24-04-2010, 10:00 PM
for more visit
nestedloops.wordpress.com
25-04-2010, 12:12 AM
thanks Mohit Jain
nice report , a good tech stuff i am going to repost Introduction of above report to get idea of report before downloading Introduction Overview Denial of service attacks have become a growing problem over the last few years resulting in large losses for the victims . One good example of this loss is the attacks of Yahoo, CNN, and Amazon in February of 2000 which had an estimated loss of several million to over a billion dollars . This report will go over the fundamentals of denial of service attacks, how they can be detected, and some of the most common ways of mitigating the damage they can inflict upon their victims. Distributed Denial of Service (DDoS) attacks are a virulent, relatively new type of attack on the availability of Internet services and resources. DDoS attackers infiltrate large numbers of computers by exploiting software vulnerabilities, to set up DDoS attack networks. These unwitting computers are then invoked to wage a coordinated, large-scale attack against one or more victim systems. As specific countermeasures are developed, attackers enhance existing DDoS attack tools, developing new and derivative DDoS techniques and attack tools. Rather than react to new attacks with specific countermeasures, it would be desirable to develop comprehensive DDoS solutions that defend against known and future DDoS attack variants. However, this requires a comprehensive understanding of the scope and techniques used in different DDoS attacks. Denial of Service Attacks Denial of service attacks come in an almost endless variety of forms but have the core similarity of their purpose. This purpose is to deny legitimate use of the services provided by their victim . This is achieved by exhausting the systems resources such as bandwidth, and memory . Unfortunately due to the limited nature of resources on the internet and the end to end focus of the networks design this is fairly easily achieved . There are several different main kinds of methods that attackers use. The most straight forward method is sending a stream of packets to the victim to use all of the systems resources which is known as flooding [1]. Another common method is to send a smaller number of altered packets to confuse the protocol or application . The most prevalent form of denial of service attack is the TCP/SYN Flooding method which makes up 90% of all denial of service attacks . This attack takes advantage of the three way handshake procedure that the TCP protocol uses . Normally the procedure goes something like the Page 1 following. The client sends a SYN message to let the server know the client wants to connect. Then the server sends a SYN/ACK message back letting the client know that it received the clientâ„¢s SYN message and is reserving resources for it. Finally the client sends the server an ACK message to complete the connection .In a TCP/SYN flooding attack the misbehaving client or clients sends a flood of SYN messages to the server with spoofed IPâ„¢s (fake IP info) but never respond to the SYN/ACK message the server responds with (to the spoofed IPâ„¢s). This results in the server holding half open connections and reserving resources for each fraudulent SYN message eventually consuming them all. Now that the basic nature of a denial of service extent has been explained we will go into distributed denial of service attacks.
06-08-2010, 08:36 PM
plz send full report and presentation...for this topic
31-05-2012, 02:07 PM
Denial-Of-Service Attack Denial-Of-Service Attack.doc (Size: 79.5 KB / Downloads: 46) ABSTRACT: Exploiting Network Security in the form of Denial-of-service is described. A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users. The DoS attack enables or eases the Hackers to get the access to the victim’s computer over a network. One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic. In general terms. INTRODUCTION: A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. METHODS OF ATTACK A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services. ICMP flood A smurf attack is one particular variant of a flooding DoS attack on the public Internet. It relies on misconfigured network devices that allow packets to be sent to all computer hosts on a particular network via the broadcast address of the network, rather than a specific machine. The network then serves as a smurf amplifier. In such an attack, the perpetrators will send large numbers of IP packets with the source address faked to appear to be the address of the victim. Low-rate Denial-of-Service attacks The Low-rate DoS (LDoS) attack exploits TCP’s slow-time-scale dynamics of retransmission time-out (RTO) mechanisms to reduce TCP throughput. Basically, an attacker can cause a TCP flow to repeatedly enter a RTO state by sending high-rate, but short-duration bursts, and repeating periodically at slower RTO time-scales. |
|