1 / 25

DoS Suite and Raw Socket Programming

Learn about DoS attacks, raw socket programming, crafting packet headers, attack methods, defenses, and lab exercises. Gain insights into TCP, UDP, ICMP, and IP protocols. Enhance coding skills and understanding of network security.

efleming
Download Presentation

DoS Suite and Raw Socket Programming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame

  2. Motivation • “We are not teaching you to be script kiddies in this class” Henry Owen • Give the students a better understanding of: • Raw Socket programming • Coding • Modifying • Understanding • DoS Attacks • Dangers • Defenses

  3. Raw Socket Programming • “Raw socket is a computer networking term used to describe a socket that allows access to packet headers on incoming and outgoing packets. Raw sockets are usually used at the transport or network layers.” wikipedia.org • The ability to craft packet headers is a powerful tool that allows hackers to do many nefarious things

  4. Lab Structure • Expand knowledge on Particular DoS attack and IP protocols • Edit/Develop code based on understanding of previous section and given resources • Compile and Execute attack • Gather data • Analyze and implement defenses

  5. IP Headder What we are trying to create: Figure 1: IP Packet Diagram (www.h3c.com)

  6. Creation of an IP headder using Raw Sockets void addIP(unsigned char *buf, struct pktInfo *pktInfo, int offset) { struct ip* ip = (struct ip*) (buf + offset); //ip points to some place in the buffer ip->ip_v = 4; //ipv4 ip->ip_hl = 5; //4 * 5 = 20 bytes ip->ip_tos = 0; //didn't specify any special type of service ip->ip_len = htons(pktInfo->pktSize); //total packet size ip->ip_src.s_addr = pktInfo->srcAddr; //4 byte source IP address ip->ip_dst.s_addr = pktInfo->destAddr; //4 byte destinfation IP address ip->ip_id = rand(); //random id ip->ip_off = 0; //mainly used for reassembly of fragmented IP datagrams. ip->ip_ttl = 255; //Time to live is the amount of hops before the packet is discarded ip->ip_p = pktInfo->protocol; //protocol used: TCP, UDP, etc ip->ip_sum = 0; //zero out the checksum field before computing the checksum ip->ip_sum = in_chksum((unsigned short *) ip, IPHEADER); //compute the checksum }

  7. Denial of Service (DoS) • The Internet was designed for easy connectivity and scalability • Not designed to support authentication schemes • Attempt to occupy all resources of a system • Two general types of DoS attack

  8. DoS Suite • First type attack • ICMP Reset attack • Second type attack • TCP syn attack • UPD flood attack • Ping Request (smurf) attack

  9. Using the DoS Suite

  10. ICMP Reset Attack • By spoofing a Hard ICMP error message a hacker can kill any running TCP connection • Requires the four-tuple • Determine the four-tuple using a packet sniffer • Guessing the four-tuple • By gathering information of the operating systems being used and the communication method in use. ICMP reset packets can be sent over a range of port addresses killing a connection you can not sniff.

  11. ICMP Reset Attack (Lab)

  12. ICMP Reset Attack

  13. TCP SYN Attack • When a server receives a SYN it stores the connection information in memory and sends back a SYN-ACK • Because the IP Address is spoofed it will never get a response and the information will stay until timeout • If packets are send fast enough they will fill the buffer and no new requests will be able to be processed

  14. SYN Attack (Lab)

  15. SYN Attack

  16. SYN Attack (Summary)

  17. UDP Flood Attack • The premise of the UDP attack is similar to the SYN however when using UDP the client does not set aside memory for the connection information • If packets are send fast enough they will fill the network card buffer and no new requests will be able to be processed

  18. UDP Flood Attack (Lab)

  19. UDP Flood Attack

  20. UDP Attack (Summary)

  21. ICMP Ping (smurf) Attack • DDoS attack • Using a network of machines a lot more information can be sent at once • Send ping requests to a network of machines with a return address of the “victim” machine • If packets are send fast enough they will fill the buffer and no new requests will be able to be processed

  22. ICMP Ping Attack (Lab)

  23. ICMP Ping Attack

  24. ICMP Attack (Summary)

  25. DoS Defenses • SYN Cookies • Configure your firewall (refer to lab4) • IPtables • CiscoPIX • Real Secure

More Related