Previous Thread
Next Thread
Print Thread
Rate Thread
#7516 03/26/02 01:42 PM
Joined: Mar 2002
Posts: 23
Likes: 1
Dartur Offline OP
UGN Newbie
OP Offline
UGN Newbie
Joined: Mar 2002
Posts: 23
Likes: 1
First I want to make sure everyone knows this:

DoS = Denial of Service
DDos = Distributed DoS
DrDoS = Distributed reflected DoS
SYN = The first step in a TCP connection, sent by the client.

SYN/ACK = The second step. The reply from the server after a recieved SYN.

ACK = The third step. The reply from the client after a recived SYN/ACK.

�--The DoS attack--�
ok, the DoS-attack is based on the concept of one computer that sends SYN:s with a false ip-source. Then the server will try to send a SYN/ACK to the false ip, but since the ip is false it won't get a reply. The server will resend the SYN/ACK several times before giving up. That means that the servers possibility to recieve and respond to connections is partially blocked. For example say a server can have 1000 connections open at the same time. When it recieves a false SYN it will only be 999 open. If you send really many false SYN:s at one time you will fill up the servers connection-spots and it will appear to valid user as if the server was offline. Most bigger servers have protection against the DoS attack nowadays.

�--The DDoS attack--�

This is based on the DoS attack, but now you use several computers with a good connection to the net. Then you start pumping false SYN:s to the victim server. But of course this server will have protection against false SYN:s, right? But the router don't. So if there's enough false SYN's pumping in it will occupy the servers bandwidth. And it will for valid users seem like the server is offline. But nowadays it's geting more and more usual that the routers have filters too.

�--The DrDoS attack--�

This is based on the DDoS attack, but this time you won't be pumping SYN:s against the victim server. Having a list of well-connected servers is a must. Then you send small amounts of SYN:s to different servers/routers with the victim servers ip as the source. That will make all the servers to respond as usual with a SYN/ACK and send it to the victim server. This will block the bandwidth of the victims server and it will pass the false SYN-filters. This can be done from many different ports on the different servers so that the router can't just block a port and then get rid of the attack. The server will appear offline to valid users. There aren't any really effective way to stop this attack so far...

�--The thought--�

What if you take it one step further and send the SYN/ACK to a router that will change the source ip to the victims ip and then forward it to another server. That way you could block the bandwidth of the victim with the RST/ACK that occurs when a server gets a SYN/ACK without having sent out any SYN...

// Dartur

laugh


If you think you know something completely, you probably don't know enough.
#7517 03/26/02 03:23 PM
Joined: Mar 2002
Posts: 61
A
AK Offline
Junior Member
Offline
Junior Member
A
Joined: Mar 2002
Posts: 61
well, the DOS attack is not only limited to SYN. It can be a ping-flood or jus a file request from a webserver. Anything that makes the host work hard can be DoS. For example, if you had a website hosted on ur comp with a 56k connection an 5,000 people would try to connect to it at the same time it would crash ur connection.

but thats a good idea u have though. eventhough I would never resort to a DoS attack laugh

#7518 03/26/02 03:29 PM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
Dartur, ONLY POST ONE TOPIC ONCE. This is your only warning.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#7519 03/26/02 07:56 PM
Joined: Mar 2002
Posts: 18
Junior Member
Offline
Junior Member
Joined: Mar 2002
Posts: 18
For those people that post incorrect information on security and networks and thing related, I recommend reading "Security COMPLETE" published by SYBEX, I have the version that covers up to WIN2K, because that was the most up2date at the time. It only cost me 19.99 and its the best book I've ever read on networks/security/and all that good stuff. hehe its 1000+ pages lol

#7520 03/27/02 12:32 AM
Joined: Mar 2002
Posts: 23
Likes: 1
Dartur Offline OP
UGN Newbie
OP Offline
UGN Newbie
Joined: Mar 2002
Posts: 23
Likes: 1
Ak, I just made an example to make everyone understand my thought...

And sorry for that Giz, My ****ing computer crashed yesterday evening right after I pushed submit topic, so I couldn't tell if it had been submitted.. I won't even bother to reinstall any os or anything on that old machine... I've ordered a new comp that will be shipped hopefully this week. So it won't happen again wink

The new one will have winXP and be a AMD Athlon XP 1700+ with 512 rdram and 120gb harddrive and a nice Geforce 3 graphics-card too.. That one will probably not crash that easily laugh

And AK, I would never use a DoS either.. but it's good to figure out the next step so you can be well-protected before other morons brings your servers down.. mad


If you think you know something completely, you probably don't know enough.
#7521 03/27/02 12:37 AM
Joined: Mar 2002
Posts: 61
A
AK Offline
Junior Member
Offline
Junior Member
A
Joined: Mar 2002
Posts: 61
Quote:
Originally posted by Optical-Element:
For those people that post incorrect information on security and networks and thing related, I recommend reading "Security COMPLETE" published by SYBEX, I have the version that covers up to WIN2K, because that was the most up2date at the time. It only cost me 19.99 and its the best book I've ever read on networks/security/and all that good stuff. hehe its 1000+ pages lol



wow, so you read a book. you're ahead of most other people here, hehe. who was the one that posted something thats not true though? You're confusing me. You must understand, not everybody here has read Security Complete and is as experienced as you. Please teach me.

#7522 03/27/02 05:19 AM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
gimem your old one :x i'll pay shipping! (if i have to) lol..


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner

Link Copied to Clipboard
Member Spotlight
Posts: 30
Joined: June 2002
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Crime 1
Ice 1
Dartur 1
Cyrez 1
Powered by UBB.threads™ PHP Forum Software 7.7.5