search
GitHubTwitterExegolTools

Denial of Service (DoS)

hashtag
Theory

There are two distinct types of denial of service:

  • Denial of Service (DoS): using a single machine, a DoS attack reduces or prevents accessibility of service for its users. It usually does so by flooding the targeted machine with a consequent amount of requests to overload the system or by exploiting logic flaws that make the target server compute way too much.

  • Distributed Denial of Service (DDoS): a DDoS attack has the same goal as the DoS attack. Except it uses a multitude of compromised machines to cause a denial of service and usually relies on flooding rather than finding and exploiting logical flaws.

There are various ways to cause a denial of service by flooding such as:

  • MAC flooding: flooding a switch with packets using different source MAC addresses.

  • ARP poisoning/spoofing: linking multiple IP addresses with a single MAC address (to a target).

  • Slow HTTP: sending HTTP requests in a slow and fragmented way, one at a time.

  • File upload: exhausting the back-end system's disk space and network bandwidth by uploading lengthy files. Also, uploading a file that will be interpreted in the back-end could cause a DoS, if the file uploaded is malicious and its goal is to overload the system.

  • ICMP flood: flooding the targeted machine with an overwhelming amount of ICMP requests.

The list is not exhaustive however, one can keep in mind that multiple categories exist, presenting a different approach for conducting a DoS attack: bandwidth, packets, TCP-related components, application layer, etc.

Testing for DoS in engagements can be useful for detecting applications and configurations vulnerabilities, by then providing the client with possible mitigation to prevent DoS attacks.

hashtag
Practice

hashtag
Websites

hping3 arrow-up-rightis a tool for firewall testing, OS fingerprinting, port scanning, etc. (see manualarrow-up-right). What's interesting is its DoS testing capabilities. More examples on hping3.arrow-up-right

The command sends a huge amount of packets with random source addresses to stress firewall state tables and other dynamic tables (IP based) within the TCP/IP stacks and firewall software.

hping3 --rand-source --flood $TARGET_IP

The command sends a huge amount of SYN packets with a specified port.

hping3 -S --flood -V -p $TARGET_PORT $TARGET_IP

Other specialized tools can be used such as Hulk arrow-up-rightand GoldenEyearrow-up-right.

triangle-exclamation

hping3arrow-up-right, Hulk, arrow-up-rightand GoldenEye arrow-up-rightshould be used with care and in specific cases. The number of requests they can send could crash the targeted system.

hashtag
Resources

LogoWhat Is a Distributed Denial of Service (DDoS) Attack? | NETSCOUTNETSCOUTchevron-right
https://ktflash.gitbooks.io/ceh_v9/content/91_dosddos_concepts.htmlktflash.gitbooks.iochevron-right
LogoDenial of Service - OWASP Cheat Sheet Seriescheatsheetseries.owasp.orgchevron-right
LogoWhat is a DoS Attack? Types, Exploitations and Security TipsVAADATA - Ethical Hacking Serviceschevron-right
LogoLong password denial of service - Vulnerabilities - AcunetixAcunetixchevron-right
PreviousInsecure CookiesNextIdentity and Access Management

Last updated

Was this helpful?