DDOS Attack – A ‘Ping of death’ or a ‘cool teaser’ from the hacking groups?

The very mention of hacking, and we are all ears to the latest buzz in this intriguing world of technological advances. While some may squabble and crib about the existing threats to the underlying security of a network acquired through hacking, it is the playground of the hackers that keeps itself abreast with the prevalent and the emerging trends. One such phenomenal and common hacking attack is what we call DDOS (Distributed denial-of-service) attack.

The know- how of the DDOS attacks

DDOS involves multiple systems distributed over a network or compromised computers such as botnets which sabotage the targeted system, usually a server or a website, with flooded traffic or overloading connections. This causes the target server/website to be unavailable to legitimate requests.

Historical DDOS attacks

As the world becomes more reliant on the Internet, more opportunities are there for thwarting the daily lifestyle. Some recent examples from the past that played havocs with the world’s anarchy are listed as under:

Project Chanology

The religiously motivated ‘hacktivist’ group Anonymous created a roar of DDOS attacks in January 2008 to protest against the interference of the Scientologists from the Internet.

The July Cyber DDOS attacks

27 websites, including those of The Pentagon and The Whitehouse were attacked in July 2009 targeting the services in the United States and South Korea and causing large scale disruption in their economy. The attacks were caused by activated botnets and came in three waves during the month.

Lulzsec DDOS attack

Brazen DDOS attacks were made in June 2010 at several US agencies including the CIA, shutting down their services for a day and bringing the much hyped security to the forefront.

Spamhaus DDOS Attack

one of the most ferocious DDOS attacks of the history, this unprecedented 300 GBPS attack of 2013 was aimed at the servers of the non profit Spam battling firm called Spamhaus and crawled over the Internet services worldwide.

Largest ever DDOS attack

peaking at 400 GBPS, this enormous DDOS attack in early 2014 combined the hacking techniques of NTP Amplification, DNS Reflection and SYN Flood and targeted one of the European customers of CloudFlare.

How to hack using DDOS – The methods

Flooding services and crashing services are two objectives of the DDOS attack. However, there might be a plethora of methods to launch one!

The Ping of death and Ping Flooding

In Ping Flooding the victim is overwhelmed with a number of ping packets, usually achieved by launching ‘ping’ command in the Command Prompt of Windows systems. The -l flag can send a maximum of 65500 bytes of packets to the victim from a single system. The Ping of death, on the other hand, involves launching a malicious ping packet to the victim with the aim of crashing down the service completely.

Teardrop attacks

This method involves throwing the victim with mangled IP packets that contain over-sized and overlapping payloads. Consequently, several operating systems may crash owing to the bug in their re-assembly code of TCP/IP fragmentation.

Hacking tools available over the Internet for DDOS attacks

There are a lot of freely available DDOS attacking tools in the online black market today. Compiled below are to name a few.

LOIC (Low Orbit Ion Cannon)

http://sourceforge.net/projects/loic/

Anonymous, the famed hacktivists used this freely provided DDOS attack tool against many networks. This tool is very simple to use for even a beginner. The HIVEMIND mode in this tool lets you control remote LOIC systems which aids in launching a severe DDOS attack. However, this tool does nothing to hide your identity which is a big disadvantage.

XOIC

http://sourceforge.net/projects/xoic/

Available in three different modes with varying levels of complexity and power, XOIC is a more powerful tool for launching DDOS attack than LOIC.

DDOS IM

http://sourceforge.net/projects/ddosim/

This popular DDOS hacking tool is a layer 7 DDOS Simulator that engages several zombie hosts to create full TCP connections to the victim machine. A highly efficient DDOS tool, DDOSIM uses random IP addresses, creates highly untraceable Application layer DDOS attacks and is able to simulate large number of botnets. ()

Mitigation and handling of simple DDOS attacks can be performed by Firewalls by setting up specific rules blocking the attackers. However, powerful and more complex DDOS attacks cannot be mitigated using this method. The first step towards a successful mitigation is to identify a DDOS attack (usually same type of traffic with UDP, TCP, ICMP – albeit they come from forged source addresses). Some advanced mitigation methods that can be then adopted include Black hole filtering, Rate limiting or by using Cloud based services like Prolexic.

References

• http://www.defense.net/ddos-attack-timeline.html
• http://www.digitaltrends.com/computing/lulzsec-hacks-cia-and-disrupts-other-u-s-agencies/

• http://threatpost.com/400-gbps-ntp-amplification-attack-alarmingly-simple

• http://siliconangle.com/blog/2014/02/11/cloudflare-ceo-predicted-the-monster-eu-400-gbps-ddos-attack/

• http://resources.infosecinstitute.com/dos-attacks-free-dos-attacking-tools/