Shulou(Shulou.com)06/02 Report--

This article mainly explains "what is the meaning of dos attack". Friends who are interested might as well take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn what dos attack means.

The representative attack methods of doS include PingofDeath, TearDrop, UDPflood, SYNflood, LandAttack, IPSpoofingDoS and so on. DoS is a denial of service, and its purpose is to prevent the computer or network from providing normal services.

The operating environment of this tutorial: windows7 system, Dell G3 computer.

DoS is the abbreviation of Denial of Service, that is, denial of service. The attack behavior that causes DoS is called DoS attack. Its purpose is to make the computer or network unable to provide normal services. The most common DoS attacks are computer network broadband attacks and connectivity attacks.

DoS attack refers to deliberately attacking the defects of the network protocol or brutally exhausting the resources of the attacked object directly through savage means. The purpose is to make the target computer or network unable to provide normal services or resource access, and make the target system service system stop responding or even collapse. This attack does not include invading the target server or target network equipment. These service resources include network bandwidth, file system space capacity, open processes, or allowed connections. This kind of attack will lead to the lack of resources, no matter how fast the computer processing speed, memory capacity, how fast the network bandwidth can not avoid the consequences of this attack.

Denial of service attack is a kind of malicious attack which does great harm to the network. Today, the representative attack methods of DoS include PingofDeath, TearDrop, UDPflood, SYNflood, LandAttack, IPSpoofingDoS and so on. Let's see how they come true.

Ping (ping of death) DengKelen of death

ICMP (InternetControlMessageProtocol,Internet Control Information Protocol) is used for error handling and transmission of control information on Internet. The most common ping program is this function. However, there are strict restrictions on the maximum size of the packet in the RFC document of TCP/IP. The TCP/IP protocol stack of many operating systems specifies that the size of the ICMP packet is 64KB, and after reading the header of the packet, it is necessary to generate a buffer for the payload according to the information contained in the header. " PingofDeath "deliberately produces a malformed test Ping (PacketInternetGroper) package, claiming that its size exceeds the ICMP limit, that is, the loaded size exceeds the 64KB limit, resulting in a memory allocation error in the unprotected network system, causing the TCP/IP protocol stack to crash and eventually the receiver downtime.

Teardrop

The teardrop attack implements its own attack by trusting the information contained in the header of the packet in the IP fragment in the TCP/IP stack implementation. The IP segment contains information indicating which segment of the original packet it contains, and some TCP/IP protocol stacks (for example, NT before servicepack4) will crash when they receive fake segments with overlapping offsets.

UDP flooding (UDPflood)

UDPflood attacks: nowadays, UDP (user packet Protocol) is widely used on Internet. Many service devices such as WWW and Mail usually use Unix servers, which open some UDP services maliciously exploited by hackers by default. For example, the echo service will display each packet received, while the chargen service, which was originally used as a test function, will randomly feedback some characters when each packet is received. UDPflood spoofing attacks take advantage of these two simple TCP/IP service loopholes to carry out malicious attacks. By forging a UDP connection with a host's Chargen service, the reply address points to a host with Echo service on, and by referring to Chargen and Echo services, it sends useless and bandwidth-filled junk data back and forth, generating enough useless data streams between the two hosts. This denial of service attack quickly leads to the depletion of available network bandwidth.

SYN flooding (SYNflood)

SYNflood attack: we know that when a user makes a standard TCP (TransmissionControlProtocol) connection, there will be a 3-way handshake. First of all, the requesting server sends a SYN (SynchronizeSequenceNumber) message. After receiving the SYN, the server will send back a SYN-ACK to the requester for confirmation. When the requester receives the SYN-ACK, it will send an ACK message to the server again. This time the TCP connection is established successfully. " SYNFlooding "specifically aims at the TCP protocol stack initializing the connection handshake between two hosts. In the process of implementation, it only carries out the first two steps: when the server receives the SYN-ACK confirmation message from the requester, the requester cannot receive the ACK response due to source address spoofing and other means, so the server will wait for a certain time to receive the requester ACK message." For a server, the available TCP connections are limited because they have only a limited memory buffer for creating connections, and if this buffer is filled with initial information about false connections, the server will stop responding to subsequent connections until the connection attempt in the buffer times out. If the malicious attacker sends such connection requests quickly and continuously, the available TCP connection queue of the server will soon be blocked, the available resources of the system will be sharply reduced, and the available bandwidth of the network will be rapidly reduced. In the long run, except for the requests of a few lucky users who can be answered between a large number of false requests, the server will not be able to provide normal legitimate services to users.

Land (LandAttack) attack

In a Land attack, a hacker uses a specially crafted SYN packet whose original address and destination address are set to a server address. This will cause the receiving server to send a SYN-ACK message to its own address, which in turn sends back an ACK message and creates an empty connection, each of which will remain until it times out, many UNIX will crash under a Land attack, and the NT will become extremely slow (about five minutes).

IP deception

This attack uses the RST bit of the TCP protocol stack and uses IP spoofing to force the server to reset the connection of legitimate users and affect the connection of legitimate users. Suppose a legitimate user (100.100.100.100) has established a normal connection with the server, and the attacker constructs the TCP data of the attack, disguises his IP as 100.100.100.100, and sends a TCP segment with the RST bit to the server. When the server receives such data and thinks there is an error in the connection sent from 100.100.100.100, it empties the established connection in the buffer. At this time, when the legitimate user 100.100.100.100 sends legitimate data, the server no longer has such a connection, and the user is denied service and can only start to establish a new connection.

At this point, I believe you have a deeper understanding of "what is the meaning of dos attack". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.