CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [59]
SSPing is a program that sends several large fragmented, Internet Control Message Protocol (ICMP) data packets to a target system. This will cause the computer receiving the data packets to freeze when it tries to reassemble the fragments.
A LAND attack sends a packet to a system where the source IP is set to match the target system's IP address. As a result, the system attempts to reply to itself, causing the system to create a loop which will tie up system resources and eventually may crash the OS.
CPU Hog is a DoS attack tool that uses up the CPU resources on a target system, making it unavailable to the user.
WinNuke is a program that looks for a target system with port 139 open, and sends junk IP traffic to the system on that port. This attack is also known as an Out of Bounds (OOB) attack and causes the IP stack to become overloaded, and eventually the system crashes.
Jolt2 is DoS tool that sends a large number of fragmented IP packets to a Windows target. This ties up system resources and eventually will lock up the system; Jolt2 isn't Windows specific as many Cisco routers and other gateways may be vulnerable to the Jolt2 attack.
Bubonic is a DoS tool which works by sending TCP packets with random settings, in order to increase the load of the target machine so it eventually crashes.
Targa is a program that can be used to run eight different DoS attacks. The attacker has the option to either launch individual attacks or try all of the attacks until one is successful.
RPC Locator is a service that, if unpatched, has a vulnerability to bugger overflows. The RPC Locator service in Windows allows distributed applications to run on the network. It is susceptible to DoS attacks, and many of the tools that perform DoS attacks exploit this vulnerability.
DDoS attacks can be perpetrated by BOTs and BOTNETS, which are compromised systems that an attacker uses to launch the attack against the end victim. The system or network that has been compromised is a secondary victim, whereas the DoS and DDoS attacks flood the primary victim or target.
Understand How DDoS Attacks Work
DDoS is an advanced version of the DoS attack. Like DoS, DDoS also tries to deny access to services running on a system by sending packets to the destination system in a way that the destination system can't handle. The key of a DDoS attack is that it relays attacks from many different hosts (which must first be compromised), rather then from a single host like DoS. DDoS is a large-scale, coordinated attack on a victim system.
Hacking Tools
Trinoo is a tool which sends User Datagram Protocol (UDP) traffic to create a DDoS attack. The Trinoo master is a system used to launch a DoS attack against one or more target systems. The master instructs agent processes (called daemons) on previously compromised systems (secondary victims), to attack one or more IP addresses. This attack occurs for a specified period of time. The Trinoo agent or daemon is installed on a system that suffers from a buffer overflow vulnerability. WinTrinoo is a Windows version of Trinoo and has the same functionality as Trinoo.
Shaft is a derivative of the Trinoo tool that uses UDP communication between masters and agents. Shaft provides statistics on the flood attack that attackers can use to know when the victim system is shut down; Shaft provides UDP, ICMP, and TCP flooding attack options.
Tribal Flood Network (TFN) allows an attacker to use both bandwidth-depletion and resourcedepletion attacks. TFN does UDP and ICMP flooding as well as TCP SYN and smurf attacks. TFN2K is based on TFN, with features designed specifically to make TFN2K traffic difficult to recognize and filter. It remotely executes commands, hides the source of the attack using IP address spoofing, and uses multiple transport protocols including UDP, TCP, and ICMP.
Stacheldraht is similar to TFN and includes ICMP flood, UDP