Introduction to Denial


This is a short review of the different types of Denial of Service 
attacks (DoS) that appeared on the internet over the years.

1- The early days :

Nuking  ( Winnuke, OOB nukers)

Microsoft ingeneers , in their incredible wisdow , have built in all 
windows boxes a service called NetBios that is listening on port 135,137 
or 139. Why this service is installed on all windows? That's still a 
mystery.
Hackers have found that if an Out Of Band signal is sent to the windoze 
box, the system froze and a reboot is needed to put the computer back 
in function.


Ping Flooding, Ping of Death

The idea behind the attack is to freeze the server by sending a huge 
amount of packets (ping flooding) or by sending oversized packets to a 
machine. This has for effect to slow down the server and eventually to 
shut it down if the buffer is full.

Windoze 95, windoze NT and Linux had trouble to handle packets over 
64k. Early versions of Windoze 98 had trouble to handle packets of exactly 
65000 bytes (header included).


2- The second age :

Malformed packets (boink, land, teardrop etc.)

Based on the TCP/IP protocol, these new attacks were very effective. 
The usual exchange between computers is started with the 3-way handshake 
like this :

Computer1  à syn  à   Computer2

Computer2  ß ack  ß  Computer1

Computer1  à ack  à   Computer2

Then the data are transmitted. What happens if the computer1 send an 
ack to computer2 as the first part of the 3-way handshake instead of the 
normal syn ? It creates a situation where the computer 2 don't know 
what to do with it so the ack remains in the buffer for some time. Now if 
a  thousands of ack are sent? The buffer will be fulled and the server 
will not be able to handle other requests, if it does not crashes in 
the meantime.


3- The nuclear weapons :

Distributed Denial of Service (Smurf, Papasmurf etc.)

I call these attacks nuclear weapons because when someone use them, 
millions of innocents suffers. How the thing works :

Instead of sending a normal ping to a computer and receive the 
response, you send a ping that will be forwarded to all computers along the 
route between you and the target and all these computers will answer with 
a ping reply.

Example :

Attacker  à single ping à router1  10 ping à router2        200 ping à 
etc. à  50000 pings à target 
                                                 |                  |                    
|                 |
                                             Subnet  --------                
subnet  -------
                                     ( 10 computers)                ( 
20 computers)
 

As you can see, for each ping, a huge amount of traffic is created and 
all other people trying to use the routers will have a slower response 
or no response at all. This is the type of attack the infamous Mafiaboy 
used to freeze Yahoo and Geocities.


Now be responsible with what you have learned, Just1ce.