Đang tải... (xem toàn văn)
CEHv8 module 10 denial of service
D e n ia l o f S e r v ic e M o d u le 10 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e Denial־of־Service M o d u le 10 E n g in e e re d b y H acke rs P r e s e n te d b y P ro fe s s io n a ls « !> C E H E t h ic a l H a c k i n g M o d u le a n d : e a s u r e s v D e n ia l-o f-S e rv ic e E x a m M o d u le P a g e C o u n t e r m -5 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e SecurityNews Hom e K g ■ I New s ■ ! ! ■ H S B C i s L a t e s t T a r g e t in C y b e r A t t a c k S p r e e October 19, 2012 HSBC (HBC) experienced w idespread disruptions to several o f its w ebsites Thursday, becom ing one o f th e highest-profile victim s yet in a series o f attacks by a group claim ing to be allied w ith Islam ic terrorism m "H SBC servers ca m e u n d e r a d e n ia l o f service atta ck w h ich a ffe cte d a n u m b e r o f HSBC w eb sites a ro u n d th e w orld," the London-based banking giant said in a statem ent "This denial o f service a ttack did not a ffe ct any cu stom er data, but did prevent custom ers using HSBC onlin e services, including internet banking." HSBC said it had the situ ation under co n tro l in the early m orning hours o f Friday London time The Izzad-D in al-Q assam Cyber Fighters to o k responsibility fo r th e atta ck th at at points crippled users' access to hsbc.com and o th e r HSBC-owned properties on the W eb The group, w hich has also disrupted the w ebsites o f scores o f o th er banks including J.P M o rgan Chase (JPM) and Bank o f Am erica (BAC), said the attacks w ill continue until the anti-lslam ic 'Innocence o f M u slim s' film tra ile r is rem oved fro m the Internet http://www.foxbusiness.com Copyright © by EC-Cauactl All Rights Reserved Reproduction is Strictly Prohibited S e c u r i t y N e w s &3>u j s ״m p p H S B C is L a te s t T a r g e t in C y b e r A t t a c k S p re e Source: http://www.foxbusiness.com HSBC (HBC) experienced widespread disruptions to several of its websites recently, becoming one of the highest-profile victims yet in a series of attacks by a group claiming to be allied with Islamic terrorism "HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world," the London-based banking giant said in a statement "This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking." HSBC said it had the situation under control in the early morning hours of Friday London time The Izz ad-Din al-Qassam Cyber Fighters took responsibility for the attack that at points crippled users' access to hsbc.com and other HSBC-owned properties on the Web The group, which has also disrupted the websites of scores of other banks including J.P Morgan Chase (JPM) and Bank of America (BAC), said the attacks will continue until the anti-lslamic ׳Innocence of Muslims' film trailer is removed from the Internet M o d u le P a g e 4 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e In this case, a group claiming to be aligned with the loosely-defined brigade of hackers called Anonymous also took responsibility However, a source in the computer security field who has been monitoring the attacks told FOX Business "the technique and systems used against HSBC were the same as the other banks." However, the person who requested anonymity noted that Anonymous "may have joined in, but the damage was done by" al-Qassam The people behind al-Qassam have yet to be unmasked Several published reports citing unnamed U.S officials have pointed to Iran as a potential culprit, but multiple security researchers have told FOX Business the attacks don't show the hallmarks of an attack from that country There is a consensus, however, that the group is likely using a fairly sophisticated type of denial-of־service attack Essentially, al-Qassam has leveraged exploits in Web server software to take servers over and then use them as weapons Once they are taken over, they slam the Web servers hosting bank websites with a deluge of requests, making access either very slow or completely impossible Servers have an especially high level of connectivity to the Internet, giving al-Qassam more horsepower with fewer machines copyright©2012 FOX News Network, LLC By Adam Samson h ttp ://w w w fo x b u in e s c o m /in d u s trie s /2 /1 /1 /h s b c -is -la te s t-ta rg e t-in - c v b e r-a tta c k sp re e/# ix zz2 D cA M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e ModuleObjectives * C E H ' J W hat Is a Denial of Service Attack? J DoS Attack Tools J W hat Are D istributed Denial of Service Attacks? J Detection Techniques J D0S/DD 0S C o u n term easu re J Sym ptom s of a DoS Attack J Techniques to Defend against Botnets J DoS Attack Techniques J J B otnet A dvanced DD0S Protection Appliances J B otnet Ecosystem J D0S/DD 0S Protection Tools J B otnet Trojans J J DD0S Attack Tools Denial of Service (DoS) Attack P enetration Testing r n Copyright © by EC-Cauactl All Rights Reserved Reproduction is Strictly Prohibited M ta = = w ith o d u l e O b j e c t i v e s , T h is m o d u le a d is c u s s io n im p lic a tio n s of lo o k s a t v a r i o u s a s p e c ts o f d e n i a l ־o f ־s e r v i c e a t t a c k s T h e o f d e n ia l-o f-s e rv ic e such a tta c k s a tta c k s D is tr ib u te d R e a l-w o rld s c e n a rio s d e n ia l-o f- s e rv ic e a tta c k s a re c ite d and th e to m o d u le s ta rts h ig h lig h t th e v a rio u s to o ls to la u n c h s u c h a tta c k s a re in c lu d e d t o s p o t lig h t t h e te c h n o lo g ie s in v o lv e d T h e c o u n te r m e a s u r e s fo r p re v e n tin g such a tta c k s a re a ls o t a k e n in to c o n s id e r a tio n V iru s e s a n d w o rm s a re b rie fly d is c u s s e d in t e r m s o f t h e i r u s e in s u c h a t t a c k s T h is m o d u l e w i l l f a m i l i a r i z e y o u w i t h : 2 W h a t is a D e n i a l o f S e r v i c e A t t a c k ? S D D o s A t t a c k T o o ls W hat s D e te c tio n T e c h n iq u e s s D S /D D S C o u n te rm e a s u re S T e c h n iq u e s A re D is tr ib u te d D e n ia l of S e rv ic e A tta c k s ? s S y m p to m s o f a DoS A tta c k s DoS A tta c k T e c h n iq u e s B o tn e t B o tn e t E c o s y s te m B o tn e t T ro ja n s D D S A tta c k T o o ls to D e fe n d a g a in s t B o tn e ts a Advanced DD0S P ro te c tio n A p p lia n c e s £ D S /D D S P r o te c tio n T o o ls s D e n ia l of S e rv ic e (D o S ) A tta c k P e n e tr a tio n T e s tin g M o d u le P a g e Copyright © by EC-C0l1nCil All Rights Reserved Reproduction is Strictly Prohibited E th ica l H a ck in g a n d C o u n te rm e a s u re s E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e Copyright © by E&Cauactl A ll Rights Reserved Reproduction is Strictly Prohibited M o d u l e In t h e th e b a n k in g DD0S F l o w p re s e n t In te rn e t w o rld , s e c t o r , a s w e l l a s IT s e r v i c e (d is trib u te d d e n ia l of s e rv ic e ) m a n y a tta c k s a re and w e re reso u rce la u n c h e d p ro v id e rs d e s ig n e d by ta rg e tin g DoS a tta c k e rs to o rg a n iz a tio n s in (d e n ia l o f s e rv ic e ) a n d b re a c h o rg a n iz a tio n s ' s e rv ic e s m m D o s /D D o S A t t a c k T o o ls Dos/DDoS Concepts * »־׳ M D o s /D D o S A tta c k T e c h n iq u e s d p g C o u n te rm e a s u re s *י p J B o tn e ts D o s /D D o S Case S tu d y / \^ M = 11 D o s /D D o S P r o te c tio n T o o ls D o s /D D o S P e n e tra tio n T e s tin g T h i s s e c t i o n d e s c r i b e s t h e t e r m s D o S , D D S, t h e w o r k i n g o f D D S, a n d t h e s y m p t o m s o f D o S I t a ls o ta lk s a b o u t c y b e r c r im in a ls a n d t h e o r g a n iz a t io n a l c h a r t M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e W W h A t t a h a t is a t I s a D e n i a l o f S e r v i c e c k ? a D e n i a l o f S e r v ic e A t t a c k ? Denial-of-service (DoS) is an attack that prevents authorized users from accessing a computer or network DoS attacks target the network bandwidth or connectivity Bandwidth attacks overflow the network with a high volume of traffic using existing network resources, thus depriving legitimate users of these resources Connectivity attacks overflow a computer with a large amount of connection requests, consuming all available operating system resources, so that the computer cannot process legitimate user requests An Analogy Consider a company (Target Company) that delivers pizza upon receiving a telephone order The entire business depends on telephone orders from customers Suppose a person intends to disrupt the daily business of this company If this person came up with a way to keep the company's telephone lines engaged in order to deny access to legitimate customers, obviously Target Company would lose business DoS attacks are similar to the situation described here The objective of the attacker is not to steal any information from the target; rather, it is to render its services useless In the process, the attacker can compromise many computers (called zombies) and virtually control them The attack involves deploying the zombie computers against a single machine to overwhelm it with requests and finally crash the target in the process M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e Malicious Traffic r « • £ * Malicious traffic takes control overall the available bandwidth r o (R Internet Router Attack Traffic m Regular Traffic Regular Traffic QDC^ Server Cluster Figure 10.1: Denial of Service Attack M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e W o j h f a S t A r e e r v i c e D i s A t r i b t t a u t e d D e n i a l c k s ? A d i s t r b u t e d den ia l- o f-s e rv ic e (D D o S ) attack invoh/es a m u l t i t u d e o f c o m p r o m is e d syste ms attack rig a single target, t h e r e b y causing d e n 01 o f service f o r users o f t h e t a rg e te d system j To launch a DDoS attack, a n attacker uses b o t n e t s a n d a tta cks a single sy stem Loss of Goodwil Financial Disabled Loss Organization C opyrights g jg g W h a t A r e D i s t r i b u t e d D Disabled Network trfE t C M K l AJ Rights Reserved Reprod urtion is S triettf Piohbfted e n i a l o f S e r v ic e A t t a c k s ? Source: www.searchsecurity.com A distributed denial-of-service (DDoS) attack is a large-scale, coordinated attack on the availability of services on a target's system or network resources, launched indirectly through many compromised computers on the Internet The services under attack are those of the ״primary target," while the compromised systems used to launch the attack are often called the "secondary target." The use of secondary targets in performing a DDoS attack provides the attacker with the ability to wage a larger and more disruptive attack, while making it more difficult to track down the original attacker As defined by the World Wide Web Security FAQ: "A Distributed Denial-of-Service (DDoS) attack uses many computers to launch a coordinated DoS attack against one or more targets Using client/server technology, the perpetrator is able to multiply the effectiveness of the denial-ofservice significantly by harnessing the resources of multiple unwitting accomplice computers, which serve as attack platforms." If left unchecked, more powerful DDoS attacks could cripple or disable essential Internet services in minutes M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e H o w D i s S e r v i c e t r i b u t e d D e n i a l o f C A t t a c k s W o E H r k Attacker sets a handler system / g m m >1 Handler infects a large num ber of com puters over Inte rn et ,־f m m H andler m C o m p ro m ise d PCs (Zom bies) Copyright © by EC-Cauactl All Rights Reserved Reproduction is Strictly Prohibited H o w D i s t r i b u t e d D e n i a l o f S e r v ic e A t t a c k s W o r k In a D D S a t t a c k , t h e t a r g e t b r o w s e r o r n e t w o r k is p o u n d e d b y m a n y a p p l i c a t i o n s w i t h fa k e e x te rio r re q u e s ts th a t m ake th e s y s te m , n e tw o rk , b ro w se r, or s ite s lo w , u s e le s s , and d is a b le d o r u n a v a ila b le The a tta c k e r in itia te s th e a g e n ts send a c o n n e c tio n re q u e s ts s e n t b y th e Thus, th e m a c h in e a tta c k g e n u in e re q u e st z o m b ie c o m p u te r g e ts flo o d e d w ith b y s e n d in g a c o m m a n d to a a g e n ts se e m sends th e u n s o lic ite d g e n u in e to th e c o m p u te r be sent by th e re q u e s te d z o m b ie s y s te m , v ic tim in fo rm a tio n resp o n se s fro m e ith e r re d u c e th e p e rfo rm a n c e o r m a y cause th e v ic tim M o d u le P a g e 1 to se ve l to a g e n ts T h e s e i.e , th e r e fle c to r th e r th a n th e v ic tim c o m p u te rs z o m b ie th e The z o m b ie s The v ic tim a t o n c e T h is m ay m a c h in e to s h u t d o w n E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e E n a b l i n g I O S S S o f t w T C P I n t e r c e p t o n C i s c o 1[ a r e E H | IUmjI NMhM To en ab le TCP in te rc ep t, use th e s e co m m and s in global configuration m ode: ■I E S te p C om m and P u rp o se access-list access-list-number {deny | permit} tcp any destination destination-wildcard Define an IP extended access list ip tcp Intercept list access-list-number Enable TCP Intercept T C P in t e r c e p t ca n o p e r a t e in e it h e r a c t iv e in t e r c e p t m o d e o r p a s s iv e w a tc h m o d e T h e d e f a u lt is in t e r c e p t m o d e n a b l i n g T C P I n t e r c e p t o n C i s c o I O S S o f t w a r e The TCP intercept can be enabled by executing the follow ing com m ands in global configuration mode: Command S te p Purpose a c c e s s -lis t a c c e s s -lis t-n u m b e r p e rm it} any tc p {d e n y I d e s tin a tio n Defines an IP extended access list d e s tin a tio n - w ild c a rd S te p ip tc p in te rc e p t l i s t Enables TCP intercept a c c e s s -lis t- num ber An access list can be defined for three purposes: To intercept all requests To intercept only those coming from specific networks To inte rcept only those destined for specific servers Typically the access list defines the source as any and the destination as specific networks or servers As it is not im portant to know w h o to intercept packets from, not filter on the source addresses M o d u le P a g e 8 Rather, you identify the d e stin atio n server or netw ork to protect E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e TCP intercept can operate in tw o modes, i.e., active interce pt m o d e and passive w a tch m ode The default is intercept mode In intercept mode, the Cisco IOS Software intercepts all incoming connection requests (SYN), gives a response on behalf of the server with an ACK and SYN, and then waits for an ACK of the SYN from the client W hen the ACK is received from the client, the software performs a thre e -w a y handshake with the server by setting the original SYN to the server Once the thre e -w a y handshake is complete, the tw o-half connections are joined The com m and to set the TCP intercept m ode in global configuration mode: p u rp o s e Command ip tc p w a tc h } in te rc e p t M o d u le P a g e m ode {in te rc e p t | Set the TCP intercept mode E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e A d v a A p p n c e d D D o S P r o t e c t i o n C l i a n c e E H s C is c o G u a rd XT http://www.cisco.com http://www.arbornetworks.com C opyright © by E & C au nc! A ll Rights Reserved Reproduction is S trictly Prohibited A d v a n c e d f ^ ^ D D o S P r o t e c t i o n A p p l i a n c e s F o r t i D D o S 0 ־A Source: http://w w w fortinet.com The FortiDDoS 300A provides visibility into your Internet-facing n e tw o rk and can detect and block reconnaissance and DDoS attacks while leaving legitim ate traffic untouched It features autom atic traffic profiling and rate limiting Its continuous learning capability differentiates between gradual build-ups in legitimate traffic and attacks FIGURE 10.31: FortiDDoS-300A M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e D D o S P r o te c to r Source: http://w w w checkpoint.com DDoS Protector provides protection against n e tw o rk flo o d and a p plica tion layer attacks by blocking the destructive DDOS attacks w ithou t causing any damage It blocks the abnormal traffic w ithout touching the legitimate traffic It protects your netw ork and w eb services by filtering the traffic before it reaches the firewall FIGURE 10.32: DDoS Protector C is c o G u a r d X T Source: http://www.cisco.com The Cisco Guard XT is a DDoS M itig a tio n Appliance from Cisco Systems It performs he detailed per-flow level attack analysis, identification, and mitigation services required to block attack traffic and prevent it from disrupting n e tw o rk operations FIGURE 10.33: Cisco Guard XT 5650 f e \ A r b o r P r a v a il: A v a ila b ilit y P r o te c tio n — Source: http://w w w arbornetw orks.com S y s te m A rb o r Pravail allows you to detect and remove known and em erging threats such as DDOS attacks autom atically before your vital services go down It increases your internal network visibility and im proves the efficiency of the network FIGURE 10.34: Availability Protection System M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e M o d u l e F l o w C E H C opyright © by E & C a in c i A ll Rights Reserved Reproduction is S trictly Prohibited M o d u l e F l o w In addition to the counterm easures discussed so far, you can also adopt D0S/DD0S tools to protect your netw ork or netw ork resources against D0S/DD0S attacks D o s /D D o S A t t a c k T o o ls D o s /D D o S C o n c e p ts ־ H T j D o s /D D o S A tta c k T e c h n iq u e s B o tn e ts D o s /D D o S Case S tu d y d p g /%*? ־ C o u n te rm e a s u re s Dos/DDoS Protection Tools D o s /D D o S P e n e tra tio n T e s tin g This section lists and describes various tools that offer protection against D0S/DD0S attacks M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e D o S / D D o S P r o t e c t i o n A n t i - D D o S F i r e w T o o l: D ־G u a r d C J E H a l l D -G u a rd A n ti-D D o S F irew all ™ ־־י p ro v id e s th e m o st re lia b le and Monitor fa s te s t D D oS p ro te ctio n fo r o n lin e e n te r p ris e s , p u b lic and m e d ia s e rv ic e s , e s s e n tia l in fra s tr u c tu re , and I n te rn e t s e rv ic e p r o v id e rs J i " F e a tu re s : Up © Pro tection against alm ost all kinds f t o f attacks © Built-in intrusion prevention » system ייייי• פ TCP flo w co ntrol a 1^1«״ IP blacklist and w hite list, ARP w hite list, and M A C Binding C opyright © by EC-Cauncl A ll Rights Reserved Reproduction is S trictly Prohibited D o S / D D o S F i r e w P r o t e c t i o n T o o l: D ־G u a r d A n t i - D D o S a l l S o u rce : h ttp ://w w w d - g u a r d c o m D ־G u a rd A n ti- D D o S F ir e w a ll p r o v id e s D D o S p r o t e c t i o n It o f f e r s p r o t e c t i o n a g a i n s t D S / D D S, S u p e r D D o S , D r D o S , f r a g m e n t a t t a c k s , S Y N f l o o d i n g a t t a c k s , IP f l o o d i n g a t t a c k s , U D P , m u t a t i o n UDP, n d o m U D P f lo o d in g a tta c s k , IC M P , IC M P f lo o d a tta c k s , A R P s p o o fin g a tta c k s , e tc F e a tu re s : © B u ilt-in in tru s io n p r e v e n tio n s y s te m © P r o te c tio n a g a in s t SYN, TCP flo o d in g , a n d o t h e r ty p e s o f D D o S a tta c k s © TCP flo w c o n tro l © U D P /IC M P /IG M P p a c k e ts te m a n a g e m e n t © IP b l a c k l i s t a n d w h i t e l i s t © C o m p a c t a n d c o m p r e h e n s i v e lo g file M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e FIGURE 10.35: D-Guard Anti-DDoS Firewall M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e D [JJ - ^ o S / D D o S P r o t e c t i o NetFlow Analyzer http://www.m anageengine.com ן T o o l s i * E H h ttp :/ / www fortine t com SDL Regex Fuzzer D efensePro http://w w w m icrosoft.com h ttp ://w w w radware com PW C FortiDDoS t י WANGuard Sensor ן n h h ttp://w w w andrisoft.com DOSarrest http:,//w w w dos arres t com NetScaler Application Firewall Anti DDoS Guardian h ttp ://w w w citrix com h ttp ://w w w bee think, com FortG uard DDoS Firewall DDoSDefend h ttp ://w w w fo rt guard, com h ttp ://d s defend, com C opyright © by E & C au nc! A ll Rights Reserved Reproduction is S trictly Prohibited D o S / D D o S P r o t e c t i o n T o o ls In a d d i t i o n t o D - G u a r d A n t i - D D o S F i r e w a l l , t h e r e a r e m a n y t o o l s t h a t o f f e r p ro te c tio n a g a in s t D o S /D D o S a tta c k s A f e w t o o ls t h a t o f f e r D o S /D D o S p r o t e c t io n a re lis te d asf o llo w s : © N e tF lo w A n a ly z e r a v a ila b le a t h t t p :/ / w w w m a n a e e e n g in e c o m Q SDL R e g e x F u z z e r a v a ila b le a t h t t p : / / w w w m ic r o s o f t c o m Q W A N G u a r d S e n s o r a v a ila b le a t h t t p : / / w w w a n d r is o f t c o m N e tS c a le r A p p lic a tio n F ire w a ll a v a ila b le a t h t t p : / / w w w c i t r ix c o m Q F o r tG u a rd D D o S F ire w a ll a v a ila b le a t h t t p : / / w w w f o r t g u a r d c o m e In tru G u a rd a v a ila b le a t h t t p : / / w w w i n t r u g u a r d c o m © D e fe n s e P ro a v a ila b le a t h t t p : / / w w w r a d w a r e c o m © D O S a rre s t a v a ila b le a t h t t p : / / w w w d o s a r r e s t c o m Q © A n ti D D oS G u a rd ia n a v a ila b le a t h t t p : / / w w w b e e t h in k c o m D D o S D e fe n d a v a ila b le a t h t t p :/ / d d o s d e fe n d c o m M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e C opyright © by E & C a in cfl A ll Rights Reserved Reproduction is S trictly Prohibited IIL M - T h e te s tin g on o d u l e m a in th e F l o w o b je c tiv e ta rg e t o f e v e ry n e tw o rk e th ic a l o r s y s te m hacker or pen reso u rce s te s te r is t o a g a in s t e v e ry conduct m a jo r and p e n e tra tio n m in o r p o s s ib le a t t a c k i n o r d e r t o e v a l u a t e t h e i r s e c u r i t y T h e p e n e t r a t i o n t e s t i n g is c o n s i d e r e d a s t h e s e c u r i t y e v a lu a tio n m e th o d o lo g y D S /D D S p e n e tra tio n te s tin g is o n e phase in th e o v e ll s e c u rity e v a lu a tio n m e th o d o lo g y ■— D o s /D D o S A t t a c k T o o ls D o s /D D o S C o n c e p ts ‘ C o u n te rm e a s u re s D o s /D D o S A tta c k T e c h n iq u e s B o tn e ts D o s /D D o S P r o te c tio n T o o ls D o s /D D o S Case S tu d y D o s /D D o S P e n e tra tio n T e s tin g M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e T h i s s e c t i o n d e s c r i b e s D o S a t t a c k p e n e t r a t i o n t e s t i n g a n d t h e s t e p s i n v o l v e d in D o S a t t a c k p e n e tr a tio n te s tin g M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e D e n i a P e n e l - o f - S e r v i c e ( D o S ) A t t a c k c t r a t i o n T e s t i n DoS attack should be incorporated into Pen testing to find out if the netw ork server is susceptible to DoS attack g E H (•rtifwtf D tUMJl Km Im ך I L A vulnerable netw ork cannot handle a large am ount of traffic sent to it and subsequently crashes or slows down, thus preventing access by authentic users DoS Pen Testing determ ines minimum thresholds for DoS attacks on a system , but the tester cannot ensure that the system is resistant to DoS attacks ] נ ]־נ r r ' Ll_: The main objective of DoS Pen testing is to flood a target netw ork w ith traffic, sim ilar to hundreds of people repeatedly requesting a service, to keep the server busy and unavailable ׳v : -1 C opyright © by E & C au nc! A ll Rights Reserved Reproduction is S trictly Prohibited ^ - D In e n i a l ־o f ־S e r v ic e an a tte m p t to s e c u re w e a k n e s s e s a n d t r y t o fix t h e m y o u r n e tw o r k T h e m a in a im o r c r a s h it in o r d e r t o ille g itim a te SYN or c o n n e c tio n re q u e s ts ( D o S ) your n e tw o rk , P e n e t r a t i o n firs t you o f a D o S a t t a c k is t o l o w e r t h e re q u e s ts c a n n o t be s h o u ld try to T e s t i n g fin d th e s e c u rity as th e s e w e a k n e s s e s p ro v id e a p a th f o r a tta c k e rs to b re a k in to in te rru p t th e p in g A t t a c k p e rfo r m a n c e o f th e ta rg e t w e b s ite b u s i n e s s c o n t i n u i t y A D o S a t t a c k is p e r f o r m e d b y s e n d in g th a t L e g itim a te h a n d le d o v e rw h e lm when th is th e c a p a c ity of a h a p p e n s S e rv ic e s n e tw o rk ru n n in g on th e re m o te m a c h i n e s c r a s h d u e t o t h e s p e c i a l l y c r a f t e d p a c k e t s t h a t a r e f l o o d e d o v e r t h e n e t w o r k In s u c h cases, th e n e tw o rk cannot d iffe re n tia te D e n ia l-o f-s e rv ic e a tta c k s a re e a s y w a y s t o have a g re a t deal of k n o w le d g e v u ln e b ilitie s As a p e n te s te r, y o u s e c u rity lo o p h o le s Y o u need to to b e tw e e n le g itim a te and ille g itim a te d a ta tra ffic b rin g d o w n a s e rv e r T h e a tta c k e r d o e s n o t n e e d to conduct need to th e m , s im u la te m a k in g th e it e s s e n tia l a c tio n s o f th e c h e c k w h e th e r y o u r s y s te m w ith s ta n d s to te s t a tta c k e r to D oS a tta c k s fo r fin d DoS th e (behaves n o r m a lly ) o r it g e ts c s h e d T o c h e c k th is , y o u n e e d t o f o llo w a s e rie s o f s te p s d e s ig n e d f o r D oS p e n e tra tio n te s t M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e D e n i a P e n e l - o t r a f - S t i o e n r v i c e T e ( D s t i n g o S ) A t t a c k ( c o n t ’d ) Test the web server using automated tools such as Webserver Stress Tool, Web Stress Tester, and JMeterfor load capacity, server-side performance, locks, and other scalability issues START U , Scan the network using automated tools such as Nmap, GFI LanGuard, and Nessus to discover any systems that are vulnerable to DoS attacks Flood the target with connection request packets using tools such as DoS HTTP, Sprut, and PHP DoS Use a port flooding attack to flood the port and increase the CPU usage by maintaining all the connection requests on the ports under blockade Use tools Mutilate and PepsiS to automate a port flooding attack C h e c k fo r DoS v u ln e b le s y s te m s f Use tools Mail Bomber and Advanced Mail Bomber to send a large number of emails to a target mail server F lo o d th e w e b s ite Run SYN fo rm s an d g u e s tb o o k a tta c k on th e s e rv e r Fill the forms with arbitrary and lengthy entries w it h bog u s e n trie s R u n p o rt flo o d in g R u n e m a il b o m b e r a tta c k s on th e s e rv e r on th e e m a il s e rv e rs Copyright © by E C -C a in d All Rights Reserved Reproduction isStrictly Prohibited \ D '® * י e n i a l ־o f ־S e r v ic e ( C ( D o S ) A t t a c k P e n e t r a t i o n T e s t i n g o n t ’ d ) T h e s e rie s o f D oS p e n e t r a t io n t e s t in g s te p s a re lis te d a n d d e s c r ib e d as f o llo w s : S te p 1: D e fin e th e o b je c tiv e T h e f i r s t s t e p i n a n y p e n e t r a t i o n t e s t i n g is t o d e f i n e t h e o b j e c t i v e o f t h e t e s t i n g T h i s h e l p s y o u t o p l a n a n d d e t e r m i n e t h e a c t i o n s t o b e t a k e n in o r d e r t o a c c o m p l i s h t h e g o a l o f t h e t e s t S te p 2: T e s t f o r h e a v y lo a d s o n th e s e rv e r Load te s tin g is p e rfo rm e d by p u ttin g an a rtific ia l lo a d on a s e rv e r o r a p p lic a tio n to te s t its s ta b ility a n d p e rfo rm a n c e It in v o lv e s t h e s im u l a t i o n o f a r e a l - t i m e s c e n a r io A w e b s e r v e r c a n b e t e s t e d f o r lo a d c a p a c it y u s in g t h e f o llo w in g to o ls : © W e b s e r v e r S t r e s s T o o l : W e b s e r v e r S t r e s s T o o l is t h e s o f t w a r e f o r l o a d a n d p e r f o r m a n c e te s tin g o f w e b a llo w s y o u t o you s e rve rs a n d w e b in f r a s t r u c t u r e s It h e lp s y o u te s t y o u r e n tire w e b s ite s im p ly e n te r th e URLs, th e a t th e in p e r f o r m i n g lo a d t e s t It n o r m a l ( e x p e c te d ) lo a d F o r lo a d te s tin g n u m b e r o f u se rs, a n d th e tim e b e tw e e n c lic k s o f y o u r w e b s i t e t r a f f i c T h i s is a " r e a l - w o r l d " t e s t M o d u le P a g e 9 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e W e b S tre s s T e s te r S o u rce : h ttp ://w w w s e r v e tru e c o m W e b S t r e s s T e s t e r is a t o o l t h a t a l l o w s y o u t o t e s t t h e p e r f o r m a n c e a n d s t a b i l i t y o f a n y W e b s e r v e r a n d p r o x y s e r v e r w i t h S S L /T L S -e n a b le d e J M e te r S o u rce : h ttp ://im e te r.a p a c h e o r g J M e t e r is a n o p e n - s o u r c e w e b to o l is a Java p e rfo rm a n c e a p p lic a tio n It was a p p lic a tio n d e s ig n e d o rig in a lly to lo a d -te s tin g to o l d e v e lo p e d lo a d d e s ig n e d fo r te s t fu n c tio n a l te s tin g web b y A p a c h e T h is b e h a v io r a p p lic a tio n s and but m ea su re has s in c e e x p a n d e d to o th e r te s t fu n c tio n s S te p 3: C h e c k f o r D oS v u ln e b le s y s te m s T h e p e n e t r a t io n t e s t e r s h o u ld c h e c k t h e s y s te m f o r a D oS a tta c k v u ln e r a b ilit y b y s c a n n in g th e n e tw o r k T h e fo llo w in g to o ls ca n be u se d to scan n e tw o r k s f o r v u ln e b ilitie s : © Nm ap S o u rce : h ttp ://n m a p o r g N m a p is a t o o l t h a t c a n b e u s e d t o f i n d t h e s t a t e o f p o r t s , t h e s e r v i c e s r u n n i n g o n t h o s e p o rts , th e o p e tin g s y s te m s , a n d a n y fir e w a lls a n d filte rs N m a p can be run fro m th e c o m m a n d lin e o r as a G U I a p p lic a tio n © GFI L A N g u a r d S o u rce : h ttp ://w w w g fi.c o m G F I L A N g u a r d is a s e c u r i t y - a u d i t i n g t o o l t h a t i d e n t i f i e s v u l n e r a b i l i t i e s a n d s u g g e s t s f i x e s fo r n e tw o rk a d d re s s /ra n g e v u ln e b ilitie s of IP GFI a d d re sse s L A N g u a rd s p e c ifie d , scans and th e a le rts n e tw o rk , u se rs about based th e on th e IP v u ln e b ilitie s e n c o u n te re d o n th e ta rg e t s y s te m © Nessus S o u rce : h ttp ://w w w n e s s u s o rg N e s s u s is a v u l n e r a b i l i t y a n d c o n f i g u r a t i o n a s s e s s m e n t p r o d u c t I t f e a t u r e s c o n f i g u r a t i o n a u d itin g , a s s e t p ro filin g , s e n s itiv e d a ta d is c o v e ry , p a tc h m a n a g e m e n t in te g tio n , and v u l n e r a b i l i t y a n a ly s is S te p 4: R un a SYN a tta c k o n th e s e rv e r A p e n e t r a t i o n t e s t e r s h o u l d t r y t o r u n a S Y N a t t a c k o n t h e m a i n s e r v e r T h i s is a c c o m p l i s h e d b y b o m b a r d in g t h e t a r g e t w it h c o n n e c tio n re q u e s t p a c k e ts T h e fo llo w in g to o ls ca n b e u s e d t o ru n SYN a tta c k s : DoS HTTP, S p ru t, a n d PHP DoS S te p 5: R un p o r t flo o d in g a tta c k s o n th e s e rv e r P o r t f lo o d in g s e n d s a la rg e n u m b e r o f T C P o r U D P p a c k e ts t o a p a r t ic u la r p o r t , c r e a tin g a d e n ia l o f s e r v i c e o n t h a t p o r t T h e m a i n p u r p o s e o f t h i s a t t a c k is t o m a k e t h e p o r t s u n u s a b l e a n d M o d u le P a g e 0 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e in c r e a s e t h e C P U 's u s a g e t o 0 % T h is a t t a c k c a n b e c a r r i e d o u t o n b o t h T C P a n d U P D p o r t s T h e fo llo w in g to o ls can be use d to c o n d u c t a p o rt- flo o d in g a tta c k : Q M u t i l a t e : M u t i l a t e is m a i n l y u s e d t o d e t e r m i n e w h i c h p o r t s o n t h e t a r g e t a r e o p e n T h i s t o o l m a i n l y t a r g e t s T C P / I P n e t w o r k s T h e f o l l o w i n g c o m m a n d is u s e d t o e x e c u t e M u tila te : m u tila te Q < ta rg e t _ IP > < p o rt> P e p s i5 : T h e P e p s i5 t o o l m a i n l y t a r g e t s U D P p o r t s a n d s e n d s a s p e c if ia b le n u m b e r a n d s iz e o f d a t a g r a m s T h is t o o l c a n r u n in t h e b a c k g r o u n d a n d u s e a s t e a l t h o p t i o n t o m a s k t h e p ro c e s s n a m e u n d e r w h ic h it ru n s S te p 6: R un an e m a il b o m b e r o n th e e m a il s e rv e rs In t h i s s te p , th e p e n e tra tio n te s te r sends a la rg e num ber o f e m a ils to te s t th e ta rg e t m a il s e r v e r I f t h e s e r v e r is n o t p r o t e c t e d o r s t r o n g e n o u g h , i t c r a s h e s T h e t e s t e r u s e s v a r i o u s s e r v e r to o ls t h a t h e lp s e n d th e s e b u lk e m a ils T h e f o llo w in g to o ls a re used to c a rry o u t th is ty p e of a tta c k : Q M a il B o m b e r S o u rce : h ttp ://w w w g e tfr e e file c o m /b o m b e r h tm l M a il Bom ber m a ilin g lis ts is a s e r v e r It is to o l c a p a b le used of to send h o ld in g a b u lk num ber e m a ils of by u s in g s e p a te s u b s c rip tio n -b a s e d m a ilin g lis ts based on s u b s c rip tio n s , e m a il m e ssa g e s, a n d S M T P s e rv e rs f o r v a rio u s re c ip ie n ts © A d v a n c e d M a il B o m b e r S o u rce : h ttp ://w w w s o fth e a p c o m Advanced M a il Bom ber is a b l e to send p e rs o n a liz e d m essages to a la rg e num ber of s u b s c rib e rs o n a w e b s ite f r o m p r e d e f i n e d t e m p l a t e s T h e m e s s a g e d e l i v e r y is v e r y f a s t ; it c a n s e rve rs h a n d le up to 48 b o u n d le s s s tr u c tu r e d SMTP in 48 d iffe re n t th re a d s re c ip ie n ts , S M T P se rve rs, A m a ilin g lis t c o n t a in s m e s s a g e s , e tc T h is t o o l c a n a ls o keep tra c k o f u se r fe e d b a c k S te p 7: F lo o d t h e w e b s it e f o r m s a n d g u e s tb o o k w i t h b o g u s e n trie s In t h i s s t e p , t h e p e n e tra tio n te s te r fills o n lin e fo r m s a t t a c k e r s e n d s a la rg e n u m b e r o f s u c h b o g u s a n d w ith a rb itra ry a n d le n g th y e n trie s , th e le n g th y e n trie s If a n d a ta s e rv e r m a y n o t be a b le t o h a n d le it a n d m a y c s h S te p : D o c u m e n t a ll t h e f in d in g s In th is s te p , th e p e n e tra tio n te s te r s h o u ld docum ent a ll h is or her te s t fin d in g s in th e p e n e tra tio n te s tin g re p o rt M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m - C e r t if ie d E t h ic a l H a c k e r D e n ia l o f S e r v ic e M □ o d u l e S u m m a r y C E H D enial o f S e rv ice (DoS) is an attack on a co m p u te r o r n e tw o rk th a t pre v e n ts le g itim ate u se o f its re so u rc e s □ A d istrib u te d d e n ia l-o f-se rv ic e (D D S) a tta ck is o n e in w h ic h a m u ltitu d e o f th e c o m p ro m is e d syste m s a tta ck a sin gle targ et, th e re b y cau sin g den ia l o f se rv ic e fo r u se rs o f th e ta rg e te d system □ In te rn e t Relay C h at (IRC) is a s yste m fo r ch a ttin g th a t in v o lve s a set o f ru les a n d co n v e n tio n s and c lie n t/s e rv e r s o ftw a re □ V a rio u s a tta ck te c h n iq u e s a re used p e rfo rm a DoS atta ck su ch as b a n d w id th a tta cks, s e rv ic e re q u e st flo o d s , SYN flo o d in g attack, IC M P flo o d atta ck, P e e r-to -P e e r a tta cks etc □ Bots a re s o ftw a re ap p lic a tio n s th a t ru n a u to m a te d ta sks o v e r th e In te rn e t and p e rfo rm sim p le re p e titiv e ta sks such as w e b s p id e rin g a n d sea rch e n g in e indexing □ DoS d e te ctio n te c h n iq u e s a re based on id e n tify in g a n d d isc rim in a tin g th e ille g itim a te tra ffic in cre a se and fla sh even ts fro m le g itim ate packet tra ffic □ DoS Pen Testing d e te rm in e s m in im u m th re s h o ld s fo r DoS a tta cks on a syste m , b u t th e te s te r ca n n o t e n s u re th a t th e s yste m is re s is ta n t to D oS a ttack M o d u l e © S u m m a r y D e n ia l o f s e rv ic e ( D o S ) is a n a tta c k o n a c o m p u te r o r n e tw o rk th a t p re v e n ts l e g i t i m a t e u s e o f its r e s o u r c e s © A d is trib u te d c o m p ro m is e d d e n ia l-o f-s e rv ic e (D D oS ) a tta c k is one in w h ic h a m u ltitu d e of th e s y s te m s a t ta c k a s in g le t a r g e t, t h e r e b y c a u s in g d e n ia l o f s e rv ic e f o r u s e rs o f th e ta rg e te d s y s te m © In te rn e t R e la y Chat (IR C ) is a s y s te m fo r c h a ttin g th a t in v o lv e s a set of ru le s and c o n v e n tio n s a n d c lie n t/s e rv e r s o ftw a re © V a rio u s a t ta c k te c h n iq u e s s e rv ic e a re used r e q u e s t f lo o d s , SYN f lo o d in g p e rfo rm a DoS a tta c k such a tta c k s , IC M P f lo o d as b a n d w id t h a tta c k s , p e e r- to -p e e r a tta c k s , a tta c k s , e tc © B o ts a re s o ftw a r e a p p lic a tio n s t h a t ru n a u t o m a t e d ta s k s o v e r th e I n te r n e t a n d p e rfo rm s im p le r e p e t i t i v e ta s k s s u c h as w e b s p id e r in g a n d s e a rc h e n g in e in d e x in g © DoS d e te c tio n te c h n iq u e s a re based t r a f f ic in c r e a s e a n d fla s h e v e n ts f r o m © DoS p e n te s tin g d e te rm in e s on id e n tify in g and d is c rim in a tin g th e ille g itim a te le g itim a te p a c k e t tra ffic m in im u m th re s h o ld s fo r DoS a tta c k o n a s y s te m , b u t th e t e s t e r c a n n o t e n s u r e t h a t t h e s y s t e m is r e s i s t a n t t o D o S a t t a c k s M o d u le P a g e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C U n C il A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d ... of its websites recently, becoming one of the highest-profile victims yet in a series of attacks by a group claiming to be allied with Islamic terrorism "HSBC servers came under a denial of service. .. c k e r D e n ia l o f S e r v ic e ModuleObjectives * C E H ' J W hat Is a Denial of Service Attack? J DoS Attack Tools J W hat Are D istributed Denial of Service Attacks? J Detection Techniques... group is likely using a fairly sophisticated type of denial- of ־ service attack Essentially, al-Qassam has leveraged exploits in Web server software to take servers over and then use them as