(§bt: -
File Edit View *fenminal Help
‫״‬o o te b t:- # hp1ng3 - s 1 0 .0 .0 .1 1 ■a 1 0 .0 .0 .1 3 •p 22 •■ flo o d
HPING 1 0.0 9.11 (ethO 1 0 .6 .0 .1 1 ) : S s e t , 40 h e a d e rs 0 d a ta
hping i n f lo o d n ode, no r e p li e s w ill be shown
<< back track
m First, type a simple
command and see tlie
result: #11ping3.0.0-alpha-
1> hping resolve
www.google.com
66.102.9.104.
m The hping3
command should be called
with a subcommand as a
first argument and
additional arguments
according to die particular
subcommand.
FIGURE 1.4: BackTrack4 Command Shell with 11pi11g3
6. hping3 floods the victim maclune by sending bulk SYN packets and
overloading victim resources.
H=y1 The hping resolve
command is used to
convert a hostname to an
IP address.
Etliical H acking and Countermeasures Copyright © by EC-Council

7. G o to die victim’s machine (Windows 7). Install and launch W ireshark,
and observe the SYN packets.
‫ט‬ Microsoft Corporation: PeviceNPFJ605FlD17-52CF-4EA9-BA6P-5E43A8Dro2DD [Wireshark122 (SVN Rev44520-
Pile Edit View Gc Capture Analyze Statistics Telephony Tools Internals Help
IBTal 0. <a. 0 1m m m »
Destination Protocol Length Info
13‫כ‬ . 1 0 .0 .0 . 1 1 TCP 54 [TCP P e rt num bers re u s e d ] 53620 > ssh [SYN] 5
13‫כ‬ . 54 [TCP P e rt num bers re u s e d ] 53621 > ssh [SYN] S
13‫נ‬ . 1 0 .0 .0 .1 1 TCP 54 [TCP P e rt num bers re u s e d ] 53622 > ssh [SYN ] 5
13‫נ‬ . 1 0 .0 .0 .1 1 TCP 54 [TCP P o rt num bers re u s e d ] 53623 > ssh [SYN ] 5
TCP ■ ff1 i‫־‬M 7 ‫־‬r 3 ^ T T T 1U - tI& Z W W t t 7M 13771■ 3
1 1 0 .0 .0 .1 1 TCP 54 [TCP P o rt num bers re u s e d ] 53625 > ssh [SYN] 51
| Gl Fram e 1 : 54 b y te s o n w ir e (4 3 2 b i t s ) , 54 b y te s c a p tu re d (4 3 2 b i t s ) on in t e r f a c e 0
. E th e rn e t I I , S rc : M ic r o s o f_ a 8 :7 8 :0 7 ( 0 0 : 1 5 : 5 d :a 8 :7 8 :0 7 ) , D s t: M 'c r o s o f_ a 8 :7 8 :0 5 ( 0 0 :1 5 :5 d :a
I E i n t e r n e t P r o to c o l v e r s io n 4 , s r c : 1 0 .0 .0 . 1 3 ( 1 0 . 0 . 0 . 1 3 ) , D s t: 1 0 .0 .0 . 1 1 ( 1 0 .0 . 0 .1 1 )
I j T ra n s m is s io n c o n t r o l P r o t o c o l, s r c P o r t : 11 76 6 (1 1 7 6 6 ), D st P o r t : s s h ( 2 2 ) , s e q : 0 , L e n : 0
. . ] . x . . . ] .X . .. E .
•(• :..®. .............
OOOO 00 15 5d as 78 05 00 15 5d aS 78 07 OS 00 45 00
00 19 00 28 d l 3a 00 00 4 0 06 95 7e Oa 00 00 Od Oa 00
0 0 20 00Ob 2d f 6 00 16 3a a9 09 f c 61 62 d6 d7 50 02
0 0 30 020 0 ee d f 00 00
O File: *CUsenAdminAppDataLocalTemp... Packets: 119311 Displayed: 119311Marke... Profile: Default
FIGURE 1.5: Wireshark with SYN Packets Traffic
You sent huge num ber ol SYN packets, which caused die victim’s machine
to crash.
m 11ping3 was mainly
used as a security tool in
the past. It can be used in
many ways by people who
don't care for security to
test networks and hosts. A
subset of the things you
can do using hping3:
■ Firewall testing
‫י‬ Advanced port scanning
‫י‬ Network testing, using
various protocols, TOS,
fragmentation
■ Manual padi MTU
discovery
■ Advanced traceroute,
under all the supported
protocols
■ Remote OS
fingerprinting
* Remote uptime guessing
■ TCP/IP stacks auditing
Lab Analysis
D ocum ent all die results gadier during die lab.
T o o l/U tility In fo rm a tio n C o lle c te d /O b je c tiv e s A chiev ed
h p in g 3
SYN packets observed over flooding the resources in
victim m achine
In te rn e t C o n n e c tio n R e q u ire d
□ Y es
P latfo rm S u p p o rte d
0 C lassro o m
0 N o
0 1Labs
Ethical H acking and Countem ieasures Copyright © by EC-Council

Lab
HTTP Flooding Using DoSHTTP
DoSHTTP is an HTTP flooddenial-of-service (DoS) testing too!for Windows.
DoSHTTP includesportdesignationand repo!ting.
Lab Scenario
H T TP flooding is an attack that uses enorm ous useless packets to jam a w eb server.
111 tliis paper, we use ludden semi-M arkov models (HSMM) to descnbe W eb-
browsing patterns and detect H T TP flooding attacks. W e first use a large num ber of
legitimate request sequences to train an HSM M model and then use tins legitimate
model to check each incom ing request sequence. Abnorm al W wb traffic whose
likelihood falls into unreasonable range for the legitimate model would be classified
as potential attack traffic and should be controlled with special actions such as
filtering or limiting the traffic. Finally we validate our approach by testing die
m ethod w ith real data. The result shows that our m ethod can detect the anomaly
w eb traffic effectively.
111 the previous lab you learned about SYN flooding using 11p111g3 and the
countermeasures that can be im plem ented to prevent such attacks. A nother m ethod
that attackers can use to attack a server is by using the H T TP flood approach.
As an expert ethical hacker and penetration tester, you m ust be aware of all types
of hacking attem pts on a w eb server. For H T TP flooding attack you should
im plem ent an advanced technique known as “tarpitting,” which once established
successfully will set connections window size to few bytes. According to T C P /IP
protocol design, the connecting device w ill initially only send as m uch data to target
as it takes to fill die window until the server responds. W ith tarpitting , there will be
no response back to the packets for all unwanted H T T P requests, thereby
protecting your w eb server.
Lab Objectives
T he objective o f tins lab is to help sm dents learn H T T P flooding dem al-ot
service (DoS) attack.
I C O N K E Y
/ Valuable
information
.-*v Test your
____knowledge
m. Web exercise

Lab Environment
T o earn’ out this lab, you need:
■ DoSHTTP tool located at D:CEH-ToolsCEHv8 Module 10 Denial-of-
Service' DDoS Attack ToolsDoS HTTP
■ Y ou can also dow nload the latest version o f DoSHTTP from the link
http: / / w w w .socketsoft.net/
■ If you decide to dow nload the latest version, then screenshots show n
111 the lab m ight differ
■ A com puter running Windows Server 2012 as host machine
■ Windows 7 running on virtual m achine as attacker machine
■ A w eb browser w ith an Internet connection
■ Administrative privileges to 11111 tools
Lab Duration
Time: 10 Minutes
Overview of DoSHTTP
D oSH TTP is an H T T P Hood denial-of-service (DoS) testing tool for W indows. It
includes URL verification, H T T P redirection, and perform ance monitoring.
D oSH T T P uses multiple asynchronous sockets to perform an effective H TTP
flood. D oSH T T P can be used simultaneously on multiple clients to emulate a
distnbuted den1al-of-senTice (DDoS) attack. Tins tool is used by IT professionals to
test web sender performance.
Lab Tasks
1. Install and launch D oSH TTP 111 Windows Server 2012.
2. T o launch D oSH TTP, move your m ouse cursor to lower left corner o f die
desktop and click Start.
& Tools
demonstrated in
this lab are
available in
D:CEH-
ToolsCEHv8
Module 10 Denial-
of-Service
DoSHTTP
Flooding
FIGURE 2.1: Windows Server 2012 Desktop view

3. Click die DoSHttp 2.5 app from die Start m enu apps to launch die program.
Start A d m in is tra to r ^
CcroUcr Task Moiilla
Manager Firefox Ctone
* © •
S
Command
Prompt
Notefao*
r r ‫־‬
l
VtmnKtr HypofV Nk «k
WobClcnt
rwSHTTP
‫וי‬% ■
FIGURE 2.2: Windows Server 2012 StartMenu Apps
The DoSHTTP main screen appears as shown 111 the following figure; 111 diis lab
we have dem onstrated trial version. Click Try to continue.
y* DoSHTTP is an easy
to use and powerful HTTP
Flood Denial of Service
(DoS) Testing Tool for
Windows. DoSHTTP
includes URL Verification,
HTTP Redirection, Port
Designation, Performance
Monitoring and Enhanced
Reporting.
H DoSHTTP 2 . 5 . 1 - Socketsoft.net [Loading...] X
| File O ptions Help
D
H ‫־‬
Ta
r
Us
[m
DoSHTTP Registration
/ U nreq istered Version
V You have 13 days or 3 uses left on your free trial.
( f r y J
3
Close
Enter your Serial Number and click the Register button. 3
Sa
jSerial Number Register
I
C‫׳‬s c 3 r-sr t‫־‬ttD://w w w .so cke tso ft.re t‫'׳‬
R e a d y
1
Tools
demonstrated in
this lab are
available in
D:CEH-
ToolsCEHv8
Module 10 Denial-
of-Service
FIGURE 2.3: DoSHTIP main window
5. Enter die URL or IP address 111 die Target URL field.
6. Select a User Agent, num ber o t Sockets to send, and the type of Requests to
send. Click Start.
7. 111 diis lab, we are using W indows 7 IP (10.0.0.7) to flood.
m DoSHTTP includes
Port Designation and
Reporting.
C EH Lab M anual Page 711 Ethical H acking and Countermeasures Copyright © by EC-Council

H nn^HTTP ? S1 - W k p f c n ft npt [Fvalnatinn M n rlp ] *1
File Options Help
DoSHTTP
HTTP Flood Denial of Service (DoS) Testing Tool
Target URL
10.0.0.11
Usei Agent
|Mozilla/6.0 (compatible; MSIE 7.0a; Windows NT 5.2; SV1)
Sockets Requests
1500 ▼| |Continuous ▼] Verify URL jStart FloodJ Close
Laa> D s c a mer httD ://w w w .socketsoft.ret‫'׳‬
Ready ----- !------------------J
FIGURE 2.4: DoSHTTP Flooding
Note: These IP addresses may differ 111 your lab environm ent.
8. Click OK 111 the D oSH T T P evaluation pop-up.
H DoSHTTP 2.5.1 - Socketsoft.net [Evaluation Mode] x
File Options Help
DoSHTTP
Evaluation mode will only perform a maximum of 10000 requests per
session.
OK
Lees D-Sca rrer t‫־‬ttD:.|,.‫׳‬’www.soctetsoft.ret/
Ready
y DoSHTTP uses
multiple asynchronous
sockets to perform an
effective HTTP Flood.
DoSHTTP can be used
simultaneously on multiple
clients to emulate a
Distributed Denial of
Service (DDoS) attack.
FIGURE 2.5: DoSHTTP Evaluation mode pop-up
9. Launch die Wireshark network protocol analyzer 111 die Windows 7 virtual
machine and start its interface.
10. D oSH TTP sends asynchronous sockets and perform s HTTP flooding o f die
target network.
11. G o to Virtual machine, open Wireshark. and observe that a lot o f packet
traffic is captured by Wireshark.
y DoSHTTP can help
IT Professionals test web
server performance and
evaluate web server
protection software.
DoSHTTP was developed
by certified IT Security and
Software Development
professionals
All Rights Reserved. Reproduction is Strictly Prohibited.

^j"^ptjringfromMicrosofKorporat!onADev!nNP^605FlD1^2CMEA^A6^E48A8CW2^
File £dit View £0 Capture Analyze Statistics Telephony Tools Internals Help
pyai ojai 1‫ט‬ * mm »
Filter | ▼| Expression.. Clear Apply Save
No. Time Source Destination Protocol Length Info •*
81 1 4 .2 2 6 8 5 3 0 1 0 .0 .0 . 1 0 1 0 .0 .0 .1 1 TCP 66 57281 > h t t p [SYN] Sec
ARP 42 who has 1 0 .0 .0 .1 3 ? Te
NBNS 92 Name q u e ry NB WPAD<00>
l l n n r 84 s ta n d a rd q u e ry 0 x fe 9 9
LLNNR 64 s ta r d a r d q u e ry 0 x fe 9 9
LLNNR 84 S ta rd a rd q u e ry 0 x fe 9 9
85 14. 9489030 Del I_ c 3 :c 3 : c c B ro ad cast
85 1 5 .4 8 1 0 9 4 0 1 0 .0 .0 . 1 0 1 0 .0 .0 .2 5 5
87 1 5 .4 8 1 2 8 0 0 fe 8 0 : : 3 8 a a : 6390 : 554 f f 0 2 : :1 :3
83 1 5 .4 8 1 3 2 8 0 1 0 .0 .0 . 1 0 2 2 4 .0 .0 .2 5 2
89 15. 9 0 1 2 2 7 0 fe 8 0 : :3 8 a a :6 3 9 0 :5 5 4 ff0 2 : :1 :3
l l n n r 64 s ta r d a r d q u e ry 0 x fe 9 9
ARP 42 who has 1 0 .0 .0 .1 3 ? T€
NBNS 92 Name q u e ry NB w pad<00>
n b n s 92 Name q u e ry NB WPAD<00>.
DHCPv6 157 S o l i c i t XTD: 0 x a QQ84 C
ARP 42 who has 1 0 .0 .0 .1 1 ? T€
2 2 4 .0 .0 .2 5 2
B ro a d c a s t
1 0 .0 .0 .2 5 5
1 0 .0 .0 .2 5 5
90 13 02 0 1 0 .0 .0 . 1 0
94 94 97 0 D e 1 1 _ c 3 :c 3 :c c
23 13 28 0 1 0 .0 .0 . 1 0
99 62 12 0 1 0 .0 .0 . 1 0
76 75 60 0 f p80 : : 38aa : 6390 :5 54 f f 0?: :1 7
45 47 80 0 D e l1 _ c 3 :c 3 :c c M ic ro s o f_ a 8 :7 8 :0 5
90 15
91 15
92 16
93 16
94 17
95 18
w Frane 1: 42 b yte s on w ire (336 b it s ) . 42 b yte s capture d (336 b it s ) on in te r fa c e 0
• E th ern et I I , s r c : D e11_c3:c3:cc (d 4 :b e :d 9 :c 3 :c 3 :c c ), D st: B roa dcast ( f f : f f : f f : f f : f f : f f )
ffi Addrpss R P *0 lu t1 0 n P ro to c o l ( re q u e s t)
00 00 f f f f f f f t f t f f d4 be d9 c3 c3 cc 08 06 00 01
00 10 08 00 06 04 0 0 01 d4 be d 9 c3 c3 cc Oa 0 0 00 Oa
00 20 00 00 00 00 0 0 0 0 Oa 00 0 0 Od
F I G U R E 26: Wireshaik window
12. Y ou see a lot o l H T T P packets are flooded to die host machine.
13. D oSH TTP uses multiple asynchronous sockets to perform an H T TP flood
against die entered network.
Lab Analysis
Analyze and docum ent die results related to the lab exercise.
T o o l/U tility In fo rm a tio n C o lle c te d /O b je c tiv e s A ch iev ed
D o S H T T P H T T P packets observed flooding the host m achine
Questions
Evaluate how D oSH T T P can be used simultaneously on multiple clients
and perform D D oS attacks.
DoSHTTP can be
used simultaneously on
multiple clients to emulate
a Distributed Denial of
Service (DDoS) attack.

2. D eterm ine how you can prevent D oSH TTP attacks 011 a network.
In te rn e t C o n n e ctio n R e q u ired
□ Y es
P latfo rm S u p p o rte d
0 C lassro o m 0 !Labs
Ethical H acking and Countenneasures Copyright © by EC-Council

Ceh v8 labs module 10 denial of service

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Ceh v8 labs module 10 denial of service

Similar to Ceh v8 labs module 10 denial of service (20)

Recently uploaded

Recently uploaded (20)

Ceh v8 labs module 10 denial of service