Presentation is loading. Please wait.

Presentation is loading. Please wait.

DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.

Published byDustin Davis Modified over 9 years ago

Similar presentations

Presentation on theme: "DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame."— Presentation transcript:

1 DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame

2 Motivation  “We are not teaching you to be script kiddies in this class” Henry Owen  Give the students a better understanding of:  Raw Socket programming  Coding  Modifying  Understanding  DoS Attacks  Dangers  Defenses  “We are not teaching you to be script kiddies in this class” Henry Owen  Give the students a better understanding of:  Raw Socket programming  Coding  Modifying  Understanding  DoS Attacks  Dangers  Defenses

3 Raw Socket Programming  “Raw socket is a computer networking term used to describe a socket that allows access to packet headers on incoming and outgoing packets. Raw sockets are usually used at the transport or network layers.” wikipedia.org  The ability to craft packet headers is a powerful tool that allows hackers to do many nefarious things  “Raw socket is a computer networking term used to describe a socket that allows access to packet headers on incoming and outgoing packets. Raw sockets are usually used at the transport or network layers.” wikipedia.org  The ability to craft packet headers is a powerful tool that allows hackers to do many nefarious things

4 Lab Structure  Expand knowledge on Particular DoS attack and IP protocols  Edit/Develop code based on understanding of previous section and given resources  Compile and Execute attack  Gather data  Analyze and implement defenses  Expand knowledge on Particular DoS attack and IP protocols  Edit/Develop code based on understanding of previous section and given resources  Compile and Execute attack  Gather data  Analyze and implement defenses

5 IP Headder What we are trying to create: Figure 1: IP Packet Diagram (www.h3c.com)

6 Creation of an IP headder void addIP(unsigned char *buf, struct pktInfo *pktInfo, int offset) { struct ip* ip = (struct ip*) (buf + offset); //ip points to some place in the buffer ip->ip_v = 4; //ipv4 ip->ip_hl = 5; //4 * 5 = 20 bytes ip->ip_tos = 0; //didn't specify any special type of service ip->ip_len = htons(pktInfo->pktSize); //total packet size ip->ip_src.s_addr = pktInfo->srcAddr; //4 byte source IP address ip->ip_dst.s_addr = pktInfo->destAddr; //4 byte destinfation IP address ip->ip_id = rand(); //random id ip->ip_off = 0; //mainly used for reassembly of fragmented IP datagrams. ip->ip_ttl = 255; //Time to live is the amount of hops before the packet is discarded ip->ip_p = pktInfo->protocol; //protocol used: TCP, UDP, etc ip->ip_sum = 0; //zero out the checksum field before computing the checksum ip->ip_sum = in_chksum((unsigned short *) ip, IPHEADER); //compute the checksum } void addIP(unsigned char *buf, struct pktInfo *pktInfo, int offset) { struct ip* ip = (struct ip*) (buf + offset); //ip points to some place in the buffer ip->ip_v = 4; //ipv4 ip->ip_hl = 5; //4 * 5 = 20 bytes ip->ip_tos = 0; //didn't specify any special type of service ip->ip_len = htons(pktInfo->pktSize); //total packet size ip->ip_src.s_addr = pktInfo->srcAddr; //4 byte source IP address ip->ip_dst.s_addr = pktInfo->destAddr; //4 byte destinfation IP address ip->ip_id = rand(); //random id ip->ip_off = 0; //mainly used for reassembly of fragmented IP datagrams. ip->ip_ttl = 255; //Time to live is the amount of hops before the packet is discarded ip->ip_p = pktInfo->protocol; //protocol used: TCP, UDP, etc ip->ip_sum = 0; //zero out the checksum field before computing the checksum ip->ip_sum = in_chksum((unsigned short *) ip, IPHEADER); //compute the checksum } using Raw Sockets

7 Denial of Service (DoS)  The Internet was designed for easy connectivity and scalability  Not designed to support authentication schemes  Attempt to occupy all resources of a system  Two general types of DoS attack  The Internet was designed for easy connectivity and scalability  Not designed to support authentication schemes  Attempt to occupy all resources of a system  Two general types of DoS attack

8 DoS Suite  First type attack  ICMP Reset attack  Second type attack  TCP syn attack  UPD flood attack  Ping Request (smurf) attack  First type attack  ICMP Reset attack  Second type attack  TCP syn attack  UPD flood attack  Ping Request (smurf) attack

9 Using the DoS Suite

10 ICMP Reset Attack  By spoofing a Hard ICMP error message a hacker can kill any running TCP connection  Requires the four-tuple  Determine the four-tuple using a packet sniffer  Guessing the four-tuple  By gathering information of the operating systems being used and the communication method in use. ICMP reset packets can be sent over a range of port addresses killing a connection you can not sniff.  By spoofing a Hard ICMP error message a hacker can kill any running TCP connection  Requires the four-tuple  Determine the four-tuple using a packet sniffer  Guessing the four-tuple  By gathering information of the operating systems being used and the communication method in use. ICMP reset packets can be sent over a range of port addresses killing a connection you can not sniff.

11 ICMP Reset Attack (Lab)

12 ICMP Reset Attack

13 TCP SYN Attack  When a server receives a SYN it stores the connection information in memory and sends back a SYN-ACK  Because the IP Address is spoofed it will never get a response and the information will stay until timeout  If packets are send fast enough they will fill the buffer and no new requests will be able to be processed  When a server receives a SYN it stores the connection information in memory and sends back a SYN-ACK  Because the IP Address is spoofed it will never get a response and the information will stay until timeout  If packets are send fast enough they will fill the buffer and no new requests will be able to be processed

14 SYN Attack (Lab)

15 SYN Attack

16 SYN Attack (Summary)

17 UDP Flood Attack  The premise of the UDP attack is similar to the SYN however when using UDP the client does not set aside memory for the connection information  If packets are send fast enough they will fill the network card buffer and no new requests will be able to be processed  The premise of the UDP attack is similar to the SYN however when using UDP the client does not set aside memory for the connection information  If packets are send fast enough they will fill the network card buffer and no new requests will be able to be processed

18 UDP Flood Attack (Lab)

19 UDP Flood Attack

20 UDP Attack (Summary)

21 ICMP Ping (smurf) Attack  DDoS attack  Using a network of machines a lot more information can be sent at once  Send ping requests to a network of machines with a return address of the “victim” machine  If packets are send fast enough they will fill the buffer and no new requests will be able to be processed  DDoS attack  Using a network of machines a lot more information can be sent at once  Send ping requests to a network of machines with a return address of the “victim” machine  If packets are send fast enough they will fill the buffer and no new requests will be able to be processed

22 ICMP Ping Attack (Lab)

23 ICMP Ping Attack

24 ICMP Attack (Summary)

25 DoS Defenses  SYN Cookies  Configure your firewall (refer to lab4)  IPtables  CiscoPIX  Real Secure  SYN Cookies  Configure your firewall (refer to lab4)  IPtables  CiscoPIX  Real Secure

Download ppt "DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
Computer Security and Penetration Testing

Computer Security and Penetration Testing
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)

CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.

Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Chapter 5 The Network Layer.

Chapter 5 The Network Layer.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Application Layer PART VI.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Application Layer PART VI.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
1 Application Presentation Session Transport Network Datalink Physical OSI model 7 6 5 4 3 2 1 Application IPv4, IPv6 Device Driver Hardware TCPUDP Internet.

1 Application Presentation Session Transport Network Datalink Physical OSI model Application IPv4, IPv6 Device Driver Hardware TCPUDP Internet.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Similar presentations

Ads by Google