mcsa_ecsa-lpt-v8_ecsa-v8_ecsav8-module-21-denial-of-service-penetration-testing

Trang 2

Penetration Testing lViethodology Internal External Information Vulnerability i Network ` Penetration 5 Gathering Analysis : Penetration Testing : Testing Testing Testing Firewall ie ^ IDS Penetration 7 Y > Penetration

Password Social Web

Cracking _ Engineering Application ỗ : Penetration Penetration Penetration Penetration 3 2 : Testing Testing Testing Testing Router and lụ Wireless Denial-of-

Switches Network Service

Penetration Testing Penetration Testing Penetration Testing Stolen Laptop,

PDAs, and Cell Source Code N Security TY,

Phones Penetration bài 2o

Trang 4

Module Objectives

4 Introduction to Denial-of-Service § cisnd thie webs conascna

Attack Guestbook with Bogus Entries

a ae to Conduct DoS Penetration @ Run Peer-to-Peer Attacks

Testing

Test for Buffer Overflow Attacks That J Check for DoS Vulnerable Systems Recule in Denial OF Service

4 Run IP Fragmentation Attack on

S erver Test for User Input as a Loop Counter

Trang 5

How Does a Denial-of-Service Attack Work?

“4 Denial-of-Service (DoS) attacks are designed to bring down an enterprise network or e-commerce site by flooding it with large amounts of traffic, similar to hundreds of people repeatedly dialing a telephone number to keep it busy and unavailable Malicious traffic takes control over all the available bandwidth ‘Gr Email Server

Internet Web Server

Trang 6

These attacks can effectively bring down

internet access; to most businesses, this would result in inconvenience and some

loss of productivity

A Distributed Denial-of-Service (DDoS) attack

uses the same methods as a regular DoS

attack, but it is launched from multiple

sources

¬~ -=_=- | I | I i | I i I | I | I I | | i I | I I I | i | | I I I | I I I I I I | | I I I Ỷ

The well-known DDOS attack on Sony PlayStation that compromised account information of 101 million users created havoc by a simple flood of data that

distressed functionality of the website for 20 minutes

To web-based and ecommerce companies, this could result in

substantial monetary losses from loss of

Trang 7

How Do Distributed Denial-of-Service Attacks Work?

Handler infects a large

number of computers

—“ bd Zombie systems are instructed to

over the Internet

SS | à attack a target server

Trang 8

Warning

Check with your client before performing DoS attacks on

the company + oat y À

Successful DoS attacks might render their systems unusable,

resulting in loss of revenues;

hence, DoS penetration testing should be performed ina _

restricted and regulated — i

environment

DoS tests on some network components can hamper or sabotage the host service

Checks on critical systems and DoS attacks on the client’s network infrastructure can server can cause disruptions to debilitate the organization’s service and dwindle its overall

information structure performance

Trang 9

How to Conduct DoS Penetration Testing

Trang 10

How to Conduct DoS Penetration Testing (Cont’d)

Trang 11

Step 1: Test Heavy Loads on Server

C Neoload - [petstore*] ơ_=

â Test the load capacity, balance, ———-

and performance of the server jôg|svse»|@øav|o m=.n =

| CS Design 5 Runtime | PS Results

the client’s remote servers such =| Z œœ 2 ” [Sa gwen +f

° Ey [terszo¬ II đẩy pefeut sec 7

as the database server, mail | 2z mm m_ ;=—mmm -

server, web server, etc | fone El reheat mart not

es } © Advances | (ec) Lo Acoty +o sử

@ Send malicious or malformed Ren bie hie

E Conszant The load ic grown regdaty intel user qurmber: ;ọo

packets to different data ys

protocols to distress the host | ` — fee

1 Every 5 mnutes «

services | IT) Pooks V) Maximum mumber of users: 20({

@ Use automated tools to [i one Gì gi0i20ai00 12g

> l

simulate heavy load on the

Trang 12

Load Testing Tool: IxChariot

4 IxChariot is a test tool for simulating real-world applications to predict device and pe under realistic load conditions

File Eda View Fir Tools Wexkw Heb

H íi #

~ oS ~— đ

^

Pw Goer Tews Records | JON Contdence! Averege | Merwin) Moira] Measwred|] Felatien Groep Nene Mun States ©ctrcktắ lx te+ tor? Pte) toc) | Tee Gec)) Precition

g rs 106434 9910 72.026

Trang 13

Load Testing Tool: StressTester

StressTester is an enterprise and tool that simplifies and speed ups the task of performance testing

It monitors as many of the of the system under test as required fe twœc @ Pecerd aver line bed Seve Create Test tựn © red —- M me» ẴẲ@te‹ +

` p+ ea © BOs Cat Jes eae Oana cae Ses ome ph) Tx pev #fn J ho om) tx pe MnQre Geach) Resparee Compernen

{ ) | Buy eee hwy Congres per Sex Avg Eeiporue per Mr Ore Pxe nae ~ cụ, Ooohutore ' Xaanev4 6X _ Average Response Times per Second = ` > Sa s2 tư » *+— "= cs 0 “ = Retarce oto - Morvtory » sưa xo 36 ^^ l2 re > ro ® 8 = ua : Une Monto’ — €Coe»xzert+ — : x «0 — - / -~ Ị 9 User Soureys A | “2 5 % (a) i Growne and tery & a0 t : l © Š a Ê f le Che rer Cet ts a A @ _tư#œ * 308 | “uc 3 ˆs#r+ 7) GR Or Sereer = =o „` ~~ Sia Benes 3 Ứ) Ø UcMveaeaoem ì - [1 xe ma M tro sẻ () b« Cướ« tự Re =

ae CPU Total URiisation ( xo ˆ

Lock wots (501 Sere a s tạ { ‹ in ‹ > 116 Bart Oete tằ5 â ơ tnd Oster » ~ 8) Anaiyes Mode: Stsọ 2% v Tirme imme (Se¢8) (secs ae |

Ratres (secs): | TewRenas | L LL ~ Browse and Buy @ Crange Veet Oetats @ Users S= CPU Tọt3 (X0680100 | — = amen —- _

— Ueer Sosrey naw Ñ Crản Complete ji rơi — || MarReexose(m) || MRewpesegms) || Avg Recporee (ma) |

‘Rart Cube 99 x4 2009 13-42-22 Bowie wd Ory 0 a „” 9 —

Chưyt Uwex Oessey 9 “vr ? 9 $2.07)

Trang 14

Load Testing Tool: Proxy Sniffer aw * + * * * ene ~ Proxy Sniffer is an innovative and powerful tool for measuring the stability and response time of web applications

! PRX: txecute Load Test - Mozilla Firefox

FF hetp://127.0.0.1:7990/dhescher jwebadminatert ace/PopupOw ectonytiavigatorRartL oad Test Weblet "fle? athB64—QzpcR Gir dw I IbARIDVUZCEF aW/S2dG

eee

Proxy Sniff : : DO = %

a: ee agen” Project Navigator - Execute Load Test Mẹ & Ratresh Che

Execute Load Test Job: Test0’

Execute Test from Host Remote ExecAgentt v

Number of Concurrent Users 800 «

Load Test Duration 32min v

——— Max Loops per User unkmited ¥

= Startup Delay per User 500 © Milliseconds

Max Network Bandwidth per User unlimited Downlink unlimited Uplink Request Timeout per URL 60 xw Seconds

Max Error-Snapshots 20MB memory ¥ Statistic Sampling Interval 15 ~ Seconds

Additional Sampling Rate perPage Call 100% v

Additional Sampling Rate perURL Call 20% Y Add: recommended ¥

Trang 17

bring down the overall network x9p+E xrrryey “tre dẢoonvs, ee ee teres)

systems that are vulnerable to DoS _ ——

vulnerable systems such as software

applications, operating system, network devices, etc SS Certificate Carnet Be Trusted SS Corticate bntermastan Mecceot Wirceas SMB Sennce Detector byperTewt Trenster Protec! (MTTP) tormnaton OS | TLS Verwons Supeorted Nessus Server Cietecties

Vendome SoG S CME Remnne Most hệ» (b<<sse mm Mcrctof Windows SMB Log in Powsdte

Meme vo x sex CAđB lợn ssl/ csaerẽ Rem*sg Ý ven ke a®ten (xà (hon re Wee Server Ureer@gures : Dete® rant Page Prevere

OS keentiicanen

Hoạt Fưêy Qualtied Doman Name (FODN) Resotuton hee atend Check OS Narre aval netatied Pax tage Bourne ato

Denial-of-Service attacks on the Wer Server) Apadcaten laswesi k6 Verx$cs Í rmggYvSrx2 Vows EMUGSX Server cluđSe<%erơ

network such as Nmap, GFI ss 4S abc se SRE

Trang 18

“& GFI LanGuard’s checks operating system, virtual environments, and installed applications using a vulnerability check database rer mmm.a15® xe mm *l& I1 -= Oaihboard S<an Remcdutc Actovity kÍc ốc* Reports Configuration Utilities Ị, - Diocuss this vers - " “ (7 - ~ ;

vis |Q Bel vl o|e|s/xleo!| «| @

Fitter Gow Sard Overnew Computers Heaton, Vuinerabdties Paches Posts Stiwee Hartege xen

: receraton

& tntre nemmeork ® _» Entire Network - 1 computer

BR Locathost - WINMSSELOK AKA! “

* Local Domain | WORMGROUP s Vulnerability Loewe! Seasity Sersors WIN SS SELCK S41

tš “ we Update Firewall issues Credentais Setup

- ee

- e- = kí " 2 1 Corpus aN @ U toreư Jtộ rert Ser packs and Up Unautnenzed Appicat_ Maturare Protection is (Whee « @ 8 Most Vulhe: able Comouters 0 corrgouters 1 coroers BB woeussercucnes 'Vulnmz sêm 4tr % All Status Auer a \@ 1 coreuiers Q comuters Vuinerabity Trend Over Tine aoe Jaks Commuter Count `» es 4 7342 - re Computer Vuierabéty Ostrmuton Computers Sy Operating Syston Coremon Teakes š

Mange agents Sia toon <a ll j

Trang 19

——- Pp on Server — ` Colasoft Packet Builder © Bombard the target with File Edit Send Help

connection request packets Import Expot*v oe * Add Insert đở © Copy Delete x | 2 MoveUp Checksum ý Send Send All N |8 ® ; ư- as0f Packet At

‘ Decode Editor PacketNo 4 Gf Packets 4 Selected 1

a fake source address to the fig Packet Nusber: oP Packet Length: 000004 64 2 1 0.100000 00000000) 0.190000 0.0.0.0 BE target server P Captured Length: 60 | 3 019999 00000

[fi] Delta Time 0.100000 Second Tí

artiall open con ection with MP Source Address: 00:00:00:00:00:00 p y P Cc n @P Protocol: 0x0£00 Intern the server but never complete + @ IP - Internet Protocol [19/271 the process S| Header Length es

=- Differentiated Services Field 9000 0000 [15/1} 0xFF D Differentiated Services Codepoint 9000 99 !t5/1]} 0O0xFC = Check for any loopholes or flaws 2 Tan sử cal tà CE Bit cece ve 6, ;

2 Congestion oo = = = wees se, ) a

in the host server by sending known non-malicious exploits

0000 | 00 00 00 00 00 90 00 00 00 00 GO 90 08 00 45 00| - cs

i 0010 | 00 2E 00 00 40 90 40 11 3A C0 00 00 00 00 00 00 | 8.8.: # Use ba nợ crafting tools such as 0020 | 00 09 00 09 02 00 00 3A FF BÀ 09 00 90 09 00 00 | sen no

Colasoft’s Packet Builder, Engage 0030 Ï 00 00 00 00 09 00 000000000000 i 7 1

Packet Builder, and Scapy to

Trang 20

step 4: Run Port Flooding Attack on Server Vulnerabilities in trace routes often provide a potential risk for overall target network infrastructure

Use a port flooding attack to flood the port and increase the CPU usage by maintaining all the connection requests on

the ports under blockade '_ if < Ye

Check by sending non- malicious flooder packets to various ports such as UDP

port, TCP port, ICMP port, etc

Trang 21

Step 5: Run IP Fragmentation Attack

on Server

„ Engage Packet builder

File Managers Options Language Help

œi¡b ®%œ Sl(2 ® 3?

VULNERABILITE.COM

Le portail des professionne’s de lo sécurité des systemes d'information Network intes'ace 9) [1 Intell] PRO/1000 MT Desktop Adapter (10.0 v || Int] L_] Set at destination IP of Set as sexnce IP [ Etheret ] Speci destination [MAC] L_} Specšy sousce MÁC] (| 080027951569 (ÉP) Source IP Pot: ff] ] Destination IP [ Pot: 1 |

Specdy header ace |) 5 x4 [bytes]

Type ol service : | Roawtine vị Specšy IœAllerth 1 4í Specify identification L_] Fragmertation: OF [0 May Fragment | MF | 0: Last Fiageert SÌ 0œ |0 |x# TTL: [64 Protocol [6 TCP Specily checksum CJ |7 Speciy options [) [ Webserves | Pott: 6¢ Stotus : | TCP Sequence: 0 { Flags J Computer Security Re sources ICMP Acknovéedge: 0 Specty date offset | 5 x 4 [byes] URG j | ACK | PSH | | R$ST || $SYN || FAN | Wndow : (0 Lrger : '0 1 C_] Specify TCP checksum Spealy TCP optors [J { Data ] From Me L_] [ Commands } Nb of packets Ñ [ Serge ] $ Packetlype TP + | SEND | | RUN$CRIPT | | START | Status: Ready http://www.engagesecurity.com CuuDuongThanCong.com 21

Use an IP fragmentation attack to crash the server by sending a large number of !P packets

Send non-malicious IP packets

that crash the system and exhaust network resources

Test by sending known invalid

fragmented IP packets that

consume and interject with CPU capacity

Use IP packet builder tools such as TCP/IP Builder or Engage Packet Builder to send a large number of fragmented IP packets to the

target server

Trang 22

Step 6: Run Ping of Death

ef werngoogle.com - Colasoft Ping Too!

Send an IP packet larger than the =ẽ :

65,536 bytes by fragmenting it Tư i y

It is also known as long ICMP, sPING, uì @|?|_ (hee

ICMP bug, or IlceNewk UB vr google ccc Run these oversized packets on the - ị ù h 270 —— yee Ay Qg&G client’s IP address and check ề ® 2000 Hy : Execute known non-malicious or & 1000 ° ce

malformed pings on the client’s system S8 TT TT HT TH ng nã ce!

Check by sending oversized data ạ vs — Sore on

7 af www.google.com [2011- 12-2 z8 1E- S845} Reply for fm www.google.com: bytes = 6 tme = 9m: TT =- % ˆ

packets to any port on the client’s © 4125.26.82 (2022-12-28 2098/47 Reply form www.google.com: bytes » 04 mg ZIms TTL = 30

© Lo<ationcUnited States [2011-12-28 16:58:48 Reply form www.google.com: bytes = 64 time = 29ms TTL = 56 netwo rk © Packets Sent-35 [2011-12-28 16-S8:50)Reply form www.google.com: bytes = 64 time = 29ms TIL = %

2011-12-78 16:58:51 Reply form www.google.com: bytes = tne = ms TTL =

[2021-22-78 16:58:51 Reply f goog 64 29m¿ TT{ = % [2011-12-28 16:58:53 Reply form www.google.com: bytes = 64 time = 29m: TTL = 5% [2011-12-28 16:58:54 Reply form www.google.com: bytes = 64 time = 42ms TTL = %

[2011-12-26 16:53:56 Reply form www.google.com: bytes = 64 time = 32ms TIL = 6

Use packet generator tools such as Net

Tool or Colasoft’s Ping Tool to send ORO TO RTE OSI HERE

ping packets to the client’s network Ready oP NUM

=e

Trang 23

Teardrop Attack

„p Engage Packet builder =-

File Managers Option+ Lenguage Help ©

so VULNERABILITE.COM Computer Security Resourcer overlapping IP fragments

Le porfail des professionnels de ia sécurité SEGUPEDIA >

Ges systémes c'informotion >

Network interlace ',ØJ TP uoP | OP

1 Irlelf| PRIO/1099 MT Deskion Adapter [10.0 v ted

ren ar Sequence (0 Acknowledge 0

Za Sel as source IP |] Set as destination IP @ exploits

5 dwa cÍset — | 4 [ Ethemet ] Re) pooly deta offset | x4 [bytes]

Spectly destination MAC) (_j — na pa

(“tHRG | ACK | | PSH | | RST || SYN J] FN j

Specily scarce (MAC) () 000127951561

i Window fo - Urgert ol

{ IP — —

SoucelP: 1002 —1 Specd#u TOP checksum

Destination |P Specšy TCP options J

| Đa | Specty header s Faom Re [] Type of service | Routine

Specily total length C] Specily identification —] Fragmentation OF 0: May Firagwent MF ¥ 1 More Fiagmerts ¥ 0e: |O [x8 TIL: |64 =Š S | Comenands } Pidocol: |6: TCP

Nbol packet; - Í1 Packet ype: [TCP vị | SENO |

Trang 24

Step 8: Run ) Attack r ¢) Multi IP Ping Hosts to Ping Results: 192 168 168 192 168.168 Add 192 168.168 ViTe 192 168.168 From | |192.168.168 | Rem | 192 168.168 ———— | 192 168.168 | tex 132 169 163 192 168.168 192 168.168 192 168.168 Note: Remember that from computer O.0.0.ttocomputerO0.7tthesg> | Cancel through 255 computers Status Pinging: 192.168 168 Hosts remaning 7 Estimated time: 0.434 secs Oz | 100% Save log http://www.mabsoft.com ee CuuDuongThanCong.com or Use (ICMP)

message to block the traffic of the target system with a spoofed broadcast ping message from a fake source address

Storm the target by sending ping to the client’s server

Send the known to the client’s IP broadcast addresses

Check that these forged packets are all systems on the network

Use tools such as : re) g

to send multiple ping requests or ICMP packets to the client”s server

Trang 25

step 9: Run an Email Bomber on Email Servers

a target mail server Ø@ bì $ $ | £ ø | d2 # 2Í: ® CIA BHP Be! RIO-

Contentz of malling list c "—— l> Begiste [)\nlyxc

= Flood the email server with non- Si iol Ss Pelee onan :

ici i 4 % Recyrents a 5 ahkoster@plcdrect ni

malicious emails Be Ho Ít enigrtroEni

~ = Mail bomb with fake multiple j j j > ew ee sests 1 Ä a2znetŒnetzeto Se com

email addresses to the target | — _ Urgent Notiicaborns Hee ) & aalarcon@hotmai com

server "8 Nà MY) & abalanehome cơm

: * Hang [Zì Â abdelkaderusŒuahoo com

© Send emails using forged email YF & abeicareon@uipariteescrow.com Ề : [Zì Â sabaGcandw ag addresses with multiple [A] & access360@eal com % accesseq@belsouth net attachments 7) & sce_player69_2000Gs:ahoo.comn : ⁄Jì & acer@pandora be

= Use tools such as Advanced Mail Z] 8 achies@cdc de :

Bomber or Mail Bomber for Sa : Si

sending emails Mode Editing Rlecileris: 7236 Servers, 3 Mescages: 5

http://www.softheap.com

Trang 26

Step 10: Flood the Website Forms and

Guestbook with Bogus Entries r”— | * Title Please Select

FirstName | | * First Name

Last Name ` Last Hame Email Address : | * Company Phone | : Country USA x Job Title = State/Province ~ Select below v Company ° “—————— ——— ———-—— ————— * Email

State/Prov :| Other ry)

Country : | United States [US] al [elephone

| would like to receive communications from

Please outline the nature of your enquiry

entries

Trang 27

step 11: Run Serv aggBequest Floods

ao —

Exhaust server resources by setting Flood the client’s server with

up and tearing down TCP numerous service requests containing

connections large payloads

Parsing attacks can also be used to exploit Send queries for web services with a

vulnerabilities in the processing capabilities of grammatically correct SOAP document that XML parser to create a DoS attack or generate contains infinite processing loops resulting in logical errors in web service request processing exhaustion of XML parser and CPU resources

Trang 28

step 12: Run Permanent Denial-of- service Attacks

lo “4 ° WY - Outlook Dats File - Microsoft Outlook he) —

| mm | Mowe Send / Recewe Folder oer Add-Ins ‘ Q

s cnet eas: ee We eee F439 = ar ¢ GU Onettote Follow Up * Fetter E-naet

phlashing, refers to attacks that LÊ _ xi :

cause irreversible damage to Se bưu "` :

system hardware, requiring the betes en — ° i

victim to replace or reinstall the ao 12m — j

hardware Ac ae I1

| ‘genau hư: Dear Intell Customer 3

2) Glory 10 Due to recent discovery of Several vulnerabiites i Our `

° ` sacunty updates >

over email, IRC chats, tweets, : + " Suanett For xanh We INSIST YOU to rnmediately update your Ễ

social networking sites, video, boy system's graphics diver

and photo sharing sites to post : bone Click To Update Your Graphic Drivers

the fraudulent links for hardware : _ ee

2 ( _) Ma: ' ‘pied Secunty Officer

updates and trick users to HE 3“ Du Soi

Trang 29

Step 13: Run Peer-to-Peer Attacks =

= Trick clients of peer-to-peer f ing hubs to disconnect from

their network and connect to a fake website

= Check for unpatched/non-vulnerable DC++ (

on the client network

= Check for any exploiting flaws in the operating 2m and that are vulnerable to these attacks

Trang 30

step 14: Test for SOL Wildcard Injection

Attacks

e Carry out SQL wildcard attacks by using various wildcards to exhaust CPU resources

e Design a query using different wildcards that will not yield any results

® Run this query in the application’s search feature and check for execution time e Use different combinations of wildcards such as “%”, "[4]", "[]", and "_“ in the

và query

Mu | e Check for query execution time in the database server

Trang 31

Log In to Customer Accounts

neck the logg¢g ø mechar mc ne nost applications Dv repec ealy loggi Z¡n to a

user account

it locks the user account

Trang 32

Step 16: Test for Buffer Overflow Attacks

That Result in Denial of Service ; ele -atic SNS locations s IS > ORS m4 _ sn a= < C

target server, such : as wel server, es

application server, and web and tea rece tes server

applications

4 Send non-malicious script containing ( Void overflow (char *str) { hà

char buffer [10];

data programs to a specific storage nem 6ml Ee= wist'c jiilengexcus!

space that cannot handle oversized }

data programs

Int main () {

4 Execute any known code with format hes eke “TRS Ee ä eee thet

type specifiers and input strings that is larger than the buffer of 10”;

Trang 33

allocated to the client’s server and check by sites, give large numbers for the item list or

filling the whole memory and corrupting its send an automated script that keeps adding

performance items to the user cart

Create a large number of objects through

application code by submitting or setting an String TotalObjects =

: request.getParameter

extremely large numeric value nomberofobjecte’)s ank emoEobleuEw =

Int Int (TotalObjects) ; Exhaust the available memory in the server | ComplexObject [] anArray = new ee Ôn DU Ôn,

by supplying or creating numerous copies of ComplexObject [NumOfObjects]; // wrong!

objects in the applications

2 Use hidden fields or computed values in the

user forms on the client’s Javascript

applications ——

= Check for places and give large values where numbers are submitted as a name/value pair in the application code

Trang 35

step 18: Test for User Input as a Loop Counter ~ (E (E (BD (E (È

Check whether applications loop through a

code segment that exhausts computing

resources and its performance

Check for input values that counter ina loop function and execute code a high

number of times inside the loop

Check whether applications are configured

to loop at every input submitted by the

tester

Test by sending an extremely large number

of name/value pairs directly to the server Send a large number of name/value pairs or scripts in the request body that take longer for the application to loop

Locate places where input values exhaust server resources by continuously

requesting to loop with the known non- malicious code CuuDuongThanCong.com Public class MyServlet extends ActionServlet { Public void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String [] values = request.getParameterValues (“CheckboxField”) ; // Process the data without length check for reasonable range — wrong!

For (int i=0; i<values.length; i++) {

// Lots of logic to process the request

Trang 36

Try to generate large application log files with enormous volumes of data, mostly filling target local disks

Check by submitting an extremely long value in a request to the server that the application log file validates immediately and processes it

Check whether a data validation method that verifies format and length of the submitted value makes a record of the failed value in the application logs

Check the upper limit of log dimensions and maximum allocated space for each log entry to perform an attack on application logs

<3 Send a known automated script that carries large field values to the client’s application + + and check the log files

Send overly large requests to the host server and check whether application log files record these without any limitation of the length

E 4 S Â Copyright â by

Trang 37

step 20: Test for

Check whether applications properly (files and/or memory) after they are used

Check for any errors in the of the programming and its allocated memory Send non-malicious vulnerable code to applications or perform operations by sending repeated service › to the server

Mount the file and some of its

parts with in the host applications

and host servers

Consume | and/or => by injecting data to the applications and servers Use special characters like “ ” , and to create er in applications and consume memory ECSA Se

public class AccountDAO { public void createAccount

Trang 38

Step 21:Try to Store Too Much Data in Sessions =.-

Monitor the target memory usage |

by sending scripts that consume allocated memory or disk space

a | Send large amounts of data ina

| user session to consume

allocated memory and exhaust server resources

‹ * a + >

Send a large amount of data in đà places where a large number of

j records are retrieved and stored

=

in applications or a database Test by sending automated |

scripts that create new sessions on the server and run requests to cache data

for each session

Send known non-malformed paging codes repeatedly for a certain period

Check whether blocks of data while testing the database server

are recorded in a cache or database for user sessions

Trang 39

DDoS Attack Tool: LOIC

Trang 40

.* DoSHTTP 2.5.1 - Socketsoft.net [Evaluation Mode} x!

File Options Help c _ĐoSHTTP Eran Flood Denial of Service (DoS) Testing Tool Target URL _ 1192.168.168.97 xị User Agent _|Mozilla/6.0 (compatible: MSIE 7.0a; Windows NT 5.2; SV1} *| _ Sockets Requests

[500 | [Continuous v[ Verify URL | Stop Flood| Close |

Legal Dscipimer bitp.//

Running Requests: 1 Responses: 0 DoS HTTP CuuDuongThanCong.com Hostname or IP-address: Start = g W.JUgayboy.com = Pott cane ee ee eo [20 Reset Status: L Êonnecting to 118.215.252 53:80 Connected [1174 = — Peadc | 1174 Connect: ' 0K Disconnect: | No error

Multisystem TCP Denial of Service Attacker [Build #12]

BG) Coded ty Yas ainaty) bi: / vai ba/ Sprut

Định dạng
Số trang	46
Dung lượng	5,34 MB