SlideShare a Scribd company logo

Ceh v8 labs module 10 denial of service

Mehrdad Jingoism
Mehrdad Jingoism
SportsTechnology
1 of 13
Download to read offline
C EH Lab M a n u a l D e n ia l o f S e r v ic e M o d u l e 10
M odule 10 - D enial o f S e rv ic e D e n ia l o f S e r v i c e Denialof Se ic (DoS) isa attack o a c m ue orn t okthatpe e ts rv e n n o p t r ew r rvn le itim teueof its r s uc s g a s eo r e. ICON KEY V a lu a b le in fo r m a tio n L a b S c e n a r io 111 c o m p u tin g , a d e n ia l-o f -s e rv ic e a tta c k (D o S a tta c k ) is a n a tt e m p t to m a k e a m a c h in e o r n e tw o r k re s o u rc e u n a v a ila b le to its in te n d e d u s e rs . A lth o u g h th e Test yo u r m e a n s to earn* o u t, m o tiv e s fo r, a n d ta rg e ts o f a D o S a tta c k m a y van*, it g e n e ra lly c o n s is ts o f th e e f f o r ts o f o n e o r m o r e p e o p le to te m p o ra r ily 0 1 ‫־‬ ^ W e b e x e r c is e W o r k b o o k re in d e fin ite ly in t e r r u p t 0 1 ‫ ־‬s u s p e n d s e iv ic e s o f a h o s t c o n n e c t e d to th e I n te r n e t. P e r p e tr a to r s o f D o S a tta c k s ty p ic a lly ta r g e t sites 0 1 ‫ ־‬s e iv ic e s h o s t e d 0 1 1 h ig h p ro f ile w e b s e n ‫־‬ers s u c h as b a n k s , c r e d it c a rd p a y m e n t g a te w a y s, a n d e v e n r o o t n a m e s e iv e r s . T h e te r m is g e n e ra lly u s e d re la tin g to c o m p u te r n e tw o rk s , b u t is n o t lim ite d to tin s field ; fo r e x a m p le , it is a ls o u s e d 111 r e f e r e n c e to C P U r e s o u r c e m a n a g e m e n t. O n e c o m m o n m e t h o d o f a tta c k in v o lv e s s a tu ra tin g th e ta r g e t m a c h in e w ith e x te r n a l c o m m u n ic a tio n s re q u e s ts , s u c h th a t it c a n n o t r e s p o n d to le g itim a te tra ffic , o r r e s p o n d s so slo w ly as to b e r e n d e r e d e ss e n tia lly u n a v a ila b le . S u c h a tta c k s u su a lly le a d to a s e iv e r o v e rlo a d . D e 111 al-o f-se n * 1 ce a tta c k s c a n e sse n tia lly d is a b le y o u r c o m p u t e r 0 1 ‫ ־‬y o u r n e tw o rk . D o S a tta c k s c a n b e lu c ra tiv e fo r c rim in a ls; r e c e n t a tta c k s h a v e s h o w n th a t D o S a tta c k s a w a y fo r c y b e r c rim in a ls to p ro f it. A s a n e x p e r t e th ic a l h a c k e r 0 1 ‫ ־‬s e c u r i t y a d m i n i s t r a t o r o f a n o rg a n iz a tio n , y o u s h o u ld h a v e s o u n d k n o w le d g e o f h o w d e n ia l - o f - s e r v i c e a n d d i s t r i b u t e d d e n ia l - o f - s e r v i c e a tta c k s a re c a rr ie d o u t, to d e t e c t a n d n e u t r a l i z e a tta c k h a n d le r s , a n d to m i t i g a t e s u c h a tta c k s. L a b O b je c t iv e s T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a r n to p e r f o r m D o S a tta c k s a n d to te s t n e tw o r k fo r D o S flaw s. 1 1 1 d iis la b , y o u w ill: ■ C re a te a n d la u n c h a d e 11 ia l‫־‬o f ‫־‬se 1v ic e a tta c k to a v ic tim ■ R e m o te ly a d m in is te r c lie n ts ■ P e r f o r m a D o S a tta c k b y s e n d in g a h u g e a m o u n t o f S Y N p a c k e ts c o n tin u o u s ly P e r f o r m a D o S H T T P a tta c k C E H Lab Manual Page 703 Ethical Hacking and Countemieasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 10 - D enial o f S e rv ic e & T o o ls d e m o n s tr a t e d in t h i s la b a r e a v a ila b le in D:CEHT oo lsC E H v 8 M o d u le 1 0 D en ialo f-S e rv ic e L a b E n v ir o n m e n t T o e a rn ‫ ־‬o u t th is, y o u n eed : ■ A c o m p u te r ru n n in g W in d o w S e rv e r 2 0 0 8 ■ W in d o w s X P / 7 ru n n in g 111 v irtu a l m a c h in e ■ A w e b b ro w s e r w ith I n te rn e t access ■ A d m in istra tiv e privileges to m n to o ls L a b D u r a tio n T im e: 60 M in u te s O v e r v ie w o f D e n ia l o f S e r v ic e D e n ia l-o f-se rv ic e (D o S ) is a n a tta c k o n a c o m p u te r o r n e tw o rk th a t p r e v e n t s leg itim ate u se o f its re so u rc e s. 111 a D o S attack , atta c k e rs flo o d a v ic tim ’s sy ste m w ith illegitim ate service re q u e s ts o r t r a f f i c to o v e r l o a d its re s o u rc e s a n d p re v e n t it fro m p e rfo rm in g in t e n d e d tasks. Lab T asks O v e rv ie w P ic k a n o rg a n iz a tio n th a t y o u feel is w o rth y o f y o u r a tte n tio n . T in s c o u ld b e an e d u c a tio n a l in s titu tio n , a c o m m e rc ia l c o m p a n y , o r p e rh a p s a n o n p ro f it charity. R e c o m m e n d e d lab s to assist y o u in d en ial o f service: ■ S Y N flo o d in g a ta rg e t h o s t u sin g 11pi11g3 ■ H T T P flo o d in g u sin g D o S H T T P L a b A n a ly s is A n aly ze a n d d o c u m e n t th e resu lts re la te d to th e la b exercise. G iv e y o u r o p in io n o n y o u r ta rg e t’s secu rity p o s tu re a n d e x p o su re . P L E A S E T A L K T O Y O U R I N S T R U C T O R R E L A T E D C E H Lab Manual Page T O T H I S I F Y O U H A V E Q U E S T I O N S L A B . Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 10 - D enial o f S e rv ic e S Y N F lo o d in g a T a r g e t H o s t U s in g h p in g 3 hpingJ is a command-line oriented T C P / IP packet assembler/ analyser. ■ n co k ey 1 ^ ~ / V a lu a b le in fo r m a tio n y *' Test yo ur L a b S c e n a r io A S Y N flo o d is a f o r m o f d e n ia l-o f-s e rv ic e a tta c k 111 w h ic h ail a tta c k e r s e n d s a s u c c e s s io n o l S Y N re q u e s ts to a ta rg e t's s y s te m 111 a n a tt e m p t to c o n s u m e e n o u g h s e rv e r re s o u rc e s to m a k e th e s y s te m u n re s p o n s iv e to le g itim a te tra flic . k n o w le d g e A S Y N flo o d a tta c k w o rk s b y n o t r e s p o n d in g to th e s e r v e r w ith th e e x p e c te d * * W e b e x e r c is e m W o r k b o o k r e v ie w A C K c o d e . T h e m a lic io u s c lie n t c a n e ith e r sim p ly n o t s e n d th e e x p e c te d A C K , o r b y s p o o lin g th e s o u r c e IP a d d re s s 111 th e S Y N , c a u se th e s e r v e r to s e n d th e S Y N -A C K to a fa lsifie d I P a d d re s s , w h ic h w ill n o t s e n d a n A C K b e c a u s e it "k n o w s" th a t it never sen t a SYN. The s e rv e r w ill w a it fo r th e a c k n o w le d g e m e n t f o r s o m e tim e , as s im p le n e tw o r k c o n g e s tio n c o u ld a lso b e th e c a u s e o f th e m is s in g A C K , b u t 111 a n a tta c k in c re a s in g ly la rg e n u m b e r s o f h a lf - o p e n c o n n e c tio n s w ill b in d re so u rc e s on th e s e rv e r u n til no new c o n n e c tio n s c a n b e m a d e , re s u ltin g 111 a d e n ia l o f se rv ic e to le g itim a te tra ffic . S o m e sy s te m s m a y a ls o m a lf u n c tio n b a d ly o r e v e n c ra s h if o th e r o p e r a tin g s y s te m f u n c tio n s a re s ta rv e d o t re s o u rc e s 111 tin s w ay . A s a n e x p e r t e t h i c a l h a c k e r o r s e c u r i t y a d m i n i s t r a t o r o t a n o r g a n iz a tio n , y o u s h o u ld h a v e s o u n d k n o w le d g e o f d e n ia l - o f - s e r v i c e a n d d i s t r i b u t e d d e n ia l-o f s e r v i c e a tta c k s a n d s h o u ld b e a b le to d e t e c t a n d n e u t r a l i z e a tta c k h a n d le rs . Y o u s h o u ld u se S Y N c o o k ie s as a c o u n te r m e a s u r e a g a in s t th e S Y N flo o d w h ic h e lim in a te s th e re s o u rc e s a llo c a te d o n th e ta r g e t h o s t. L a b O b je c t iv e s T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a r n to p e r f o r m d e n ia l-o f-s e rv ic e a tta c k s a n d te s t th e n e tw o r k f o r D o S flaw s. 1 1 1 tin s la b , y o u w ill: ■ ■ C E H Lab Manual Page 705 P e r f o r m d e n ia l-o t-s e r v ic e a tta c k s S e n d h u g e a m o u n t o f S Y N p a c k e ts c o n tin u o u s ly Ethical Hacking and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 10 - D enial o f S e rv ic e & T o o ls d e m o n s tr a t e d in th i s la b a r e a v a ila b le a t D:CEHT oo lsC E H v 8 M o d u le 1 0 D en ialo f-S e rv ic e L a b E n v ir o n m e n t T o e a rn ’ o u t d ie lab , y o u need: ■ A c o m p u te r r u n n in g W in d o w s 7 as v ic tim m a c h in e ■ B a c k T ra c k 5 r3 ru n n in g 111 v irtu a l m a c h in e as a tta c k e r m a c h in e " W ir e s h a rk is lo c a te d a t D :C EH -ToolsC EH v 8 M o d u le 0 8 S n iffin g S n iffin g T oolsV W iresh ark L a b D u r a tio n T u n e : 10 M in u te s O v e r v ie w o f h p in g 3 11pu1g3 is a n e tw o rk to o l ab le to se n d c u s to m T C P / I P p a c k e ts a n d to d isp lay ta rg e t rep lies like a p in g p ro g ra m d o e s w ith IC M P replies. 11pu1g3 h a n d le s fra g m e n ta tio n , a rb itra n ‫ ־‬p a c k e ts b o d y , a n d size a n d c a n b e u s e d u i o rd e r to tra n s fe r hies e n c a p su la te d u n d e r s u p p o r te d p ro to c o ls. Lab T asks — j F lo o d SYN P a c k e t 1. L a u n c h B a c k T a c k 5 r3 o n th e v irtu al m a c h in e . 2. L a u n c h d ie h in g p 3 utility fro m th e B a c k T ra c k 5 r3 v irtu al m a c h in e . S elect B a c k T r a c k M e n u -> B a c k t r a c k -> I n f o r m a tio n G a th e r i n g -> N e tw o r k A n a ly s is -> I d e n tif y L iv e H o s t s -> H p in g 3 . ^^Applications Places System ( r 3 j Sun Oct 21. 1:34 PM V Accessories inform ationG athering ... N ork Analysis etw W Appl ^ eb ^ Graphics ► ‫ ״‬vulnerability Assessment ^| ^ ‫ #- ״‬Exploitation Tools ‫ |ף‬Database ^ aiiveo ► ^ arei lvf internet S B (yfke System Tools 9 Wine Wireless ^ ► i Maintaining Access | Other !f, Sound & Video 0=5! hping3 is a command-line oriented TC P/IP packet assembler/analyzer. Pnvilege Escalation Otrace ‫ ־‬f; arping ,c • ^ Reverse Engineering .!4 Network T a f c Analysis rfi detect*new‫־‬ ip6 ‫ ;ן ״‬RFID Tools ” dnmap *b >n OSIMT Analysis ► tj StressI c t n fsig ^ fping R oute Analysis »!. hplng2 .‫־‬H service Fin erp tin g rin g forensics ^ R eportin T o g o ls hpingj ^ netAscovcr ^ netifera << back . t nmap ^ Pn b j sctpscan t ae rc® traceroute wle o^ zenmap 1y=I Type only hping3 without any argument. If hping3 was compiled with Tel scripting capabilities, you should see a prompt. C E H Lab Manual Page 706 Figure 1.1: BackTrack 5 r3 Menu 3. T h e h p in g 3 u tility starts in d ie c o m m a n d shell. Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 10 - D enial o f S e rv ic e * * root(afbt: - File Edit View trm inal Help > syn set SYN flag < ‫־־‬rst set RST flag * ‫־־‬push set PUSH flag v ack set ACK flag ‫־־‬urg set U flag RG -‫־‬xnas set X unused flag (0x40) ynas set Y unused flag (0x80) ■tcpexitcode use last tcp->th flags as exit code tcp-tinestaTp enable the TCP timestamp option to guess the HZ/uptine J ( f data size data fron file add ,signature* Bum packets in (default is 0) e olt p O O tS . na T 'T ro R mn | 1 -u ^ end te ll you reacheJ EO and prevent reAind F •T -•traceroute traceroute m ode (Implies ••bind and ‫־־‬t t l 1) --tr-stop Exit when receive the firs t not ICMP in traceroute node tr <ccp t t l Keep the source TTL fixed, useful to nonitor ]ust one hop **tr*no-rtt Don't calculate/show RTT information in traceroute node ARS packet description (new, unstable) apd send Send the packet described with apo (see docs/APO.txt) F IG U R E 1.2: BackTrack 5 13 Command Shell with hping3 4. 111 th e c o m m a n d shell, ty p e h p in g 3 - S 1 0 .0 .0 .1 1 - a 1 0 .0 .0 .1 3 - p 2 2 -flo o d a n d p re s s E n te r . m First, type a simple command and see the result: #hping3.0.0-alpha1> hping resolve www.google.com 66.102.9.104. m The hping3 command should be called with a subcommand as a first argument and additional arguments according to die particular subcommand. a v * root(abt: - File Edit View Terminal Help F IG U R E 1.3: BackTrack 5 r3 11ping3 command 5. L i d ie p re v io u s c o m m a n d , 1 0 .0 .0 .1 1 (W in d o w s 7 ) is th e v ic t im ’s m a c h in e IP a d d re ss, a n d 1 0 .0 .0 .1 3 ( B a c k T r a c k 5 r3 ) is th e a t t a c k e r ’s m a c h in e IP ad d ress. /v v x root(§bt: - File Edit View *fenminal Help ‫״‬ootebt:-# hp1ng3 -s 10.0.0.11 ■ 10.0.0.13 • 22 •■flood a p HPING 10.0 9.11 (ethO 10.6.0.11): S set, 40 headers 0 data hping in flood node, no replies w ill be show n << b a c k H y1 The hping resolve = command is used to convert a hostname to an IP address. C E H Lab Manual Page 707 tra c k F IG U R E 1.4: BackTrack4 Command Shell with hping3 6. 11pi11g3 flo o d s th e v ic tim m a c h in e b y se n d in g b u lk S Y N p a c k e ts a n d o v e rlo a d in g v ic tim reso u rc es. Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 10 - D enial o f S e rv ic e 7. G o to d ie v ic tim ’s m a c h in e (W in d o w s 7). In stall a n d la u n c h W ire sh a rk , a n d o b se rv e th e S Y N p ack ets. 12(SVN Rev445202 ‫ ט‬Micro o tC r o a i n PeviceNPFJ605FlD17-52CF-4EA9-BA6P-5E43A8Dro2DD [ i e sf oprto: W r shark Pile Edit View Gc Capture Analyze Statistics Telephony Tools Internals Help 0. < 0 1 m m » a . m IBTal hping3 was mainly used as a security tool in the past. It can be used in many ways by people who don't care for security to test networks and hosts. A subset of the things you can do using hping3: ■ Firewall testing ‫ י‬Advanced port scanning ‫ י‬Network testing, using various protocols, TOS, fragmentation ■ Manual path M TU discovery ■ Advanced traceroute, under all the supported protocols ■ Remote OS fingerprinting * Remote uptime guessing ■ TC P/IP stacks auditing m D estination Protocol Length Info ‫31 .כ‬ ‫31 .כ‬ ‫31 . נ‬ ‫31 . נ‬ 10.0.0.11 TCP 10.0.0.11 10.0.0.11 1 10.0.0.11 TCP TCP TCP TCP |G l . IE Ij 54 [TCP Pert numbers 54 [TCP Pert numbers 54 [TCP Pert numbers 54 [TCP Port numbers ■ ff1i‫ ־‬r 3 ^ T M7‫־‬ 54 [TCP Port numbers reused] reused] reused] reused] T T 1 reused] 53620 53621 53622 53623 > > > > ssh ssh ssh ssh [SYN] 5 [SYN] s [SYN] 5 [SYN] 5 13771■3 53625 > ssh [SYN] 5 1 U-tI& W 7 ZW tt M Frame 1: 54 b/tes on wire (432 b it s ) , 54 bytes captured (432 b its ) on in te rface 0 Ethernet I I , Src: Microsof_a8:78:07 (00:15:5d:a8:78:07), Dst: M'crosof_a8:78:05 (00:15:5d:a Internet Protocol version 4, src: 10.0.0.13 (10.0.0.13), Dst: 10.0.0.11 (10.0.0.11) Transmission control Protocol, src Po rt: 11766 (11766), Dst Port: ssh (22), seq: 0, Len: 0 OO O O 0019 0020 0030 0015 0028 00Ob 0200 5d dl 2d ee as 3a f6 df 78 00 00 00 05 00 15 00 40 06 16 3a a9 00 5d a8 78 07 OS 00 45 00 95 7e Oa 00 00 Od Oa 00 09 f c 61 62 d6 d7 50 02 . .] .x .. . ].X ...E . •(• :..®. —........ O Fl:*CUsenAdminAppDataLocalTemp... P c e s 119311 D s l y d 119311 M r e . P o i e D f u t ie akt: ipae: a k . . rfl: e a l FIG U R E 1.5: Wireshark with SYN Packets Traffic Y o u se n t h u g e n u m b e r o l S Y N p a c k e ts, w h ic h c a u se d d ie v ic tim ’s m a c h in e to crash . L a b A n a ly s is D o c u m e n t all d ie resu lts g a d ie r d u rin g d ie lab. T o o l/U tility I n f o r m a tio n C o ll e c te d / O b j e c ti v e s A c h ie v e d S Y N p a c k e ts o b s e r v e d o v e r flo o d in g th e r e s o u rc e s in h p in g 3 P L E A S E T A L K v ic tim m a c h in e T O Y O U R I N S T R U C T O R R E L A T E D T O T H I S I F Y O U H A V E Q U E S T I O N S L A B . I n te rn e t C o n n e c tio n R e q u ire d □ Y es 0 No P la tfo rm S u p p o rte d 0 C E H Lab Manual Page 708 C la s s ro o m 0 1L a b s Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 10 - D enial o f S e rv ic e Lab H T T P F lo o d in g U s in g D o S H T T P D oS H T T P is an H T T P flood denial-of-service (D oS) testing toolfor Windows. D o S H T T P includesp o rt designation and reporting. ICON KEY L a b S c e n a r io / V a lu a b le in fo r m a tio n H T T P flo o d in g is a n a tta c k th a t u se s e n o rm o u s u seless p a c k e ts to jam a w e b server. 111 tliis p a p e r, w e u se lu d d e n se m i-M a rk o v m o d e ls (H S M M ) to d e s c n b e W e b - .-* v Test yo ur ______ k n o w le d g e b ro w s in g p a tte rn s a n d d e te c t H T T P flo o d in g attack s. W e first u se a large n u m b e r o f leg itim ate re q u e s t seq u e n c e s to tra in a n H S M M m o d e l a n d th e n u se tins leg itim ate m . W e b e x e r c is e m o d e l to c h e c k ea c h in c o m in g re q u e s t se q u en c e . A b n o rm a l W w b traffic w h o se lik e lih o o d falls in to u n re a s o n a b le ra n g e fo r th e leg itim ate m o d e l w o u ld b e classified as p o te n tia l a tta c k traffic a n d sh o u ld b e c o n tro lle d w ith special a ctio n s su c h as filtering 01 ‫ ־‬lim itin g th e traffic. F inally w e v alid ate o u r a p p ro a c h b y te stin g d ie m e th o d w ith real data. T h e re su lt sh o w s th a t o u r m e th o d c a n d e te c t th e a n o m a ly w e b traffic effectively. 111 th e p re v io u s lab y o u le a rn e d a b o u t S Y N flo o d in g u sin g 11p111g3 a n d th e c o u n te rm e a s u re s th a t c a n b e im p le m e n te d to p re v e n t su c h attack s. A n o th e r m e th o d th a t atta c k e rs c a n u se to a tta c k a se rv er is b y u sin g th e H T T P flo o d a p p ro a c h . A s a n e x p e rt e th i c a l h a c k e r a n d p e n e tr a ti o n t e s t e r , y o u m u s t b e aw are o f all types o f h a c k in g a tte m p ts 0 11 a w e b serv er. F o r H T T P flo o d in g a tta c k y o u sh o u ld im p le m e n t a n a d v a n c e d te c h n iq u e k n o w n as “ ta rp ittin g ,” w h ic h o n c e esta b lish e d su ccessfu lly w ill set c o n n e c tio n s w in d o w size to few bytes. A c c o rd in g to T C P / I P p ro to c o l d esig n , th e c o n n e c tin g d ev ice w ill initially o n ly se n d as m u c h d ata to targ et as it tak es to fill d ie w in d o w u n til th e serv er re s p o n d s. W ith ta rp ittin g , th e re w ill b e 110 re s p o n s e b a c k to th e p a c k e ts fo r all u n w a n te d H T T P re q u e sts, th e re b y p ro te c tin g y o u r w e b server. L a b O b je c t iv e s T h e o b je c tiv e o f tin s la b is to h e lp s m d e n ts le a r n H T T P flo o d in g d e m a l-o t se rv ic e (D o S ) a tta c k . C E H Lab Manual Page 709 Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 10 - D enial o f S e rv ic e & T o o ls d e m o n s tr a t e d in t h i s la b a r e a v a ila b le in D:CEHT oo lsC E H v 8 M o d u le 1 0 D en ialo f-S e rv ic e L a b E n v ir o n m e n t T o e a rn ’ o u t th is lab , y o u n eed : ■ D oSH T T P to o l lo c a te d a t D :C E H -ToolsC E H v 8 M o d u le 1 0 D enial-ofS e rv ic e ' DDoS A tta c k T o o lsD o S H TTP ■ Y o u c a n a lso d o w n lo a d th e la te s t v e r s io n o f D o S H T T P f r o m th e lin k h ttp : / / w w w .s o c k e ts o f t. 11 e t / ■ I f y o u d e c id e to d o w n lo a d th e l a t e s t v e r s io n , th e n s c r e e n s h o ts s h o w n 111 th e la b m ig h t d if fe r ■ A c o m p u te r m m iu ig W in d o w s S e r v e r 2 0 1 2 as h o s t m a c h in e ■ W in d o w s ■ A w e b b ro w s e r w ith an I n te r n e t c o n n e c tio n ■ A d m in istra tiv e p rivileges to m il to o ls 7 ru n n in g o n v irtu a l m a c liu ie as a tta c k e r m ac liu ie L a b D u r a tio n T u n e : 10 M in u te s O v e r v ie w o f D o S H T T P D o S H T T P is an H T T P H ood d en ial-o f-se rv ic e (D oS ) te stin g to o l fo r W in d o w s. I t in clu d e s U R L v e rific atio n , H T T P re d ire c tio n , a n d p e rfo rm a n c e m o n ito rin g . D o S H T T P u ses m u ltip le a s y n c h ro n o u s so c k ets to p e rf o rm a n e ffectiv e H T T P flo o d . D o S H T T P c a n b e u s e d sim u lta n e o u sly o n m u ltip le clients to e m u la te a d is tn b u te d d e n ial-o f-serv ice (D D o S ) attack . T in s to o l is u s e d b y I T p ro fe ssio n a ls to te s t w e b se rv er p e rfo rm a n c e . Lab T asks 1. 2. D oSH T T P F lo o d in g In sta ll a n d la u n c h D o S H T T P u i W in d o w s S e r v e r 2 0 1 2 . T o la u n c h D o S H T T P , m o v e y o u r m o u s e c u rs o r to lo w e r le ft c o rn e r o f d ie d e s k to p a n d click S ta r t. FIG U RE 2.1: Windows Server 2012 Desktop view C E H Lab Manual Page 710 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 10 - D enial o f S e rv ic e 3. C lick d ie D o S H ttp 2 .5 a p p fro m d ie S t a r t m e n u a p p s to la u n c h d ie p ro g ra m . Adm inistrator ^ Start Cro c c Ur Tf ac Mngr a ae Miilla o Feo irf x * DoSHTTP is an easy to use and powerful HTTP Flood Denial of Service (DoS) Testing Tool for Windows. DoSHTTP includes U R L Verification, H TTP Redirection, Port Designation, Performance Monitoring and Enhanced Reporting. y * © • Cmad om n Po p r mt rr‫־‬ N otefao* r S TP wHT S V n tr tmK Hp fV yo N« kk Wb lc t oC n % ‫וי‬ Cn to e l ■ FIG U R E 2.2: Windows Server 2012 Start Menu Apps T h e D oSH T T P m a in scre e n ap p e a rs as s h o w n 111 th e fo llo w in g figure; 111 d iis lab w e h a v e d e m o n s tra te d trial v e rsio n . C lick T ry to c o n tin u e . | File O p tio n s H elp D T o o ls d e m o n s tr a t e d in t h i s la b a r e a v a ila b le in D:CEHT oo lsC E H v 8 M o d u le 1 0 D en ialo f-S e rv ic e X DoSHTTP 2.5.1 - Socketsoft.net [Loading...] H DoSHTTP Registration H‫־‬ Ta r / U nreq istered V ersion V ( Sa J 3 Close Us [m fry You have 13 days or 3 uses left on your free trial. Enter your Serial Number and click the Register button. 3 Register jSerial Number I C‫׳‬sc 3 r-sr t‫־‬ttD://w w w .so cketsoft. ret‫׳‬ ' 1 R eady FIG U R E 2.3: D oSH TIP main window 5. E n te r d ie U R L o r IP a d d re ss 111 d ie T a r g e t URL field. 6. S elect a U s e r A g e n t, n u m b e r o f S o c k e t s to se n d , a n d th e ty p e o f R e q u e s ts to sen d . C lick S ta r t. 7. C E H Lab Manual Page 711 m DoSHTTP includes Port Designation and Reporting. 111 d iis lab , w e are u sin g W in d o w s 7 I P (10.0.0.7) to flo o d . Ethical Hacking and Countemieasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 10 - D enial o f S e rv ic e H nn^HTTP ? S 1 - W kpfcnft npf [Fvaliiatmn Mnrlp] File O p tio n s *1 H elp DoSH TTP HTTP Flood Denial of S ervice (DoS) Testing Tool Target URL 10.0.0.11 Usei Agent |Mozilla/6.0 (compatible; MSIE 7.0a; Windows NT 5.2; SV1) Sockets Requests 1 500 ▼ Verify URL jStart FloodJ ] ▼ | |Continuous Close httD://www.socketsoft.ret‫'׳‬ Leca D s c a mer Ready -------- !-------------------------- J FIG U R E 2.4: DoSHTTP Flooding N o te: T h e s e I P a d d re sses m a y d iffe r 111 y o u r la b e n v iro n m e n t. 8. C lick OK m th e D o S H T T P e v a lu a tio n p o p -u p . H DoSHTTP 2.5.1 - Socketsoft.net [Evaluation Mode] File y DoSHTTP uses multiple asynchronous sockets to perform an effective H TTP Flood. DoSHTTP can be used simultaneously on multiple clients to emulate a Distributed Denial of Service (DDoS) attack. O p tio n s x H elp DoSHTTP E valuation m o d e w ill o n ly p e rfo rm a m a x im u m o f 10000 requests per session. OK Lees D - S c a rrer t ‫־‬ttD:.|’ , www.soctetsoft.ret/ . ‫׳‬ Ready FIG U R E 2.5: DoSHTTP Evaluation mode pop-up 9. L a u n c h d ie W ir e s h a rk n e tw o rk p ro to c o l an aly zer 111 d ie W in d o w s 7 v irtu a l m a c h in e a n d sta rt its in terfa ce. 10. D o S H T T P sen d s a s y n c h r o n o u s so c k e ts a n d p e rfo rm s H TT P flo o d in g o f d ie y DoSHTTP can help IT Professionals test web server performance and evaluate web server protection software. DoSHTTP was developed by certified IT Security and Software Development professionals C E H Lab Manual Page 712 ta rg e t n etw o rk . 11. G o to V irtu a l m a c h in e , o p e n W ire s h a rk . a n d o b se rv e th a t a lo t o f p a c k e t traffic is c a p tu re d b y W iresh a rk . Ethical Hacking and Countenneasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
M odule 10 - D enial o f S e rv ic e ^^t info Mr sf oprt nDv P65lD^C E ^6E88W^ j" pjr gr micooKr oa!oAe!nN^0F 12MAA^4AC 2 Fl £ i View ie d t £0 Capture Analyze S a i t c Telephony Tools I t rnals Help ttsis ne pyai Fle itr No. ojai 1 ‫* ט‬ m » m | |E p e s o . C e r Apply Save ▼ xrsin. la Time Source 81 14.2268530 10.0.0.10 85 85 87 83 89 90 91 92 93 94 95 Dsiain etnto 10.0.0.11 P otocol Length I f r no • * TCP 66 57281 > http [SYN] Sec 14. 9489030 Del 1_c3:c3:cc Broadcast 15.4810940 1 0 .0 .0 .1 0 1 0.0.0.255 15.4812800 fe80: : 38aa: 6390 : 554 f f 02: :1:3 15.4813280 10.0.0.10 224.0.0.252 15. 9012270fe80: :38aa:6390:554ff02: :1:3 15 9013020 10.0.0.10 224.0.0.252 15 9494970 De11_c3:c3:cc Broadcast 16 2313280 10.0.0.10 10.0.0.255 16 9962120 10.0.0.10 10.0.0.255 17 7675600 f p80 : : 38aa : 6390 :5 54 f f 0?: :1 7 18 4547800 D e l1 _c 3 :c3 :c c M icro sof_a8 :7 8 :0 5 ARP NBNS llnnr LLNNR LLNNR llnnr ARP NBNS nbns DHCPv6 ARP 42 who has 10.0.0.13? Te 92 Nam query NB W e PAD<00> 84 standard query 0xfe99 64 stardard query 0xfe99 84 Stardard query 0xfe99 64 stardard query 0xfe99 42 who has 10.0.0.13? T€ 92 N e query NB wpad< am 00> 92 N e query NB WPAD<00>. am 157 S o lic it XTD: 0xa QQ84 C 42 who has 10.0.0.11? T€ w Frane 1: 42 bytes on wire (336 bits). 42 bytes captured (336 bits) on interface 0 • Ethernet I I , src: De11_c3:c3:cc (d4:be:d9:c3:c3:cc), Dst: Broadcast ( f f : f f : f f : f f : f f : f f ) E Address Resolution Protocol (request) 0000 0010 0020 f f f f f f f t f t f f d4 be 0800 06 04 00 01 d4 be 0000 00 00 00 00 Oa 00 d9 c3 c3 cc 08 06 00 01 d9 c3 c3 cc Oa 00 00 Oa 00 O d FIG U R E 26: Wireshark window DoSHTTP can be used simultaneously on multiple clients to emulate a Distributed Denial of Service (DDoS) attack. 12. Y o u see a lo t o l H T T P p a c k e ts are flo o d e d to d ie h o s t m ac h in e . 13. D o S H T T P u se s m u ltip le a s y n c h ro n o u s so ck e ts to p e rf o rm a n H T T P flo o d ag ain st d ie e n te re d n e tw o rk . L a b A n a ly s is A n a ly z e a n d d o c u m e n t d ie resu lts re la te d to d ie lab exercise. T o o l/U tility I n f o r m a tio n C o ll e c te d / O b j e c ti v e s A c h ie v e d D oSH TTP P L E A S E T A L K H T T P p a c k e ts o b s e r v e d flo o d in g th e h o s t m a c h in e T O Y O U R I N S T R U C T O R R E L A T E D T O T H I S I F Y O U H A V E Q U E S T I O N S L A B . Q u e s t io n s E v a lu a te h o w D o S H T T P ca n b e u se d sim u lta n e o u sly o n m u ltip le clients a n d p e rfo rm D D o S attacks. C E H Lab Manual Page 713 Ethical Hacking and Countemieasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 10 - D enial o f S e rv ic e 2. D e te rm in e h o w y o u c a n p re v e n t D o S H T T P attack s 0 11 a n e tw o rk . In te r n e t C o n n e c tio n R e q u ire d □ Y es P la tfo rm S u p p o rte d 0 C E H Lab Manual Page 714 C la s s ro o m 0 !L a b s Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.

Recommended

Ceh v8 labs module 12 hacking webservers
Ceh v8 labs module 12 hacking webserversCeh v8 labs module 12 hacking webservers
Ceh v8 labs module 12 hacking webserversMehrdad Jingoism
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingMehrdad Jingoism
 
Ceh v8 labs module 18 buffer overflow
Ceh v8 labs module 18 buffer overflowCeh v8 labs module 18 buffer overflow
Ceh v8 labs module 18 buffer overflowMehrdad Jingoism
 
Ceh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsCeh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsMehrdad Jingoism
 
Maurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio Taffone
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyMehrdad Jingoism
 
4 IATA Training
4 IATA Training4 IATA Training
4 IATA TrainingMohamed Tayfour
 
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Ahmad Sakib
 

Recommended

Ceh v8 labs module 12 hacking webservers
Ceh v8 labs module 12 hacking webserversCeh v8 labs module 12 hacking webservers
Ceh v8 labs module 12 hacking webserversMehrdad Jingoism
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingMehrdad Jingoism
 
Ceh v8 labs module 18 buffer overflow
Ceh v8 labs module 18 buffer overflowCeh v8 labs module 18 buffer overflow
Ceh v8 labs module 18 buffer overflowMehrdad Jingoism
 
Ceh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsCeh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsMehrdad Jingoism
 
Maurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio Taffone
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyMehrdad Jingoism
 
4 IATA Training
4 IATA Training4 IATA Training
4 IATA TrainingMohamed Tayfour
 
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Ahmad Sakib
 
Metodo de einsten capacidad de transporte
Metodo de einsten capacidad de transporteMetodo de einsten capacidad de transporte
Metodo de einsten capacidad de transporteWaldo Ruben Santander Quispe
 
H3LP DTR V.2.0.
H3LP DTR V.2.0.H3LP DTR V.2.0.
H3LP DTR V.2.0.Kocsis Gabor
 
Hoja de vida jogc
Hoja de vida jogcHoja de vida jogc
Hoja de vida jogcjogc62
 
YIEF-2011
YIEF-2011YIEF-2011
YIEF-2011youthforum
 
Lap machine manual
Lap machine manualLap machine manual
Lap machine manualMuqthiar Ali
 
Certificates and Credentials new
Certificates and Credentials newCertificates and Credentials new
Certificates and Credentials newsidharthbiswas9185
 
L4G_2015_BROCHURE
L4G_2015_BROCHUREL4G_2015_BROCHURE
L4G_2015_BROCHUREAndrew Grimstone
 
Transcripts and PC
Transcripts and PCTranscripts and PC
Transcripts and PCAkshay Padwal
 
Informing Innovation: Contextual Investigation for Effective Academic Technol...
Informing Innovation: Contextual Investigation for Effective Academic Technol...Informing Innovation: Contextual Investigation for Effective Academic Technol...
Informing Innovation: Contextual Investigation for Effective Academic Technol...char booth
 
portfolio2014_StK-s
portfolio2014_StK-sportfolio2014_StK-s
portfolio2014_StK-sStephen Kelleher
 
Francis cv 27 05-2013
Francis cv 27 05-2013Francis cv 27 05-2013
Francis cv 27 05-2013Francis Bell
 
Jm future of system verilog verification
Jm future of system verilog verificationJm future of system verilog verification
Jm future of system verilog verificationObsidian Software
 
The1101 experiment handbook 2020
The1101 experiment handbook 2020The1101 experiment handbook 2020
The1101 experiment handbook 2020Paul MacFarlane
 
Piotr Szotkowski about "Ruby smells"
Piotr Szotkowski about "Ruby smells"Piotr Szotkowski about "Ruby smells"
Piotr Szotkowski about "Ruby smells"Pivorak MeetUp
 
Survey analysis
Survey analysisSurvey analysis
Survey analysisAlexSexton
 
ground water contamination
ground water contaminationground water contamination
ground water contaminationAnushkeMadurawala
 
All guidance live.pdf. try it >>> https://bit.ly/3HEXGsi
All guidance live.pdf. try it >>> https://bit.ly/3HEXGsi All guidance live.pdf. try it >>> https://bit.ly/3HEXGsi
All guidance live.pdf. try it >>> https://bit.ly/3HEXGsi Bossmancyfer
 
Untitled-1
Untitled-1Untitled-1
Untitled-1Nelson Tseng
 
Apt oct-2014
Apt oct-2014Apt oct-2014
Apt oct-2014nghia le trung
 
Jergsestadual
JergsestadualJergsestadual
Jergsestadualemefbompastor
 
Maturação Esquelética: Criança,Infantil,Juvenil,Processo Morfológico para Tod...
Maturação Esquelética: Criança,Infantil,Juvenil,Processo Morfológico para Tod...Maturação Esquelética: Criança,Infantil,Juvenil,Processo Morfológico para Tod...
Maturação Esquelética: Criança,Infantil,Juvenil,Processo Morfológico para Tod...Van Der Häägen Brazil
 
Page furniture
Page furniturePage furniture
Page furnitureMelchiorre Ruvolo
 

More Related Content

What's hot

Hoja de vida jogc
Hoja de vida jogcHoja de vida jogc
Hoja de vida jogcjogc62
 
Lap machine manual
Lap machine manualLap machine manual
Lap machine manualMuqthiar Ali
 
Certificates and Credentials new
Certificates and Credentials newCertificates and Credentials new
Certificates and Credentials newsidharthbiswas9185
 
Informing Innovation: Contextual Investigation for Effective Academic Technol...
Informing Innovation: Contextual Investigation for Effective Academic Technol...Informing Innovation: Contextual Investigation for Effective Academic Technol...
Informing Innovation: Contextual Investigation for Effective Academic Technol...char booth
 
Francis cv 27 05-2013
Francis cv 27 05-2013Francis cv 27 05-2013
Francis cv 27 05-2013Francis Bell
 
Jm future of system verilog verification
Jm future of system verilog verificationJm future of system verilog verification
Jm future of system verilog verificationObsidian Software
 
The1101 experiment handbook 2020
The1101 experiment handbook 2020The1101 experiment handbook 2020
The1101 experiment handbook 2020Paul MacFarlane
 
Piotr Szotkowski about "Ruby smells"
Piotr Szotkowski about "Ruby smells"Piotr Szotkowski about "Ruby smells"
Piotr Szotkowski about "Ruby smells"Pivorak MeetUp
 
Survey analysis
Survey analysisSurvey analysis
Survey analysisAlexSexton
 
All guidance live.pdf. try it >>> https://bit.ly/3HEXGsi
All guidance live.pdf. try it >>> https://bit.ly/3HEXGsi All guidance live.pdf. try it >>> https://bit.ly/3HEXGsi
All guidance live.pdf. try it >>> https://bit.ly/3HEXGsi Bossmancyfer
 

What's hot (18)

Metodo de einsten capacidad de transporte
Metodo de einsten capacidad de transporteMetodo de einsten capacidad de transporte
Metodo de einsten capacidad de transporte
 
H3LP DTR V.2.0.
H3LP DTR V.2.0.H3LP DTR V.2.0.
H3LP DTR V.2.0.
 
Hoja de vida jogc
Hoja de vida jogcHoja de vida jogc
Hoja de vida jogc
 
YIEF-2011
YIEF-2011YIEF-2011
YIEF-2011
 
Lap machine manual
Lap machine manualLap machine manual
Lap machine manual
 
Certificates and Credentials new
Certificates and Credentials newCertificates and Credentials new
Certificates and Credentials new
 
L4G_2015_BROCHURE
L4G_2015_BROCHUREL4G_2015_BROCHURE
L4G_2015_BROCHURE
 
Transcripts and PC
Transcripts and PCTranscripts and PC
Transcripts and PC
 
Informing Innovation: Contextual Investigation for Effective Academic Technol...
Informing Innovation: Contextual Investigation for Effective Academic Technol...Informing Innovation: Contextual Investigation for Effective Academic Technol...
Informing Innovation: Contextual Investigation for Effective Academic Technol...
 
portfolio2014_StK-s
portfolio2014_StK-sportfolio2014_StK-s
portfolio2014_StK-s
 
Francis cv 27 05-2013
Francis cv 27 05-2013Francis cv 27 05-2013
Francis cv 27 05-2013
 
Jm future of system verilog verification
Jm future of system verilog verificationJm future of system verilog verification
Jm future of system verilog verification
 
The1101 experiment handbook 2020
The1101 experiment handbook 2020The1101 experiment handbook 2020
The1101 experiment handbook 2020
 
Piotr Szotkowski about "Ruby smells"
Piotr Szotkowski about "Ruby smells"Piotr Szotkowski about "Ruby smells"
Piotr Szotkowski about "Ruby smells"
 
Survey analysis
Survey analysisSurvey analysis
Survey analysis
 
ground water contamination
ground water contaminationground water contamination
ground water contamination
 
All guidance live.pdf. try it >>> https://bit.ly/3HEXGsi
All guidance live.pdf. try it >>> https://bit.ly/3HEXGsi All guidance live.pdf. try it >>> https://bit.ly/3HEXGsi
All guidance live.pdf. try it >>> https://bit.ly/3HEXGsi
 
Untitled-1
Untitled-1Untitled-1
Untitled-1
 

Viewers also liked

Maturação Esquelética: Criança,Infantil,Juvenil,Processo Morfológico para Tod...
Maturação Esquelética: Criança,Infantil,Juvenil,Processo Morfológico para Tod...Maturação Esquelética: Criança,Infantil,Juvenil,Processo Morfológico para Tod...
Maturação Esquelética: Criança,Infantil,Juvenil,Processo Morfológico para Tod...Van Der Häägen Brazil
 
Confirmando a diferença positiva de criança, infantil,juvenil tratadas e não ...
Confirmando a diferença positiva de criança, infantil,juvenil tratadas e não ...Confirmando a diferença positiva de criança, infantil,juvenil tratadas e não ...
Confirmando a diferença positiva de criança, infantil,juvenil tratadas e não ...Van Der Häägen Brazil
 
R vrac nro_636_2013_unfv
R vrac nro_636_2013_unfvR vrac nro_636_2013_unfv
R vrac nro_636_2013_unfvVrac Unfv
 
Pantalla capturada fanny
Pantalla capturada fannyPantalla capturada fanny
Pantalla capturada fannyfanny chicaiza
 
Lodha lakeshore greens palava city mumbai
Lodha lakeshore greens palava city mumbaiLodha lakeshore greens palava city mumbai
Lodha lakeshore greens palava city mumbaiSettlers India.com
 
Mutações Gene do Receptor do Fator de Crescimento Insulina Símile 1; Baixa Es...
Mutações Gene do Receptor do Fator de Crescimento Insulina Símile 1; Baixa Es...Mutações Gene do Receptor do Fator de Crescimento Insulina Símile 1; Baixa Es...
Mutações Gene do Receptor do Fator de Crescimento Insulina Símile 1; Baixa Es...Van Der Häägen Brazil
 
ネットショップセミナー Ginzamarkets資料 20140424
ネットショップセミナー Ginzamarkets資料 20140424ネットショップセミナー Ginzamarkets資料 20140424
ネットショップセミナー Ginzamarkets資料 20140424DemandSphere
 
Способы словообразования в английском языке
Способы словообразования в английском языкеСпособы словообразования в английском языке
Способы словообразования в английском языкеТатьяна Тихорнова
 
Mr.田口のフィンランドレポート
Mr.田口のフィンランドレポートMr.田口のフィンランドレポート
Mr.田口のフィンランドレポートsomeken
 
VELOPOINT: Перший перехоплюючий велосипедний паркінг в Києві
VELOPOINT: Перший перехоплюючий велосипедний паркінг в КиєвіVELOPOINT: Перший перехоплюючий велосипедний паркінг в Києві
VELOPOINT: Перший перехоплюючий велосипедний паркінг в КиєвіViktor Zagreba
 
Paix Chez Nos Amis
Paix Chez Nos AmisPaix Chez Nos Amis
Paix Chez Nos AmisBryagh
 
Bienala tinerilor artiști, ediția a vi a, 2014 - 2015 - anunț simpozion teore...
Bienala tinerilor artiști, ediția a vi a, 2014 - 2015 - anunț simpozion teore...Bienala tinerilor artiști, ediția a vi a, 2014 - 2015 - anunț simpozion teore...
Bienala tinerilor artiști, ediția a vi a, 2014 - 2015 - anunț simpozion teore...Emanuel Pope
 
Musni Umar: Peran Pemimpin dan Pentingnya Membangun Masyarakat Madani
Musni Umar: Peran Pemimpin dan Pentingnya Membangun Masyarakat Madani Musni Umar: Peran Pemimpin dan Pentingnya Membangun Masyarakat Madani
Musni Umar: Peran Pemimpin dan Pentingnya Membangun Masyarakat Madani musniumar
 
Mi guia para mi evaluacion NIVEL MEDIO SUPERIOR
Mi guia para mi evaluacion NIVEL MEDIO SUPERIORMi guia para mi evaluacion NIVEL MEDIO SUPERIOR
Mi guia para mi evaluacion NIVEL MEDIO SUPERIORRodolfo Leyva
 
Crescer;Diagnóstico Baixa Estatura Patológica não deve ser Baseado em Única M...
Crescer;Diagnóstico Baixa Estatura Patológica não deve ser Baseado em Única M...Crescer;Diagnóstico Baixa Estatura Patológica não deve ser Baseado em Única M...
Crescer;Diagnóstico Baixa Estatura Patológica não deve ser Baseado em Única M...Van Der Häägen Brazil
 
πληροφοριακός οδηγός σπουδών γενικού λυκείου 141012
πληροφοριακός οδηγός σπουδών γενικού λυκείου 141012πληροφοριακός οδηγός σπουδών γενικού λυκείου 141012
πληροφοριακός οδηγός σπουδών γενικού λυκείου 141012bloggdg
 
『障害年金というヒント』
『障害年金というヒント』『障害年金というヒント』
『障害年金というヒント』Naoki Sugiura
 

Viewers also liked (20)

Apt oct-2014
Apt oct-2014Apt oct-2014
Apt oct-2014
 
Jergsestadual
JergsestadualJergsestadual
Jergsestadual
 
Maturação Esquelética: Criança,Infantil,Juvenil,Processo Morfológico para Tod...
Maturação Esquelética: Criança,Infantil,Juvenil,Processo Morfológico para Tod...Maturação Esquelética: Criança,Infantil,Juvenil,Processo Morfológico para Tod...
Maturação Esquelética: Criança,Infantil,Juvenil,Processo Morfológico para Tod...
 
Page furniture
Page furniturePage furniture
Page furniture
 
Confirmando a diferença positiva de criança, infantil,juvenil tratadas e não ...
Confirmando a diferença positiva de criança, infantil,juvenil tratadas e não ...Confirmando a diferença positiva de criança, infantil,juvenil tratadas e não ...
Confirmando a diferença positiva de criança, infantil,juvenil tratadas e não ...
 
R vrac nro_636_2013_unfv
R vrac nro_636_2013_unfvR vrac nro_636_2013_unfv
R vrac nro_636_2013_unfv
 
Pantalla capturada fanny
Pantalla capturada fannyPantalla capturada fanny
Pantalla capturada fanny
 
Lodha lakeshore greens palava city mumbai
Lodha lakeshore greens palava city mumbaiLodha lakeshore greens palava city mumbai
Lodha lakeshore greens palava city mumbai
 
Mutações Gene do Receptor do Fator de Crescimento Insulina Símile 1; Baixa Es...
Mutações Gene do Receptor do Fator de Crescimento Insulina Símile 1; Baixa Es...Mutações Gene do Receptor do Fator de Crescimento Insulina Símile 1; Baixa Es...
Mutações Gene do Receptor do Fator de Crescimento Insulina Símile 1; Baixa Es...
 
ネットショップセミナー Ginzamarkets資料 20140424
ネットショップセミナー Ginzamarkets資料 20140424ネットショップセミナー Ginzamarkets資料 20140424
ネットショップセミナー Ginzamarkets資料 20140424
 
Способы словообразования в английском языке
Способы словообразования в английском языкеСпособы словообразования в английском языке
Способы словообразования в английском языке
 
Mr.田口のフィンランドレポート
Mr.田口のフィンランドレポートMr.田口のフィンランドレポート
Mr.田口のフィンランドレポート
 
VELOPOINT: Перший перехоплюючий велосипедний паркінг в Києві
VELOPOINT: Перший перехоплюючий велосипедний паркінг в КиєвіVELOPOINT: Перший перехоплюючий велосипедний паркінг в Києві
VELOPOINT: Перший перехоплюючий велосипедний паркінг в Києві
 
Paix Chez Nos Amis
Paix Chez Nos AmisPaix Chez Nos Amis
Paix Chez Nos Amis
 
Bienala tinerilor artiști, ediția a vi a, 2014 - 2015 - anunț simpozion teore...
Bienala tinerilor artiști, ediția a vi a, 2014 - 2015 - anunț simpozion teore...Bienala tinerilor artiști, ediția a vi a, 2014 - 2015 - anunț simpozion teore...
Bienala tinerilor artiști, ediția a vi a, 2014 - 2015 - anunț simpozion teore...
 
Musni Umar: Peran Pemimpin dan Pentingnya Membangun Masyarakat Madani
Musni Umar: Peran Pemimpin dan Pentingnya Membangun Masyarakat Madani Musni Umar: Peran Pemimpin dan Pentingnya Membangun Masyarakat Madani
Musni Umar: Peran Pemimpin dan Pentingnya Membangun Masyarakat Madani
 
Mi guia para mi evaluacion NIVEL MEDIO SUPERIOR
Mi guia para mi evaluacion NIVEL MEDIO SUPERIORMi guia para mi evaluacion NIVEL MEDIO SUPERIOR
Mi guia para mi evaluacion NIVEL MEDIO SUPERIOR
 
Crescer;Diagnóstico Baixa Estatura Patológica não deve ser Baseado em Única M...
Crescer;Diagnóstico Baixa Estatura Patológica não deve ser Baseado em Única M...Crescer;Diagnóstico Baixa Estatura Patológica não deve ser Baseado em Única M...
Crescer;Diagnóstico Baixa Estatura Patológica não deve ser Baseado em Única M...
 
πληροφοριακός οδηγός σπουδών γενικού λυκείου 141012
πληροφοριακός οδηγός σπουδών γενικού λυκείου 141012πληροφοριακός οδηγός σπουδών γενικού λυκείου 141012
πληροφοριακός οδηγός σπουδών γενικού λυκείου 141012
 
『障害年金というヒント』
『障害年金というヒント』『障害年金というヒント』
『障害年金というヒント』
 

Similar to Ceh v8 labs module 10 denial of service

From Data to Knowledge
From Data to KnowledgeFrom Data to Knowledge
From Data to KnowledgeFabien Richard
 
Towards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJUTowards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJUPhil Vincent
 
Allora USA - Get Best Sinks and Faucets
Allora USA - Get Best Sinks and FaucetsAllora USA - Get Best Sinks and Faucets
Allora USA - Get Best Sinks and FaucetsAlloraUSAblogs
 
Aisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cvAisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cvAisha Isaacs
 
Scanned by CamScannerO n e o f S w ia liz e ď s e x .docx
Scanned by CamScannerO n e o f S w ia liz e ď s e x .docxScanned by CamScannerO n e o f S w ia liz e ď s e x .docx
Scanned by CamScannerO n e o f S w ia liz e ď s e x .docxanhlodge
 
TELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMTELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMShailesh kumar
 
Week 4 Assignment 2Self-assessment of Communication Skills.docx
Week 4 Assignment 2Self-assessment of Communication Skills.docxWeek 4 Assignment 2Self-assessment of Communication Skills.docx
Week 4 Assignment 2Self-assessment of Communication Skills.docxmelbruce90096
 
Scanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docxScanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docxkenjordan97598
 
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docxScanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docxkenjordan97598
 
School Violence and student
School Violence and studentSchool Violence and student
School Violence and studentacastane
 
Collaborative technology in a 1:1 world
Collaborative technology in a 1:1 worldCollaborative technology in a 1:1 world
Collaborative technology in a 1:1 worldHarry van der Veen
 
Dr. Frances Elliot
Dr. Frances ElliotDr. Frances Elliot
Dr. Frances ElliotInvestnet
 
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesAltair
 
Diapositivas seminario biologia molecular .pdf
Diapositivas seminario biologia molecular .pdfDiapositivas seminario biologia molecular .pdf
Diapositivas seminario biologia molecular .pdfNataliaFlrezSalazar
 
Lesson outline the 21 demands
Lesson outline the 21 demandsLesson outline the 21 demands
Lesson outline the 21 demandsRyan Campbell
 

Similar to Ceh v8 labs module 10 denial of service (20)

From Data to Knowledge
From Data to KnowledgeFrom Data to Knowledge
From Data to Knowledge
 
Towards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJUTowards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJU
 
Allora USA - Get Best Sinks and Faucets
Allora USA - Get Best Sinks and FaucetsAllora USA - Get Best Sinks and Faucets
Allora USA - Get Best Sinks and Faucets
 
Aisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cvAisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cv
 
Scanned by CamScannerO n e o f S w ia liz e ď s e x .docx
Scanned by CamScannerO n e o f S w ia liz e ď s e x .docxScanned by CamScannerO n e o f S w ia liz e ď s e x .docx
Scanned by CamScannerO n e o f S w ia liz e ď s e x .docx
 
TELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMTELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEM
 
Week 4 Assignment 2Self-assessment of Communication Skills.docx
Week 4 Assignment 2Self-assessment of Communication Skills.docxWeek 4 Assignment 2Self-assessment of Communication Skills.docx
Week 4 Assignment 2Self-assessment of Communication Skills.docx
 
diploma1
diploma1diploma1
diploma1
 
Endorsements
EndorsementsEndorsements
Endorsements
 
Manejo del dolor con medicamentos Guna
Manejo del dolor con medicamentos GunaManejo del dolor con medicamentos Guna
Manejo del dolor con medicamentos Guna
 
Scanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docxScanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docx
 
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docxScanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
 
School Violence and student
School Violence and studentSchool Violence and student
School Violence and student
 
Collaborative technology in a 1:1 world
Collaborative technology in a 1:1 worldCollaborative technology in a 1:1 world
Collaborative technology in a 1:1 world
 
Analysis by shloka
Analysis by shlokaAnalysis by shloka
Analysis by shloka
 
Dr. Frances Elliot
Dr. Frances ElliotDr. Frances Elliot
Dr. Frances Elliot
 
Blood pressure
Blood pressureBlood pressure
Blood pressure
 
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
 
Diapositivas seminario biologia molecular .pdf
Diapositivas seminario biologia molecular .pdfDiapositivas seminario biologia molecular .pdf
Diapositivas seminario biologia molecular .pdf
 
Lesson outline the 21 demands
Lesson outline the 21 demandsLesson outline the 21 demands
Lesson outline the 21 demands
 

Recently uploaded

JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdfJORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdfArturo Pacheco Alvarez
 
Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...
Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...
Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...World Wide Tickets And Hospitality
 
Instruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics Trade
Instruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics TradeInstruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics Trade
Instruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics TradeOptics-Trade
 
Turkiye Vs Georgia Turkey's UEFA Euro 2024 Journey with High Hopes.pdf
Turkiye Vs Georgia Turkey's UEFA Euro 2024 Journey with High Hopes.pdfTurkiye Vs Georgia Turkey's UEFA Euro 2024 Journey with High Hopes.pdf
Turkiye Vs Georgia Turkey's UEFA Euro 2024 Journey with High Hopes.pdfEticketing.co
 
Real Moto 2 MOD APK v1.1.721 All Bikes, Unlimited Money
Real Moto 2 MOD APK v1.1.721 All Bikes, Unlimited MoneyReal Moto 2 MOD APK v1.1.721 All Bikes, Unlimited Money
Real Moto 2 MOD APK v1.1.721 All Bikes, Unlimited MoneyApk Toly
 
Instruction Manual | ThermTec Wild Thermal Monoculars | Optics Trade
Instruction Manual | ThermTec Wild Thermal Monoculars | Optics TradeInstruction Manual | ThermTec Wild Thermal Monoculars | Optics Trade
Instruction Manual | ThermTec Wild Thermal Monoculars | Optics TradeOptics-Trade
 
Expert Pool Table Refelting in Lee & Collier County, FL
Expert Pool Table Refelting in Lee & Collier County, FLExpert Pool Table Refelting in Lee & Collier County, FL
Expert Pool Table Refelting in Lee & Collier County, FLAll American Billiards
 
Technical Data | ThermTec Wild 335 | Optics Trade
Technical Data | ThermTec Wild 335 | Optics TradeTechnical Data | ThermTec Wild 335 | Optics Trade
Technical Data | ThermTec Wild 335 | Optics TradeOptics-Trade
 
IPL Quiz ( weekly quiz) by SJU quizzers.
IPL Quiz ( weekly quiz) by SJU quizzers.IPL Quiz ( weekly quiz) by SJU quizzers.
IPL Quiz ( weekly quiz) by SJU quizzers.SJU Quizzers
 
Austria VS France Injury Woes a Look at Euro 2024 Qualifiers.docx
Austria VS France Injury Woes a Look at Euro 2024 Qualifiers.docxAustria VS France Injury Woes a Look at Euro 2024 Qualifiers.docx
Austria VS France Injury Woes a Look at Euro 2024 Qualifiers.docxWorld Wide Tickets And Hospitality
 
Introduction to Basketball-PowerPoint Presentation
Introduction to Basketball-PowerPoint PresentationIntroduction to Basketball-PowerPoint Presentation
Introduction to Basketball-PowerPoint PresentationJuliusMacaballug
 
Mysore Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Mysore Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMysore Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Mysore Call Girls 7001305949 WhatsApp Number 24x7 Best Servicesnajka9823
 
Austria vs France David Alaba Switches Position to Defender in Austria's Euro...
Austria vs France David Alaba Switches Position to Defender in Austria's Euro...Austria vs France David Alaba Switches Position to Defender in Austria's Euro...
Austria vs France David Alaba Switches Position to Defender in Austria's Euro...Eticketing.co
 
Italy Vs Albania Euro Cup 2024 Italy's Strategy for Success.docx
Italy Vs Albania Euro Cup 2024 Italy's Strategy for Success.docxItaly Vs Albania Euro Cup 2024 Italy's Strategy for Success.docx
Italy Vs Albania Euro Cup 2024 Italy's Strategy for Success.docxWorld Wide Tickets And Hospitality
 
France's UEFA Euro 2024 Ambitions Amid Coman's Injury.docx
France's UEFA Euro 2024 Ambitions Amid Coman's Injury.docxFrance's UEFA Euro 2024 Ambitions Amid Coman's Injury.docx
France's UEFA Euro 2024 Ambitions Amid Coman's Injury.docxEuro Cup 2024 Tickets
 
PPT on INDIA VS PAKISTAN - A Sports Rivalry
PPT on INDIA VS PAKISTAN - A Sports RivalryPPT on INDIA VS PAKISTAN - A Sports Rivalry
PPT on INDIA VS PAKISTAN - A Sports Rivalryanirbannath184
 

Recently uploaded (16)

JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdfJORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
 
Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...
Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...
Spain Vs Italy Showdown Between Italy and Spain Could Determine UEFA Euro 202...
 
Instruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics Trade
Instruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics TradeInstruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics Trade
Instruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics Trade
 
Turkiye Vs Georgia Turkey's UEFA Euro 2024 Journey with High Hopes.pdf
Turkiye Vs Georgia Turkey's UEFA Euro 2024 Journey with High Hopes.pdfTurkiye Vs Georgia Turkey's UEFA Euro 2024 Journey with High Hopes.pdf
Turkiye Vs Georgia Turkey's UEFA Euro 2024 Journey with High Hopes.pdf
 
Real Moto 2 MOD APK v1.1.721 All Bikes, Unlimited Money
Real Moto 2 MOD APK v1.1.721 All Bikes, Unlimited MoneyReal Moto 2 MOD APK v1.1.721 All Bikes, Unlimited Money
Real Moto 2 MOD APK v1.1.721 All Bikes, Unlimited Money
 
Instruction Manual | ThermTec Wild Thermal Monoculars | Optics Trade
Instruction Manual | ThermTec Wild Thermal Monoculars | Optics TradeInstruction Manual | ThermTec Wild Thermal Monoculars | Optics Trade
Instruction Manual | ThermTec Wild Thermal Monoculars | Optics Trade
 
Expert Pool Table Refelting in Lee & Collier County, FL
Expert Pool Table Refelting in Lee & Collier County, FLExpert Pool Table Refelting in Lee & Collier County, FL
Expert Pool Table Refelting in Lee & Collier County, FL
 
Technical Data | ThermTec Wild 335 | Optics Trade
Technical Data | ThermTec Wild 335 | Optics TradeTechnical Data | ThermTec Wild 335 | Optics Trade
Technical Data | ThermTec Wild 335 | Optics Trade
 
IPL Quiz ( weekly quiz) by SJU quizzers.
IPL Quiz ( weekly quiz) by SJU quizzers.IPL Quiz ( weekly quiz) by SJU quizzers.
IPL Quiz ( weekly quiz) by SJU quizzers.
 
Austria VS France Injury Woes a Look at Euro 2024 Qualifiers.docx
Austria VS France Injury Woes a Look at Euro 2024 Qualifiers.docxAustria VS France Injury Woes a Look at Euro 2024 Qualifiers.docx
Austria VS France Injury Woes a Look at Euro 2024 Qualifiers.docx
 
Introduction to Basketball-PowerPoint Presentation
Introduction to Basketball-PowerPoint PresentationIntroduction to Basketball-PowerPoint Presentation
Introduction to Basketball-PowerPoint Presentation
 
Mysore Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Mysore Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMysore Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Mysore Call Girls 7001305949 WhatsApp Number 24x7 Best Services
 
Austria vs France David Alaba Switches Position to Defender in Austria's Euro...
Austria vs France David Alaba Switches Position to Defender in Austria's Euro...Austria vs France David Alaba Switches Position to Defender in Austria's Euro...
Austria vs France David Alaba Switches Position to Defender in Austria's Euro...
 
Italy Vs Albania Euro Cup 2024 Italy's Strategy for Success.docx
Italy Vs Albania Euro Cup 2024 Italy's Strategy for Success.docxItaly Vs Albania Euro Cup 2024 Italy's Strategy for Success.docx
Italy Vs Albania Euro Cup 2024 Italy's Strategy for Success.docx
 
France's UEFA Euro 2024 Ambitions Amid Coman's Injury.docx
France's UEFA Euro 2024 Ambitions Amid Coman's Injury.docxFrance's UEFA Euro 2024 Ambitions Amid Coman's Injury.docx
France's UEFA Euro 2024 Ambitions Amid Coman's Injury.docx
 
PPT on INDIA VS PAKISTAN - A Sports Rivalry
PPT on INDIA VS PAKISTAN - A Sports RivalryPPT on INDIA VS PAKISTAN - A Sports Rivalry
PPT on INDIA VS PAKISTAN - A Sports Rivalry
 

Ceh v8 labs module 10 denial of service

  • 1. C EH Lab M a n u a l D e n ia l o f S e r v ic e M o d u l e 10
  • 2. M odule 10 - D enial o f S e rv ic e D e n ia l o f S e r v i c e Denialof Se ic (DoS) isa attack o a c m ue orn t okthatpe e ts rv e n n o p t r ew r rvn le itim teueof its r s uc s g a s eo r e. ICON KEY V a lu a b le in fo r m a tio n L a b S c e n a r io 111 c o m p u tin g , a d e n ia l-o f -s e rv ic e a tta c k (D o S a tta c k ) is a n a tt e m p t to m a k e a m a c h in e o r n e tw o r k re s o u rc e u n a v a ila b le to its in te n d e d u s e rs . A lth o u g h th e Test yo u r m e a n s to earn* o u t, m o tiv e s fo r, a n d ta rg e ts o f a D o S a tta c k m a y van*, it g e n e ra lly c o n s is ts o f th e e f f o r ts o f o n e o r m o r e p e o p le to te m p o ra r ily 0 1 ‫־‬ ^ W e b e x e r c is e W o r k b o o k re in d e fin ite ly in t e r r u p t 0 1 ‫ ־‬s u s p e n d s e iv ic e s o f a h o s t c o n n e c t e d to th e I n te r n e t. P e r p e tr a to r s o f D o S a tta c k s ty p ic a lly ta r g e t sites 0 1 ‫ ־‬s e iv ic e s h o s t e d 0 1 1 h ig h p ro f ile w e b s e n ‫־‬ers s u c h as b a n k s , c r e d it c a rd p a y m e n t g a te w a y s, a n d e v e n r o o t n a m e s e iv e r s . T h e te r m is g e n e ra lly u s e d re la tin g to c o m p u te r n e tw o rk s , b u t is n o t lim ite d to tin s field ; fo r e x a m p le , it is a ls o u s e d 111 r e f e r e n c e to C P U r e s o u r c e m a n a g e m e n t. O n e c o m m o n m e t h o d o f a tta c k in v o lv e s s a tu ra tin g th e ta r g e t m a c h in e w ith e x te r n a l c o m m u n ic a tio n s re q u e s ts , s u c h th a t it c a n n o t r e s p o n d to le g itim a te tra ffic , o r r e s p o n d s so slo w ly as to b e r e n d e r e d e ss e n tia lly u n a v a ila b le . S u c h a tta c k s u su a lly le a d to a s e iv e r o v e rlo a d . D e 111 al-o f-se n * 1 ce a tta c k s c a n e sse n tia lly d is a b le y o u r c o m p u t e r 0 1 ‫ ־‬y o u r n e tw o rk . D o S a tta c k s c a n b e lu c ra tiv e fo r c rim in a ls; r e c e n t a tta c k s h a v e s h o w n th a t D o S a tta c k s a w a y fo r c y b e r c rim in a ls to p ro f it. A s a n e x p e r t e th ic a l h a c k e r 0 1 ‫ ־‬s e c u r i t y a d m i n i s t r a t o r o f a n o rg a n iz a tio n , y o u s h o u ld h a v e s o u n d k n o w le d g e o f h o w d e n ia l - o f - s e r v i c e a n d d i s t r i b u t e d d e n ia l - o f - s e r v i c e a tta c k s a re c a rr ie d o u t, to d e t e c t a n d n e u t r a l i z e a tta c k h a n d le r s , a n d to m i t i g a t e s u c h a tta c k s. L a b O b je c t iv e s T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a r n to p e r f o r m D o S a tta c k s a n d to te s t n e tw o r k fo r D o S flaw s. 1 1 1 d iis la b , y o u w ill: ■ C re a te a n d la u n c h a d e 11 ia l‫־‬o f ‫־‬se 1v ic e a tta c k to a v ic tim ■ R e m o te ly a d m in is te r c lie n ts ■ P e r f o r m a D o S a tta c k b y s e n d in g a h u g e a m o u n t o f S Y N p a c k e ts c o n tin u o u s ly P e r f o r m a D o S H T T P a tta c k C E H Lab Manual Page 703 Ethical Hacking and Countemieasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • 3. M odule 10 - D enial o f S e rv ic e & T o o ls d e m o n s tr a t e d in t h i s la b a r e a v a ila b le in D:CEHT oo lsC E H v 8 M o d u le 1 0 D en ialo f-S e rv ic e L a b E n v ir o n m e n t T o e a rn ‫ ־‬o u t th is, y o u n eed : ■ A c o m p u te r ru n n in g W in d o w S e rv e r 2 0 0 8 ■ W in d o w s X P / 7 ru n n in g 111 v irtu a l m a c h in e ■ A w e b b ro w s e r w ith I n te rn e t access ■ A d m in istra tiv e privileges to m n to o ls L a b D u r a tio n T im e: 60 M in u te s O v e r v ie w o f D e n ia l o f S e r v ic e D e n ia l-o f-se rv ic e (D o S ) is a n a tta c k o n a c o m p u te r o r n e tw o rk th a t p r e v e n t s leg itim ate u se o f its re so u rc e s. 111 a D o S attack , atta c k e rs flo o d a v ic tim ’s sy ste m w ith illegitim ate service re q u e s ts o r t r a f f i c to o v e r l o a d its re s o u rc e s a n d p re v e n t it fro m p e rfo rm in g in t e n d e d tasks. Lab T asks O v e rv ie w P ic k a n o rg a n iz a tio n th a t y o u feel is w o rth y o f y o u r a tte n tio n . T in s c o u ld b e an e d u c a tio n a l in s titu tio n , a c o m m e rc ia l c o m p a n y , o r p e rh a p s a n o n p ro f it charity. R e c o m m e n d e d lab s to assist y o u in d en ial o f service: ■ S Y N flo o d in g a ta rg e t h o s t u sin g 11pi11g3 ■ H T T P flo o d in g u sin g D o S H T T P L a b A n a ly s is A n aly ze a n d d o c u m e n t th e resu lts re la te d to th e la b exercise. G iv e y o u r o p in io n o n y o u r ta rg e t’s secu rity p o s tu re a n d e x p o su re . P L E A S E T A L K T O Y O U R I N S T R U C T O R R E L A T E D C E H Lab Manual Page T O T H I S I F Y O U H A V E Q U E S T I O N S L A B . Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 4. M odule 10 - D enial o f S e rv ic e S Y N F lo o d in g a T a r g e t H o s t U s in g h p in g 3 hpingJ is a command-line oriented T C P / IP packet assembler/ analyser. ■ n co k ey 1 ^ ~ / V a lu a b le in fo r m a tio n y *' Test yo ur L a b S c e n a r io A S Y N flo o d is a f o r m o f d e n ia l-o f-s e rv ic e a tta c k 111 w h ic h ail a tta c k e r s e n d s a s u c c e s s io n o l S Y N re q u e s ts to a ta rg e t's s y s te m 111 a n a tt e m p t to c o n s u m e e n o u g h s e rv e r re s o u rc e s to m a k e th e s y s te m u n re s p o n s iv e to le g itim a te tra flic . k n o w le d g e A S Y N flo o d a tta c k w o rk s b y n o t r e s p o n d in g to th e s e r v e r w ith th e e x p e c te d * * W e b e x e r c is e m W o r k b o o k r e v ie w A C K c o d e . T h e m a lic io u s c lie n t c a n e ith e r sim p ly n o t s e n d th e e x p e c te d A C K , o r b y s p o o lin g th e s o u r c e IP a d d re s s 111 th e S Y N , c a u se th e s e r v e r to s e n d th e S Y N -A C K to a fa lsifie d I P a d d re s s , w h ic h w ill n o t s e n d a n A C K b e c a u s e it "k n o w s" th a t it never sen t a SYN. The s e rv e r w ill w a it fo r th e a c k n o w le d g e m e n t f o r s o m e tim e , as s im p le n e tw o r k c o n g e s tio n c o u ld a lso b e th e c a u s e o f th e m is s in g A C K , b u t 111 a n a tta c k in c re a s in g ly la rg e n u m b e r s o f h a lf - o p e n c o n n e c tio n s w ill b in d re so u rc e s on th e s e rv e r u n til no new c o n n e c tio n s c a n b e m a d e , re s u ltin g 111 a d e n ia l o f se rv ic e to le g itim a te tra ffic . S o m e sy s te m s m a y a ls o m a lf u n c tio n b a d ly o r e v e n c ra s h if o th e r o p e r a tin g s y s te m f u n c tio n s a re s ta rv e d o t re s o u rc e s 111 tin s w ay . A s a n e x p e r t e t h i c a l h a c k e r o r s e c u r i t y a d m i n i s t r a t o r o t a n o r g a n iz a tio n , y o u s h o u ld h a v e s o u n d k n o w le d g e o f d e n ia l - o f - s e r v i c e a n d d i s t r i b u t e d d e n ia l-o f s e r v i c e a tta c k s a n d s h o u ld b e a b le to d e t e c t a n d n e u t r a l i z e a tta c k h a n d le rs . Y o u s h o u ld u se S Y N c o o k ie s as a c o u n te r m e a s u r e a g a in s t th e S Y N flo o d w h ic h e lim in a te s th e re s o u rc e s a llo c a te d o n th e ta r g e t h o s t. L a b O b je c t iv e s T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a r n to p e r f o r m d e n ia l-o f-s e rv ic e a tta c k s a n d te s t th e n e tw o r k f o r D o S flaw s. 1 1 1 tin s la b , y o u w ill: ■ ■ C E H Lab Manual Page 705 P e r f o r m d e n ia l-o t-s e r v ic e a tta c k s S e n d h u g e a m o u n t o f S Y N p a c k e ts c o n tin u o u s ly Ethical Hacking and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 5. M odule 10 - D enial o f S e rv ic e & T o o ls d e m o n s tr a t e d in th i s la b a r e a v a ila b le a t D:CEHT oo lsC E H v 8 M o d u le 1 0 D en ialo f-S e rv ic e L a b E n v ir o n m e n t T o e a rn ’ o u t d ie lab , y o u need: ■ A c o m p u te r r u n n in g W in d o w s 7 as v ic tim m a c h in e ■ B a c k T ra c k 5 r3 ru n n in g 111 v irtu a l m a c h in e as a tta c k e r m a c h in e " W ir e s h a rk is lo c a te d a t D :C EH -ToolsC EH v 8 M o d u le 0 8 S n iffin g S n iffin g T oolsV W iresh ark L a b D u r a tio n T u n e : 10 M in u te s O v e r v ie w o f h p in g 3 11pu1g3 is a n e tw o rk to o l ab le to se n d c u s to m T C P / I P p a c k e ts a n d to d isp lay ta rg e t rep lies like a p in g p ro g ra m d o e s w ith IC M P replies. 11pu1g3 h a n d le s fra g m e n ta tio n , a rb itra n ‫ ־‬p a c k e ts b o d y , a n d size a n d c a n b e u s e d u i o rd e r to tra n s fe r hies e n c a p su la te d u n d e r s u p p o r te d p ro to c o ls. Lab T asks — j F lo o d SYN P a c k e t 1. L a u n c h B a c k T a c k 5 r3 o n th e v irtu al m a c h in e . 2. L a u n c h d ie h in g p 3 utility fro m th e B a c k T ra c k 5 r3 v irtu al m a c h in e . S elect B a c k T r a c k M e n u -> B a c k t r a c k -> I n f o r m a tio n G a th e r i n g -> N e tw o r k A n a ly s is -> I d e n tif y L iv e H o s t s -> H p in g 3 . ^^Applications Places System ( r 3 j Sun Oct 21. 1:34 PM V Accessories inform ationG athering ... N ork Analysis etw W Appl ^ eb ^ Graphics ► ‫ ״‬vulnerability Assessment ^| ^ ‫ #- ״‬Exploitation Tools ‫ |ף‬Database ^ aiiveo ► ^ arei lvf internet S B (yfke System Tools 9 Wine Wireless ^ ► i Maintaining Access | Other !f, Sound & Video 0=5! hping3 is a command-line oriented TC P/IP packet assembler/analyzer. Pnvilege Escalation Otrace ‫ ־‬f; arping ,c • ^ Reverse Engineering .!4 Network T a f c Analysis rfi detect*new‫־‬ ip6 ‫ ;ן ״‬RFID Tools ” dnmap *b >n OSIMT Analysis ► tj StressI c t n fsig ^ fping R oute Analysis »!. hplng2 .‫־‬H service Fin erp tin g rin g forensics ^ R eportin T o g o ls hpingj ^ netAscovcr ^ netifera << back . t nmap ^ Pn b j sctpscan t ae rc® traceroute wle o^ zenmap 1y=I Type only hping3 without any argument. If hping3 was compiled with Tel scripting capabilities, you should see a prompt. C E H Lab Manual Page 706 Figure 1.1: BackTrack 5 r3 Menu 3. T h e h p in g 3 u tility starts in d ie c o m m a n d shell. Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • 6. M odule 10 - D enial o f S e rv ic e * * root(afbt: - File Edit View trm inal Help > syn set SYN flag < ‫־־‬rst set RST flag * ‫־־‬push set PUSH flag v ack set ACK flag ‫־־‬urg set U flag RG -‫־‬xnas set X unused flag (0x40) ynas set Y unused flag (0x80) ■tcpexitcode use last tcp->th flags as exit code tcp-tinestaTp enable the TCP timestamp option to guess the HZ/uptine J ( f data size data fron file add ,signature* Bum packets in (default is 0) e olt p O O tS . na T 'T ro R mn | 1 -u ^ end te ll you reacheJ EO and prevent reAind F •T -•traceroute traceroute m ode (Implies ••bind and ‫־־‬t t l 1) --tr-stop Exit when receive the firs t not ICMP in traceroute node tr <ccp t t l Keep the source TTL fixed, useful to nonitor ]ust one hop **tr*no-rtt Don't calculate/show RTT information in traceroute node ARS packet description (new, unstable) apd send Send the packet described with apo (see docs/APO.txt) F IG U R E 1.2: BackTrack 5 13 Command Shell with hping3 4. 111 th e c o m m a n d shell, ty p e h p in g 3 - S 1 0 .0 .0 .1 1 - a 1 0 .0 .0 .1 3 - p 2 2 -flo o d a n d p re s s E n te r . m First, type a simple command and see the result: #hping3.0.0-alpha1> hping resolve www.google.com 66.102.9.104. m The hping3 command should be called with a subcommand as a first argument and additional arguments according to die particular subcommand. a v * root(abt: - File Edit View Terminal Help F IG U R E 1.3: BackTrack 5 r3 11ping3 command 5. L i d ie p re v io u s c o m m a n d , 1 0 .0 .0 .1 1 (W in d o w s 7 ) is th e v ic t im ’s m a c h in e IP a d d re ss, a n d 1 0 .0 .0 .1 3 ( B a c k T r a c k 5 r3 ) is th e a t t a c k e r ’s m a c h in e IP ad d ress. /v v x root(§bt: - File Edit View *fenminal Help ‫״‬ootebt:-# hp1ng3 -s 10.0.0.11 ■ 10.0.0.13 • 22 •■flood a p HPING 10.0 9.11 (ethO 10.6.0.11): S set, 40 headers 0 data hping in flood node, no replies w ill be show n << b a c k H y1 The hping resolve = command is used to convert a hostname to an IP address. C E H Lab Manual Page 707 tra c k F IG U R E 1.4: BackTrack4 Command Shell with hping3 6. 11pi11g3 flo o d s th e v ic tim m a c h in e b y se n d in g b u lk S Y N p a c k e ts a n d o v e rlo a d in g v ic tim reso u rc es. Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • 7. M odule 10 - D enial o f S e rv ic e 7. G o to d ie v ic tim ’s m a c h in e (W in d o w s 7). In stall a n d la u n c h W ire sh a rk , a n d o b se rv e th e S Y N p ack ets. 12(SVN Rev445202 ‫ ט‬Micro o tC r o a i n PeviceNPFJ605FlD17-52CF-4EA9-BA6P-5E43A8Dro2DD [ i e sf oprto: W r shark Pile Edit View Gc Capture Analyze Statistics Telephony Tools Internals Help 0. < 0 1 m m » a . m IBTal hping3 was mainly used as a security tool in the past. It can be used in many ways by people who don't care for security to test networks and hosts. A subset of the things you can do using hping3: ■ Firewall testing ‫ י‬Advanced port scanning ‫ י‬Network testing, using various protocols, TOS, fragmentation ■ Manual path M TU discovery ■ Advanced traceroute, under all the supported protocols ■ Remote OS fingerprinting * Remote uptime guessing ■ TC P/IP stacks auditing m D estination Protocol Length Info ‫31 .כ‬ ‫31 .כ‬ ‫31 . נ‬ ‫31 . נ‬ 10.0.0.11 TCP 10.0.0.11 10.0.0.11 1 10.0.0.11 TCP TCP TCP TCP |G l . IE Ij 54 [TCP Pert numbers 54 [TCP Pert numbers 54 [TCP Pert numbers 54 [TCP Port numbers ■ ff1i‫ ־‬r 3 ^ T M7‫־‬ 54 [TCP Port numbers reused] reused] reused] reused] T T 1 reused] 53620 53621 53622 53623 > > > > ssh ssh ssh ssh [SYN] 5 [SYN] s [SYN] 5 [SYN] 5 13771■3 53625 > ssh [SYN] 5 1 U-tI& W 7 ZW tt M Frame 1: 54 b/tes on wire (432 b it s ) , 54 bytes captured (432 b its ) on in te rface 0 Ethernet I I , Src: Microsof_a8:78:07 (00:15:5d:a8:78:07), Dst: M'crosof_a8:78:05 (00:15:5d:a Internet Protocol version 4, src: 10.0.0.13 (10.0.0.13), Dst: 10.0.0.11 (10.0.0.11) Transmission control Protocol, src Po rt: 11766 (11766), Dst Port: ssh (22), seq: 0, Len: 0 OO O O 0019 0020 0030 0015 0028 00Ob 0200 5d dl 2d ee as 3a f6 df 78 00 00 00 05 00 15 00 40 06 16 3a a9 00 5d a8 78 07 OS 00 45 00 95 7e Oa 00 00 Od Oa 00 09 f c 61 62 d6 d7 50 02 . .] .x .. . ].X ...E . •(• :..®. —........ O Fl:*CUsenAdminAppDataLocalTemp... P c e s 119311 D s l y d 119311 M r e . P o i e D f u t ie akt: ipae: a k . . rfl: e a l FIG U R E 1.5: Wireshark with SYN Packets Traffic Y o u se n t h u g e n u m b e r o l S Y N p a c k e ts, w h ic h c a u se d d ie v ic tim ’s m a c h in e to crash . L a b A n a ly s is D o c u m e n t all d ie resu lts g a d ie r d u rin g d ie lab. T o o l/U tility I n f o r m a tio n C o ll e c te d / O b j e c ti v e s A c h ie v e d S Y N p a c k e ts o b s e r v e d o v e r flo o d in g th e r e s o u rc e s in h p in g 3 P L E A S E T A L K v ic tim m a c h in e T O Y O U R I N S T R U C T O R R E L A T E D T O T H I S I F Y O U H A V E Q U E S T I O N S L A B . I n te rn e t C o n n e c tio n R e q u ire d □ Y es 0 No P la tfo rm S u p p o rte d 0 C E H Lab Manual Page 708 C la s s ro o m 0 1L a b s Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • 8. M odule 10 - D enial o f S e rv ic e Lab H T T P F lo o d in g U s in g D o S H T T P D oS H T T P is an H T T P flood denial-of-service (D oS) testing toolfor Windows. D o S H T T P includesp o rt designation and reporting. ICON KEY L a b S c e n a r io / V a lu a b le in fo r m a tio n H T T P flo o d in g is a n a tta c k th a t u se s e n o rm o u s u seless p a c k e ts to jam a w e b server. 111 tliis p a p e r, w e u se lu d d e n se m i-M a rk o v m o d e ls (H S M M ) to d e s c n b e W e b - .-* v Test yo ur ______ k n o w le d g e b ro w s in g p a tte rn s a n d d e te c t H T T P flo o d in g attack s. W e first u se a large n u m b e r o f leg itim ate re q u e s t seq u e n c e s to tra in a n H S M M m o d e l a n d th e n u se tins leg itim ate m . W e b e x e r c is e m o d e l to c h e c k ea c h in c o m in g re q u e s t se q u en c e . A b n o rm a l W w b traffic w h o se lik e lih o o d falls in to u n re a s o n a b le ra n g e fo r th e leg itim ate m o d e l w o u ld b e classified as p o te n tia l a tta c k traffic a n d sh o u ld b e c o n tro lle d w ith special a ctio n s su c h as filtering 01 ‫ ־‬lim itin g th e traffic. F inally w e v alid ate o u r a p p ro a c h b y te stin g d ie m e th o d w ith real data. T h e re su lt sh o w s th a t o u r m e th o d c a n d e te c t th e a n o m a ly w e b traffic effectively. 111 th e p re v io u s lab y o u le a rn e d a b o u t S Y N flo o d in g u sin g 11p111g3 a n d th e c o u n te rm e a s u re s th a t c a n b e im p le m e n te d to p re v e n t su c h attack s. A n o th e r m e th o d th a t atta c k e rs c a n u se to a tta c k a se rv er is b y u sin g th e H T T P flo o d a p p ro a c h . A s a n e x p e rt e th i c a l h a c k e r a n d p e n e tr a ti o n t e s t e r , y o u m u s t b e aw are o f all types o f h a c k in g a tte m p ts 0 11 a w e b serv er. F o r H T T P flo o d in g a tta c k y o u sh o u ld im p le m e n t a n a d v a n c e d te c h n iq u e k n o w n as “ ta rp ittin g ,” w h ic h o n c e esta b lish e d su ccessfu lly w ill set c o n n e c tio n s w in d o w size to few bytes. A c c o rd in g to T C P / I P p ro to c o l d esig n , th e c o n n e c tin g d ev ice w ill initially o n ly se n d as m u c h d ata to targ et as it tak es to fill d ie w in d o w u n til th e serv er re s p o n d s. W ith ta rp ittin g , th e re w ill b e 110 re s p o n s e b a c k to th e p a c k e ts fo r all u n w a n te d H T T P re q u e sts, th e re b y p ro te c tin g y o u r w e b server. L a b O b je c t iv e s T h e o b je c tiv e o f tin s la b is to h e lp s m d e n ts le a r n H T T P flo o d in g d e m a l-o t se rv ic e (D o S ) a tta c k . C E H Lab Manual Page 709 Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 9. M odule 10 - D enial o f S e rv ic e & T o o ls d e m o n s tr a t e d in t h i s la b a r e a v a ila b le in D:CEHT oo lsC E H v 8 M o d u le 1 0 D en ialo f-S e rv ic e L a b E n v ir o n m e n t T o e a rn ’ o u t th is lab , y o u n eed : ■ D oSH T T P to o l lo c a te d a t D :C E H -ToolsC E H v 8 M o d u le 1 0 D enial-ofS e rv ic e ' DDoS A tta c k T o o lsD o S H TTP ■ Y o u c a n a lso d o w n lo a d th e la te s t v e r s io n o f D o S H T T P f r o m th e lin k h ttp : / / w w w .s o c k e ts o f t. 11 e t / ■ I f y o u d e c id e to d o w n lo a d th e l a t e s t v e r s io n , th e n s c r e e n s h o ts s h o w n 111 th e la b m ig h t d if fe r ■ A c o m p u te r m m iu ig W in d o w s S e r v e r 2 0 1 2 as h o s t m a c h in e ■ W in d o w s ■ A w e b b ro w s e r w ith an I n te r n e t c o n n e c tio n ■ A d m in istra tiv e p rivileges to m il to o ls 7 ru n n in g o n v irtu a l m a c liu ie as a tta c k e r m ac liu ie L a b D u r a tio n T u n e : 10 M in u te s O v e r v ie w o f D o S H T T P D o S H T T P is an H T T P H ood d en ial-o f-se rv ic e (D oS ) te stin g to o l fo r W in d o w s. I t in clu d e s U R L v e rific atio n , H T T P re d ire c tio n , a n d p e rfo rm a n c e m o n ito rin g . D o S H T T P u ses m u ltip le a s y n c h ro n o u s so c k ets to p e rf o rm a n e ffectiv e H T T P flo o d . D o S H T T P c a n b e u s e d sim u lta n e o u sly o n m u ltip le clients to e m u la te a d is tn b u te d d e n ial-o f-serv ice (D D o S ) attack . T in s to o l is u s e d b y I T p ro fe ssio n a ls to te s t w e b se rv er p e rfo rm a n c e . Lab T asks 1. 2. D oSH T T P F lo o d in g In sta ll a n d la u n c h D o S H T T P u i W in d o w s S e r v e r 2 0 1 2 . T o la u n c h D o S H T T P , m o v e y o u r m o u s e c u rs o r to lo w e r le ft c o rn e r o f d ie d e s k to p a n d click S ta r t. FIG U RE 2.1: Windows Server 2012 Desktop view C E H Lab Manual Page 710 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • 10. M odule 10 - D enial o f S e rv ic e 3. C lick d ie D o S H ttp 2 .5 a p p fro m d ie S t a r t m e n u a p p s to la u n c h d ie p ro g ra m . Adm inistrator ^ Start Cro c c Ur Tf ac Mngr a ae Miilla o Feo irf x * DoSHTTP is an easy to use and powerful HTTP Flood Denial of Service (DoS) Testing Tool for Windows. DoSHTTP includes U R L Verification, H TTP Redirection, Port Designation, Performance Monitoring and Enhanced Reporting. y * © • Cmad om n Po p r mt rr‫־‬ N otefao* r S TP wHT S V n tr tmK Hp fV yo N« kk Wb lc t oC n % ‫וי‬ Cn to e l ■ FIG U R E 2.2: Windows Server 2012 Start Menu Apps T h e D oSH T T P m a in scre e n ap p e a rs as s h o w n 111 th e fo llo w in g figure; 111 d iis lab w e h a v e d e m o n s tra te d trial v e rsio n . C lick T ry to c o n tin u e . | File O p tio n s H elp D T o o ls d e m o n s tr a t e d in t h i s la b a r e a v a ila b le in D:CEHT oo lsC E H v 8 M o d u le 1 0 D en ialo f-S e rv ic e X DoSHTTP 2.5.1 - Socketsoft.net [Loading...] H DoSHTTP Registration H‫־‬ Ta r / U nreq istered V ersion V ( Sa J 3 Close Us [m fry You have 13 days or 3 uses left on your free trial. Enter your Serial Number and click the Register button. 3 Register jSerial Number I C‫׳‬sc 3 r-sr t‫־‬ttD://w w w .so cketsoft. ret‫׳‬ ' 1 R eady FIG U R E 2.3: D oSH TIP main window 5. E n te r d ie U R L o r IP a d d re ss 111 d ie T a r g e t URL field. 6. S elect a U s e r A g e n t, n u m b e r o f S o c k e t s to se n d , a n d th e ty p e o f R e q u e s ts to sen d . C lick S ta r t. 7. C E H Lab Manual Page 711 m DoSHTTP includes Port Designation and Reporting. 111 d iis lab , w e are u sin g W in d o w s 7 I P (10.0.0.7) to flo o d . Ethical Hacking and Countemieasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • 11. M odule 10 - D enial o f S e rv ic e H nn^HTTP ? S 1 - W kpfcnft npf [Fvaliiatmn Mnrlp] File O p tio n s *1 H elp DoSH TTP HTTP Flood Denial of S ervice (DoS) Testing Tool Target URL 10.0.0.11 Usei Agent |Mozilla/6.0 (compatible; MSIE 7.0a; Windows NT 5.2; SV1) Sockets Requests 1 500 ▼ Verify URL jStart FloodJ ] ▼ | |Continuous Close httD://www.socketsoft.ret‫'׳‬ Leca D s c a mer Ready -------- !-------------------------- J FIG U R E 2.4: DoSHTTP Flooding N o te: T h e s e I P a d d re sses m a y d iffe r 111 y o u r la b e n v iro n m e n t. 8. C lick OK m th e D o S H T T P e v a lu a tio n p o p -u p . H DoSHTTP 2.5.1 - Socketsoft.net [Evaluation Mode] File y DoSHTTP uses multiple asynchronous sockets to perform an effective H TTP Flood. DoSHTTP can be used simultaneously on multiple clients to emulate a Distributed Denial of Service (DDoS) attack. O p tio n s x H elp DoSHTTP E valuation m o d e w ill o n ly p e rfo rm a m a x im u m o f 10000 requests per session. OK Lees D - S c a rrer t ‫־‬ttD:.|’ , www.soctetsoft.ret/ . ‫׳‬ Ready FIG U R E 2.5: DoSHTTP Evaluation mode pop-up 9. L a u n c h d ie W ir e s h a rk n e tw o rk p ro to c o l an aly zer 111 d ie W in d o w s 7 v irtu a l m a c h in e a n d sta rt its in terfa ce. 10. D o S H T T P sen d s a s y n c h r o n o u s so c k e ts a n d p e rfo rm s H TT P flo o d in g o f d ie y DoSHTTP can help IT Professionals test web server performance and evaluate web server protection software. DoSHTTP was developed by certified IT Security and Software Development professionals C E H Lab Manual Page 712 ta rg e t n etw o rk . 11. G o to V irtu a l m a c h in e , o p e n W ire s h a rk . a n d o b se rv e th a t a lo t o f p a c k e t traffic is c a p tu re d b y W iresh a rk . Ethical Hacking and Countenneasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • 12. M odule 10 - D enial o f S e rv ic e ^^t info Mr sf oprt nDv P65lD^C E ^6E88W^ j" pjr gr micooKr oa!oAe!nN^0F 12MAA^4AC 2 Fl £ i View ie d t £0 Capture Analyze S a i t c Telephony Tools I t rnals Help ttsis ne pyai Fle itr No. ojai 1 ‫* ט‬ m » m | |E p e s o . C e r Apply Save ▼ xrsin. la Time Source 81 14.2268530 10.0.0.10 85 85 87 83 89 90 91 92 93 94 95 Dsiain etnto 10.0.0.11 P otocol Length I f r no • * TCP 66 57281 > http [SYN] Sec 14. 9489030 Del 1_c3:c3:cc Broadcast 15.4810940 1 0 .0 .0 .1 0 1 0.0.0.255 15.4812800 fe80: : 38aa: 6390 : 554 f f 02: :1:3 15.4813280 10.0.0.10 224.0.0.252 15. 9012270fe80: :38aa:6390:554ff02: :1:3 15 9013020 10.0.0.10 224.0.0.252 15 9494970 De11_c3:c3:cc Broadcast 16 2313280 10.0.0.10 10.0.0.255 16 9962120 10.0.0.10 10.0.0.255 17 7675600 f p80 : : 38aa : 6390 :5 54 f f 0?: :1 7 18 4547800 D e l1 _c 3 :c3 :c c M icro sof_a8 :7 8 :0 5 ARP NBNS llnnr LLNNR LLNNR llnnr ARP NBNS nbns DHCPv6 ARP 42 who has 10.0.0.13? Te 92 Nam query NB W e PAD<00> 84 standard query 0xfe99 64 stardard query 0xfe99 84 Stardard query 0xfe99 64 stardard query 0xfe99 42 who has 10.0.0.13? T€ 92 N e query NB wpad< am 00> 92 N e query NB WPAD<00>. am 157 S o lic it XTD: 0xa QQ84 C 42 who has 10.0.0.11? T€ w Frane 1: 42 bytes on wire (336 bits). 42 bytes captured (336 bits) on interface 0 • Ethernet I I , src: De11_c3:c3:cc (d4:be:d9:c3:c3:cc), Dst: Broadcast ( f f : f f : f f : f f : f f : f f ) E Address Resolution Protocol (request) 0000 0010 0020 f f f f f f f t f t f f d4 be 0800 06 04 00 01 d4 be 0000 00 00 00 00 Oa 00 d9 c3 c3 cc 08 06 00 01 d9 c3 c3 cc Oa 00 00 Oa 00 O d FIG U R E 26: Wireshark window DoSHTTP can be used simultaneously on multiple clients to emulate a Distributed Denial of Service (DDoS) attack. 12. Y o u see a lo t o l H T T P p a c k e ts are flo o d e d to d ie h o s t m ac h in e . 13. D o S H T T P u se s m u ltip le a s y n c h ro n o u s so ck e ts to p e rf o rm a n H T T P flo o d ag ain st d ie e n te re d n e tw o rk . L a b A n a ly s is A n a ly z e a n d d o c u m e n t d ie resu lts re la te d to d ie lab exercise. T o o l/U tility I n f o r m a tio n C o ll e c te d / O b j e c ti v e s A c h ie v e d D oSH TTP P L E A S E T A L K H T T P p a c k e ts o b s e r v e d flo o d in g th e h o s t m a c h in e T O Y O U R I N S T R U C T O R R E L A T E D T O T H I S I F Y O U H A V E Q U E S T I O N S L A B . Q u e s t io n s E v a lu a te h o w D o S H T T P ca n b e u se d sim u lta n e o u sly o n m u ltip le clients a n d p e rfo rm D D o S attacks. C E H Lab Manual Page 713 Ethical Hacking and Countemieasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • 13. M odule 10 - D enial o f S e rv ic e 2. D e te rm in e h o w y o u c a n p re v e n t D o S H T T P attack s 0 11 a n e tw o rk . In te r n e t C o n n e c tio n R e q u ire d □ Y es P la tfo rm S u p p o rte d 0 C E H Lab Manual Page 714 C la s s ro o m 0 !L a b s Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.