Programs available on the Internet

• Ping ‘O Death: To saturate a router or a server by sending a large number of requests “ICMP REQUEST” datagrams whose size exceeds the maximum allowed. Patches exist to protect themselves from this type of aggression under the MacOS, Windows NT/9x, Sun Solaris, Linux and Novell Netware.
• Land – Blat: It is sending a package forged (spoofed) containing the SYN flag on a given port (like 113 or 139 for example) and identify the source as the address of the target station. There are a number of patches for this “bug” for UNIX and Windows.
• Jolt: Specially designed for Microsoft systems (NT, 9x and 2000), this attack can saturate the CPU of the station who suffered. IP fragmentation causes, when sending a large number of fragments of identical packets (150/sec), a total saturation of the processor during the entire duration of the attack. Pre-existing patches are used to try to counter this type of attack.
• Teardrop - SynDrop: problem discovered in the old system kernel in the Linux section on the fragmentation of IP packets. This is a problem of reconstruction package. When the system reconstructs the packet, it performs a loop that will allow to store in a new “buffer” all packets already received. There actually control the size of the package but only if it is too big. If it is too small it can cause a problem with the kernel and crash the system (alignment problem packages). This problem has also been observed on Windows systems (NT/9x) and patches are now available.
• Ident Attack: This problem in the identd daemon can easily destabilize a UNIX machine that uses it. A large number of requests for authorization results in a total instability of the machine. To avoid this problem, install a newer version of the daemon and then use identd daemon pidentd-2.8a4 (or later).
• Bonk - Boink: same problem as the Teardrop but slightly modified to not be affected by the patches provided for Teardrop. There are new patches better constructed that also prevent this new type of attack.
• Smurf: This program uses the technique of “ICMP Flood” and amplifies it in order to create a disaster on (or) machines specified. In fact, he uses the technique of “broadcast ping” so that the number of ICMP packets sent to the station to grow exponentially while causing a crash is almost inevitable. It is difficult to protect them from this type of attack, there is no patch but correct filter rules allow you to limit its effect.
• Winnuke: it is still a program to “crash” NT/95 Windows systems by sending data type “OOB” (Out Of Band) in connection with a Windows client. NetBIOS service seems to be most vulnerable to this type of attack. Apparently, Windows does not know how to react to receiving this type of package and “panic”. Several patches exist against this type of attack and recent versions of Windows (98/2000 onwards) are now protected.

Continued…

Related posts:

1. Denial of Service Attack DoS | Part 1
2. Denial of Service Attack DoS | Part 2
3. Denial of Service Attack DoS | Part 3
4. Denial of Service Attack DoS | Part 5

Tags: attack by dos, ddos attack, ddos attacks, denial of service attack, protection against attacks from denial of service

This entry was posted on Monday, February 15th, 2010 at 3:46 pm and is filed under Server Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.