| Subject: Re: step by step how to attack DoS |
Author:
hendra
|
[
Next Thread |
Previous Thread |
Next Message |
Previous Message
]
Date Posted: 21:55:03 01/11/02 Fri
In reply to:
David
's message, "Re: how to attack DoS" on 21:57:18 01/10/02 Thu
www.denialinfo.com
or http://www.irchelp.org/irchelp/nuke/
Operating System Attacks
These attacks exploit bugs in a specific operating system (OS), which is the basic software that your computer runs, such as Windows 98 or MacOS. In general, when these problems are identified, they are promptly fixed by the company such as Microsoft. So as a first step, always make sure you have the very latest version of your operating system, including all bug fixes. All Windows users should regularly visit Microsoft's Windows Update Site which automatically checks to see if you need any updates.
Once you're sure you're fully updated, skip to the "networking attacks" section below.
Windows 95/NT Nuke Patches
If you're using Windows 95 or NT, see the nuke information page for step by step directions to defend against a series of "classic" attacks.
Note: Windows 98, 2000, and later already include these patches and are immune to these operating system attacks. They are of course still vulnerable to networking attacks described below.
Networking Attacks.
These attacks exploit inherent limitations of networking to disconnect you from the IRC server or your ISP, but don't usually cause your computer to crash. Sometimes it doesn't even matter what kind of operating system you use, and you cannot patch or fix the problem directly. The attacks on Yahoo and Amazon mentioned at the top of this page were large scale networking attacks, and demonstrate how nobody is safe against a very determined attacker. Network attacks include ICMP flood (ping flood) and smurf which are outright floods of data to overwhelm the finite capacity of your connection, spoofed unreach/redirect aka "click" which tricks your computer into thinking there is a network failure and voluntarily breaking the connection, and a whole new generation of distributed denial of service attacks (although these are seldom used against individuals).
Just because you got disconnected with some unusual error message doesn't mean you got attacked. Almost all disconnects are due to natural network failures. On the other hand, you should feel suspicious if you get disconnected repeatedly, especially when you frequent certain IRC channels or talk to certain people. (Although if that's the case, you really should just learn to avoid these troublemakers.)
What can you do about networking attacks? If the attacker is flooding you, you essentially must have a better connection than he does. Otherwise your only recourse may be a firewall run by your ISP. That is the subject of the next section.
Firewalls: Truths and Myths
First of all, do not believe anybody who just promised you that you will be safe if go download some "firewall" program. If you don't believe me, see what the infamous "hacker" Kevin Mitnick said in a recent speech:
"It's naive to assume that just installing a firewall is going to protect you from all potential security threat. That assumption creates a false sense of security, and having a false sense of security is worse than having no security at all."
Mitnick points out how even "real" firewalls run by your ISP are far from perfect, so imagine how useless that puny "personal" firewall on your PC is.
Now on to the facts. A true firewall is a protective barrier consisting of both hardware and software run by your ISP to block attacks, while still allowing you to access the Internet freely. You cannot "get" an effective firewall just by downloading a program, or even dedicating a special computer as the gateway to your home/local network. You cannot run a firewall just by turning on mIRC's SOCKS firewall options - those just allow you to configure mIRC to use your provider's existing firewall.
If your ISP can't or won't run a firewall, the next level of defense may be a so-called "personal firewall" program that you run on your computer. Although not as effective as a true firewall, these programs can potentially provide limited protection. Before you go off and download a firewall, however, it's very important that you see through the typically misleading ads and ignorant news stories. Personal firewalls have many advantages and disadvantages as described below.
Firewall PROs
A firewall can prevent certain specific attacks, most notably disconnects from spoofed unreach aka "click" - this is perhaps its most important (and some would say only unique) contribution to your security.
A firewall can block inadvertent holes in your computer's security, such as if you unintentionally leave open file or print sharing or some server software such as for FTP. Instead of relying on a firewall, however, you should check your security (try the Shields UP! site) and just fix these vulnerabilities .
It can protect against operating system attacks described in the previous section, but if you regularly update your OS with the latest patches this is unnecessary.
It can sometimes help to prevent disconnects due to very slow flood attacks such as from another modem to your modem, but that's like a vest that protects you only against slow bullets - you're still defenseless against real harm.
Finally, firewalls can block the action of Trojan horses because a cracker can't remote control you if he can't even connect to you. Likewise, a firewall can stop you from sending out Internet "worms" (often called email viruses) if you're already infected. On the other hand, you wouldn't need the firewall if you didn't foolishly download and run the Trojan or worm in the first place, since there wouldn't be anything to block! I often hear people who complain, "I've already gotten viruses 3 times this month! I need more protection!" My answer: "No, you need to learn to stop downloading junk from the Internet!" Trust me, if you don't get smart, a mere firewall isn't going to stop you from getting viruses for the 4th, 5th, or 100th time.
Firewall CONs
Personal firewalls cannot protect you against serious floods, because it is only software and is run on the tail-end of your relatively slow connection, rather than at the ISP's high-bandwidth side. Consider if a river is threatening to overflow, you have to try to stop the flood with barriers at the river banks. If you don't do that, by the time 10-foot flood waters surround your house, it's useless to try to stop it just by sandbagging your front door. This is a very important point, so let me repeat it: No matter what clever software or hardware you run at home, you will always be vulnerable to flood attacks (e.g. ICMP flood and smurf) especially if you have a relatively slow connection.
A firewall can report failed attack attempts, but this is not helpful for a lot of technical and philosophical reasons, some of which are covered in our tracing help page. Bottomline - 99.9% of the time it's just a false alarm and gets you all stressed out for nothing.
Firewalls are not a "plug and play" magic fix that you download, run, and forget. They take time to set up, can be confusing to many people, and require constant configuring and updating to adapt to new attacks.
Firewalls often get in the way of your legitimate network activity. Although most firewalls are configured by default to allow things like web browsing, they often need to be taught about DCC, identd, ICQ, etc. or else you won't be able to do those things. If you don't have identd, for example, you will have trouble connecting to many EFnet IRC servers, and you are completely banned from DALnet.
Finally, firewalls cannot block, find, or remove traditional viruses which do not generate any network activity; that is the role of virus-scanning software. For example, if you get an email virus attachment, your firewall will let it through since email by itself is an allowed activity, and if you open the attachment designed to erase your disk, it can still do so since that doesn't involve any network activity that the firewall monitors.
Moral of the story? We do not recommend average users go and download firewalls blindly. You absolutely should fix any vulnerabilities that exist on your computer, but running a firewall is not the right way to do that. If and only if you are the victim of certain kinds of attacks as described above, and you're willing to accept the negatives of running a firewall, only then should you try this.
If you still think you want to use personal firewall software, some of the better choices are ZoneAlarm (free for personal or non-profit use) and Conseal PC Firewall (commercial product of US$49.95 and up depending on Windows version, 15 day free trial). For help setting up the product or adding new rules, you will have to search the web or ask the company that makes it.
--------------------------------------------------------------------------------
More Information and Help
After reading the news above, you may wish to check out these other resources:
More Info & Patches
Get more information and defensive patches for specific DoS attacks.
Reporting Attacks
Learn about your (limited) options for reporting abusers or seeking revenge.
Tracing & Monitoring
Check out your (limited) options for tracing or monitoring nukers.
BugTraq [external link]
This is the definitive source of information (and misinformation too) when it comes to attacks, bugs, exploits, etc. It is not intended for typical users because it is extremely technical and can be very hard to sort through even for expert programmers and system administrators.
Personal Firewalls [external link]
Detailed albeit subjective reviews of many personal firewalls from Gibson Research Corporation (GRC). There's a lot of invaluable information here, but remember this is from an advocate, and you should try to sift through the opinions to get at the facts.�
[
Next Thread |
Previous Thread |
Next Message |
Previous Message
]
| |
Feedback: 