Saturday, 7 December 2013

What Is Distributed Denial Of Service(DDos) Attack

Hi Friends!

I heartily welcome you to our learning session. Today we develop an understanding of Distributed Denial Of Service (DDoS) attack (or informally zombie attack).

Definition:
It is a type of attack in which an online target is rendered unavailable (i.e. no one is able to access the site, i.e. not even legitimate users).

Explanation:
Lets begin by understanding "Denial of Service" first.

In India, we have general public telephone number to contact local police @100.

Assume, a bad guy(or group), everyday, goes to telephone booth and dials this number, say between, 6:00 am to 9:00 pm. In that case, if any legitimate user wants to call police for an emergency, he/she will always find the line engaged! This is what is known as "Denial of Service".

It is easy to track down from where the call is made and hence relatively easy to prevent this attack.

Now, let's understand the "Distributed" part:

It is common sense that the police station in a district won't have just a single inbound line to cater to calls. So lets us assume that there are 200 lines available. What if, 200(or more) bad guys start making calls to the police station from different pay phones. The phone lines are bound to get flooded thereby preventing 'needy' person to reach to Police.

Here, the bad guys make a coordinated attack on the Police contact lines from different locations. And hence, the scope of this attack is major.

Now, consider the same situation, replace 'Police telephone lines' with the web site's server you are trying to use[bad guys still remain the same!]

Targets(mostly):
1. Banks
2. News websites
3. Government websites

How it is done:
#1. To launch DDos, attackers needs millions of machines as sources of request. They develop malicious software, web sites, advertisements etc. to attract users to click them.

#2: Once clicked on these links, a malicious software is installed in to the users machine, without they being even aware of it.

#3: These machines are called botnets.
Now these botnets can be used by the hacker like his own system to send requests to the target.

Symptoms:
#1: Inability of authenticated users to open web sites or Unavailability of web site
#2: Unusually slowness of the site

Categories:
There are 2 flavors of the attack:
#1: Crash services
#2: Flood services

Google them for more understanding! :)

Precautions:
To prevent your machines to be one of botnets, know which web site are you visiting(online games, adult sites, songs/movies downloading sites mostly have these flashing links), don't run any executable on your machine unless you are sure of its 'origin'. Keep your anti-virus updated with internet security turned ON.

There are a lot of things you can do. Better will be to Google it!

Is there any map where I can get the look and feel of DDos Attack:
Well this question shows the inquisitiveness of my blog's readers. And, yes I won't disappoint you all. The answer to this question is: YES

You can find the link here (or alternatively, you can copy+paste "http://www.digitalattackmap.com" in your web browser.)

Hope you find this session interesting.

Feel free to leave a comment.

Cheers!


Access Shared Folders Over Network: NetBios Attack

Hi friends!

Greetings!!

Today we are going to learn one of the primitive types of hacking: NetBios Attack.

Disclaimer: The below attack is for tutorial purpose and the blogger does not endorse the technique. Please note that if any thing (relating to this post or any other) goes awry, the blogger cannot be held responsible. This tutorial is only to show a potential attack of this type exist and all parties using computers should use preventive measures to be safe from this type of attack. The misuse of the tutorial can result in criminal charges brought against the person in question and the blogger cannot be held responsible in case anyone is misusing below information to break the law. This blog was created for information purpose only.

[I took more time to write Disclaimer than the tutorial]

What exactly it is: Well, If you are running a home network, chances are that you may have some folders, files or printer sharing turned on. With this attack, a hacker can get access to your shared resources over the network.

So lets see how it is done:

N.B.: I am using my own system for demo purpose.

#1: Find out the IP address of systems over your network(I have a separate tutorial lined up for this). For now arp -a could be used:






#2: Once you have the IP handy, let check if there is any shared files available on the system:


N.B.: 'A' is caps in the above command

#3: If there is no <20> under Remote column, then that system is not vulnerable to this attack. If there is, as in case of my system(see screen shot above), we can move to #4.

#4: Now its time to find out shared files over this system:


#5: We see that 4 files are shared over the network. Let's see how it can be accessed:




If all goes well, it will generally take 10-15 seconds to get a positive response

#6: Now opening the accessed folder in Explorer should be piece of cake for you:

That's all folks. You can watch videos on your local system as if it is your own system and not somewhere in the network.

Rest is Next
Cheers!