ceh v8 labs module 10 denial of service
TRANSCRIPT
![Page 1: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/1.jpg)
CEH Lab Manual
Denial of ServiceModule 10
![Page 2: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/2.jpg)
Module 10 - Denial of Service
Denial of ServiceDenial of Service (DoS) is an attack on a con/pnter or network that prevents kgitimate use of its resources.
Lab Scenario111 com puting , a denial-of-service attack (D oS attack) is an a ttem p t to m ake a m ach ine o r ne tw o rk resource unavailable to its in ten d ed users. A lthough the m eans to earn* ou t, m otives for, and targets o f a D oS attack m ay van*, it generally consists o f the effo rts o f on e o r m ore peop le to tem porarily ־01 indefinitely in te rru p t 01־ su spend seivices o f a h o s t co n n ec ted to the In ternet.
P erp e tra to rs o f D oS attacks typically target sites 01־ seivices h o ste d 011 h igh- p rofile w eb se n ers such־ as banks, cred it card paym en t gatew ays, and even ro o t nam eseivers. T h e te rm is generally u sed rela ting to co m p u te r netw orks, b u t is n o t lim ited to tins field; fo r exam ple, it is also u sed 111 re ference to C P U resource m anagem ent.
O n e co m m o n m e th o d o f attack involves sa turating the target m ach ine w ith ex ternal com m unications requests, such th a t it can n o t resp o n d to legitim ate traffic, o r responds so slowly as to be ren d ered essentially unavailable. Such attacks usually lead to a se iver overload. D em al-o f-sen 'ice attacks can essentially disable you r co m p u te r 01־ yo u r netw ork . D oS attacks can be lucrative for crim inals; recen t attacks have show n tha t D oS attacks a w ay for cyber crim inals to profit.
As an ex p ert ethical hacker 01־ security administrator o f an o rganization , you shou ld have sound know ledge o f h o w denial-of-service and distributed denial-of-service attacks are carried ou t, to d etect and neutralize attack handlers, an d to m itigate such attacks.
Lab ObjectivesT h e objective o f tins lab is to help s tuden ts learn to p e rfo rm D oS attacks and to test ne tw o rk for D oS flaws.
111 tliis lab, you will:
■ C reate and launch a den ia l-o f-senTice attack to a victim
■ R em otely adm in ister clients
■ P erfo rm a D oS attack by sending a huge am o u n t o f SY N packets con tinuously
I C O N K E Y
Valuableinformation
Test your
^ Web exercise
Workbook re\
P erfo rm a D o S H T T P attack
Ethical H ack ing and C ountenneasures Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Stricdy Prohibited.
C E H Lab M anual Page 703
![Page 3: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/3.jpg)
Module 10 - Denial of Service
Lab EnvironmentT o earn־ ou t this, you need:
■ A com puter running W indow Server 2008
■ W indows X P /7 running 111 virtual m achine
■ A w eb brow ser w ith In ternet access
■ A dm inistrative privileges to rnn tools
Lab DurationTime: 60 M inutes
Overview of Denial of ServiceDemal-of-service (DoS) is an attack on a com puter o r netw ork that prevents legitimate use o f its resources. 111 a D oS attack, attackers flood a victim ’s system w ith illegitimate service requests o r traffic to overload its resources and prevent it from perform ing intended tasks.
Lab TasksPick an organization that you feel is w orthy o f your attention. Tins could be an educational institution, a com m ercial com pany, or perhaps a nonprofit charity.
R ecom m ended labs to assist you in denial o f service:
■ SYN flooding a target host using hping3
■ H T T P flooding using D oS H T T P
Lab AnalysisAnalyze and docum ent the results related to the lab exercise. G ive your opinion on your target’s security posture and exposure.
PLEASE TALK TO YOUR I NS TRUCTOR IF YOU HAVE QUESTI ONS RELATED TO THI S LAB.
Ethical H ack ing and C ounterm easures Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Stricdy Prohibited.
& Tools demonstrated in this lab are available in D:\CEH- Tools\CEHv8 Module 10 Denial- of-Service
Overview
C E H Lab M anual Page
![Page 4: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/4.jpg)
Module 10 - Denial of Service
SYN Flooding a Target Host Using hping3hpingJ is a command-line oriented TCP/ IP packet assembler/ analyser.
■ con key Lab ScenarioA SY N flood is a fo rm o f dem al-of-service attack 111 w h ich ail attacker sends a succession o f SY N requests to a target's system 111 an a ttem p t to consum e enough server resources to m ake the system unresponsive to legitim ate traffic.
A SYN flood attack w orks by n o t resp o n d in g to the server w ith the expected A C K code. T h e m alicious client can either sim ply n o t send the expected A C K , o r by spoofing the source IP address 111 the SY N , cause the server to send the S Y N -A C K to a falsified IP address, w h ich will n o t send an A C K because it "know s" th a t it never sen t a SY N . T h e server will w ait fo r the acknow ledgem ent fo r som e tim e, as sim ple ne tw ork congestion could also be the cause o f the m issing A C K , b u t 111 an attack increasingly large n u m b ers o f h a lf-open connections will b in d resources o n th e server u n til no new connections can be m ade, resu lting 111 a denial o f service to legitim ate traffic. Som e system s m ay also m alfunction badly o r even crash if o th e r opera ting system functions are starved o f resources 111 tins way.
A s an expert ethical hacker or security administrator of an o rganization , you should have so u n d know ledge o f denial-of־service and distributed denial-of- service attacks and should be able to d etect and neutralize attack handlers. Y ou shou ld use SYN cookies as a coun term easu re against the SYN flood w hich elim inates the resources allocated o n the target host.
Lab ObjectivesT he objective o f tins lab is to help s tuden ts learn to p e rfo rm denial-of-service attacks and test the ne tw o rk fo r D oS flaws.
111 tins lab, you will:
■ P e rlo rm denial-o t-serv ice attacks
■ Send huge am o u n t o f SYN packets con tinuously
1 ~/ Valuable information
y*' Test your knowledge
** Web exercise
m Workbook review
Ethical H ack ing and C ounterm easures Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Stricdy Prohibited.
C E H Lab M anual Page 705
![Page 5: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/5.jpg)
Module 10 - Denial of Service
Lab EnvironmentT o earn’ ou t die k b , you need:
■ A com puter m nning W indow s 7 as victim m achine
■ BackTrack 5 r3 runn ing 111 virtual m achine as attacker m achine
" Wireshark is located at D:\CEH-Tools\CEHv8 Module 08 Sniffing\SniffingTools\Wi reshark
& Tools demonstrated in this lab are available at D:\CEH- Tools\CEHv8 Module 10 Denial- of-Service
Lab DurationTune: 10 M inutes
Overview of hping311p111g3 is a netw ork too l able to send custom T C P /IP packets and to display target replies like a ping program does w ith IC M P replies. 11p111g3 handles fragm entation, arbitrary packets body, and size and can be used 111 order to transfer hies encapsulated under supported protocols.
Lab Tasks1. Launch BackTack 5 r3 on the virtual machine.
2. Launch die hingp3 utility h o rn the BackTrack 5 r3 virtual macliine. Select BackTrack Menu -> Backtrack -> Information Gathering -> Network Analysis -> Identify Live H osts -> Hping3.
rj 3 Sun Oct 21. 1:34 PM
.!4 Network ITaffic Analysis
n OSIMT Analysis>
»!. Route Analysis
K service Fingerprinting-־
. . . Network Analysis
Web Appl ^ Otrace
|ף Database ^ aiiveo
^ Wireless ^ alrvefi
,־ fc; arping
^ (Jetect*new־ip6
”*b dnmap
^ fping
^ hplng2
hpingj
^ netciscovcf
^ netifera
t. nmap
^ Pbrj sctpscan
tiacefi
araceroute
wo»-e
^ zenmap
^^Applications Places System ( \
V Accessories
► C<. information Gathering
״ ► | vulnerability Assessment
Exploitation Tools #- ״
► Pnvilege Escalation
► i| Maintaining Access
• Reverse Engineering
״ ן ; RFID Tools
► t j Stress Ifcsting
forensics
Repotting Tools
^ Graphics
^ internet
SB cyftce
Other
! f , Sound & Vi dec
System Tools
9 Wine
<< back
— j
Flood SYN Packet
0=5! hping3 is a command-line oriented T C P/IP packet assembler/analyzer.
Figure 1.1: BackTrack 5 r3 Menu
3. T he hping3 utility starts 111 d ie com m and shell.1y=I Type only hping3 without any argument. If hping3 was compiled with Tel scripting capabilities, you should see a prompt.
C E H Lab M anual Page 706 E th ical H ack ing and C ountenneasures Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Stricdy Prohibited.
![Page 6: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/6.jpg)
Module 10 - Denial of Service
* * root(afbt: -File Edit View t r m in a l Help
> sy n s e t SYN f l a gt ־ ־ r s t s e t RST f l a g -־ * ־ p u sh s e t PUSH f l a gv a c k s e t ACK f l a gJ ־ ־ u rg s e t URG f l a g( - ־ x n a s s e t X u n u se d f l a g (0x40 )f y n a s s e t Y u n u se d f l a g (0x80 )■ tc p e x itc o d e u s e l a s t t c p - > t h f l a g s a s e x i t code tcp-tinestaTp enable t h e TCP tim e s ta m p o p t io n to g u e s s t h e H Z /u p tin e
(d e fa u lt is 0)d a ta s i z e d a t a f ro n f i l e a d d , s ig n a tu r e *Bum packets in
enoalt pTO'TOrotSR. | 1 \-u ^ e nd t e l l y o tr v t t t n r e a c h e J EOF a nd p r e v e n t reA in d•T - • t r a c e r o u t e t r a c e r o u t e mode \ ( I m p l ie s • • b in d a nd ־ ־ t t l 1)- - t r - s t o p E x i t when r e c e iv e t h e f i r s t n o t ICMP in t r a c e r o u t e node
t r <cep t t l Keep th e s o u r c e TTL f i x e d , u s e f u l t o n o n i t o r ] u s t one hop* * t r * n o - r t t D o n 't c a lc u l a t e / s h o w RTT in f o r m a t i o n i n t r a c e r o u t e node
ARS p a c k e t d e s c r i p t i o n (new , u n s ta b le )apd se n d S end th e p a c k e t d e s c r ib e d w i th apo ( s e e d o c s /A P O .tx t)
FIGURE 1.2: BackTrack 5 13 Command Shell with hpiug3
4. 111 die com m and shell, type hping3 -S 10.0.0.11 -a 10.0.0.13 -p 22 -- flood and press Enter.
a v * root(abt: -File Edit View Terminal Help
FIGURE 1.3: BackTrack 5 r3 11ping3 command
5. Li die previous com m and, 10.0.0.11 (Windows 7) is die victim ’s m aclune IP address, and 10.0.0.13 (BackTrack 5 r3) is die attacker’s m aclune IP address.
/v v x root(§bt: -File Edit View *fenminal Help
o״ o t e b t : - # hp1ng3 - s 1 0 .0 .0 .1 1 ■a 1 0 .0 .0 .1 3 •p 22 •■ f lo o d HPING 1 0 .0 9 .1 1 (e th O 1 0 .6 .0 .1 1 ) : S s e t , 40 h e a d e rs 0 d a t a h p in g i n f lo o d n o d e , no r e p l i e s w i l l be shown
<< back track
m First, type a simple command and see tlie result: #11ping3.0.0-alpha- 1> hping resolve www.google.com 66.102.9.104.
m The hping3 command should be called with a subcommand as a first argument and additional arguments according to die particular subcommand.
FIGURE 1.4: BackTrack4 Command Shell with 11pi11g3
6. hping3 floods the victim m aclune by sending bulk SYN packets and overloading victim resources.
H=y1 The hping resolve command is used to convert a hostname to an IP address.
Etliical H ack ing and C ounterm easures Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Stricdy Prohibited.
C E H Lab M anual Page 707
![Page 7: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/7.jpg)
Module 10 - Denial of Service
7. G o to die victim’s machine (Windows 7). Install and launch W ireshark, and observe the SYN packets.
ט Microsoft Corporation: \Pevice\NPFJ605FlD17-52CF-4EA9-BA6P-5E43A8Dro2DD [Wireshark 122 (SVN Rev 44520-
Pile Edit View Gc Capture Analyze Statistics Telephony Tools Internals Help
IBTal 0. <a. 0 1 m m m »
Destination Protocol Length Info
כ13 . 1 0 .0 .0 . 1 1 TCP 54 [TCP P e r t num bers r e u s e d ] 53620 > s s h [SYN ] 5כ13 . 54 [TCP P e r t num bers r e u s e d ] 53621 > s s h [SYN ] Sנ13 . 1 0 .0 .0 . 1 1 TCP 54 [TCP P e r t num bers r e u s e d ] 53622 > s s h [S YN ] 5נ13 . 1 0 .0 .0 . 1 1 TCP 54 [TCP P o r t num bers r e u s e d ] 53623 > s s h [S YN ] 5
TCP ■ f f1 i־M 7 r־ 3 ^ T T T 1U - t I& Z W W t t 7M 13771 ■ 3
1 1 0 .0 .0 . 1 1 TCP 54 [TCP P o r t num bers r e u s e d ] 53625 > s s h [SYN ] 51
| Gl F ram e 1 : 54 b y te s o n w i r e (4 3 2 b i t s ) , 54 b y te s c a p tu re d (4 3 2 b i t s ) o n i n t e r f a c e 0 . E th e r n e t I I , S r c : M ic r o s o f_ a 8 :7 8 :0 7 ( 0 0 : 1 5 : 5 d :a 8 :7 8 :0 7 ) , D s t : M 'c r o s o f_ a 8 :7 8 : 0 5 ( 0 0 :1 5 :5 d :a
I E i n t e r n e t P r o t o c o l v e r s io n 4 , s r c : 1 0 .0 .0 . 1 3 ( 1 0 . 0 . 0 . 1 3 ) , D s t : 1 0 .0 .0 . 1 1 ( 1 0 . 0 . 0 . 1 1 )I j T ra n s m is s io n c o n t r o l P r o t o c o l , s r c P o r t : 11 7 6 6 ( 1 1 7 6 6 ) , D s t P o r t : s s h ( 2 2 ) , s e q : 0 , L e n : 0
. . ] . x . . . ] . X . . . E . • (• :..®. .............
OOOO 00 15 5d as 78 05 00 15 5d aS 78 07 OS 00 45 000 0 19 00 28 d l 3a 00 00 4 0 06 95 7e Oa 00 00 Od Oa 000 0 20 00 Ob 2d f 6 00 16 3a a9 09 f c 61 62 d6 d7 50 020 0 30 02 0 0 ee d f 00 00
O File: *C\Usen\Admin\AppData\Local\Temp... Packets: 119311 Displayed: 119311 Marke... Profile: Default
FIGURE 1.5: Wireshark with SYN Packets Traffic
Y ou sent huge num ber o l SYN packets, w hich caused die victim ’s machine to crash.
m 11ping3 was mainly used as a security tool in the past. It can be used in many ways by people who don't care for security to test networks and hosts. A subset o f the things you can do using hping3:■ Firewall testingי Advanced port scanning י Network testing, using
various protocols, TOS, fragmentation
■ Manual padi MTU discovery
■ Advanced traceroute, under all the supported protocols
■ Remote OS fingerprinting
* Remote uptime guessing■ TC P/IP stacks auditing
Lab AnalysisD ocum ent all die results gadier during die lab.
T o o l /U t i l i ty In fo rm a tio n C o l le c te d /O b je c t iv e s A c h ie v e d
h p in g 3SYN packets observed over flooding the resources in v ic tim m achine
PLEASE TALK TO YOUR I NSTRUCTOR IF YOU HAVE QUESTI ONS RELATED TO THI S LAB.
I n te r n e t C o n n e c t io n R e q u ir e d
□ Y es
P la tfo rm S u p p o rte d
0 C la ss ro o m
0 N o
0 1Labs
Ethical H ack ing and C ountem ieasures Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Stricdy Prohibited.
C E H Lab M anual Page 708
![Page 8: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/8.jpg)
Module 10 - Denial of Service
Lab
HTTP Flooding Using DoSHTTPDoS HTTP is an H TTP flood denial-of-service (DoS) testing too! for Windows. DoSHTTP includes port designation and repo !ting.
Lab ScenarioH T T P flooding is an attack that uses enorm ous useless packets to jam a w eb server. 111 tliis paper, w e use ludden sem i-M arkov m odels (HSMM) to descnbe W eb- brow sing patterns and detect H T T P flooding attacks. W e first use a large num ber of legitimate request sequences to train an H SM M m odel and then use tins legitimate m odel to check each incom ing request sequence. A bnorm al W w b traffic w hose likelihood falls into unreasonable range for the legitimate m odel w ould be classified as potential attack traffic and should be controlled w ith special actions such as filtering or limiting the traffic. Finally w e validate our approach by testing die m ethod w ith real data. T he result shows that our m ethod can detect the anom aly w eb traffic effectively.
111 the previous lab you learned about SYN flooding using 11p111g3 and the counterm easures that can be im plem ented to prevent such attacks. A no ther m ethod tha t attackers can use to attack a server is by using the H T T P flood approach.
As an expert ethical hacker and penetration tester, you m ust be aware of all types of hacking attem pts on a w eb server. For H T T P flooding attack you should im plem ent an advanced technique know n as “ tarpitting,” w hich once established successfully will set connections w indow size to few bytes. A ccording to T C P /IP pro tocol design, the connecting device w ill initially only send as m uch data to target as it takes to fill die w indow until the server responds. W ith tarpitting , there will be no response back to the packets for all unw anted H T T P requests, thereby protecting your w eb server.
Lab ObjectivesT he objective o f tins lab is to help sm den ts learn H T T P flood ing dem al-o t service (DoS) attack.
I C O N K E Y
/ Valuable information
.-* v Test your ____knowledge
m. Web exercise
Ethical H ack ing and C ounterm easures Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Stricdy Prohibited.
C E H Lab M anual Page 709
![Page 9: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/9.jpg)
Module 10 - Denial of Service
Lab EnvironmentT o earn’ ou t this lab, you need:
■ DoSHTTP tool located at D:\CEH-Tools\CEHv8 Module 10 Denial-of- Service' DDoS Attack Tools\DoS HTTP
■ Y ou can also dow n load the la test version o f DoSHTTP from the link h ttp : / / w w w .so ck e tso ft.n e t/
■ I f you decide to dow nload the la test version, th en screensho ts show n 111 the lab m igh t differ
■ A com puter running Windows Server 2012 as host m achine
■ Windows 7 running on virtual m achine as attacker m achine
■ A w eb brow ser w ith an In ternet connection
■ A dm inistrative privileges to 11111 tools
Lab DurationTime: 10 M inutes
Overview of DoSHTTPD oS H T T P is an H T T P Hood denial-of-service (DoS) testing tool for W indows. It includes U RL verification, H T T P redirection, and perform ance m onitoring. D oS H T T P uses m ultiple asynchronous sockets to perform an effective H T T P flood. D oS H T T P can be used sim ultaneously on m ultiple clients to em ulate a d istnbuted den1al-of-senTice (DDoS) attack. Tins tool is used by IT professionals to test w eb sender perform ance.
Lab Tasks1. Install and launch D oS H T T P 111 Windows Server 2012 .
2. T o launch D oS H T T P , m ove your m ouse cursor to low er left corner o f die desktop and click Start.
& Tools demonstrated in this lab are available in D:\CEH- Tools\CEHv8 Module 10 Denial- of-Service
DoSHTTPFlooding
FIGURE 2.1: Windows Server 2012 Desktop view
Ethical H ack ing and Counterm easures Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Stricdy Prohibited.
C E H Lab M anual Page 710
![Page 10: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/10.jpg)
Module 10 - Denial of Service
3. Click die DoSHttp 2.5 app from die Start m enu apps to launch die program .
Start A d m in is t r a to r ^
CcroUcr Task MoiillaManager Firefox Ctone
* © •
S
CommandPrompt
Notefao*
r r ־l
VtmnKtr HypofV Nk «kWobClcnt
rwSHTTP
% וי ■
FIGURE 2.2: Windows Server 2012 Start Menu Apps
T he DoSHTTP m ain screen appears as show n 111 the following figure; 111 diis lab w e have dem onstrated trial version. Click Try to continue.
y* DoSHTTP is an easy to use and powerful HTTP Flood Denial o f Service (DoS) Testing Tool for Windows. DoSHTTP includes URL Verification, HTTP Redirection, Port Designation, Performance Monitoring and Enhanced Reporting.
H DoSHTTP 2 . 5 . 1 - Socketsoft.net [Loading...] X
| File O ptions Help
D
H ־
Ta
rUs[ m
DoSHTTP Registration
/ U nreq is te red V ersionV You have 13 days or 3 uses left on your free trial.
( f r y J 3Close
Enter your Serial Number and click the Register button. 3Sa
jSerial Number Register
I
C׳ s c 3 r-s r t־ttD ://w w w .so cke tso ft. re t '׳
R e a d y1
Tools demonstrated in this lab are available in D:\CEH- Tools\CEHv8 Module 10 Denial- of-Service
FIGURE 2.3: DoSHTIP main window
5. E n te r die U R L or IP address 111 die Target URL field.
6. Select a User Agent, num ber o t Sockets to send, and the type of Requests to send. Click Start.
7. 111 diis lab, w e are using W indow s 7 IP (10.0.0.7) to flood.
m DoSHTTP includes Port Designation and Reporting.
C E H Lab M anual Page 711 E th ical H ack ing and C ounterm easures Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Stricdy Prohibited.
![Page 11: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/11.jpg)
Module 10 - Denial of Service
H nn^HTTP ? S 1 - W k p f c n f t np t [Fva lnatinn M n rlp ] *1File Options Help
DoSHTTPHTTP Flood Denial of Service (DoS) Testing ToolTarget URL10.0.0.11
Usei Agent|Mozilla/6.0 (compatible; MSIE 7.0a; Windows NT 5.2; SV1)
Sockets Requests1500 ▼ | |Continuous ▼] Verify URL jStart FloodJ Close
Laa> D s c a mer h ttD ://w w w .so cke tso ft.re t׳'
Ready ----- !------------------JFIGURE 2.4: DoSHTTP Flooding
Note: These IP addresses may differ 111 your lab environm ent.
8. Click OK 111 the D o S H T T P evaluation pop-up.
H DoSHTTP 2.5.1 - Socketsoft.net [Evaluation Mode] x
File Options Help
DoSHTTP
Evaluation mode will only perform a maximum of 10000 requests per session.
OK
Lees D-Sca rrer t־ttD:.|,.׳’www.soctetsoft.ret/
Ready
y DoSHTTP uses multiple asynchronous sockets to perform an effective HTTP Flood. DoSHTTP can be used simultaneously on multiple clients to emulate a Distributed Denial of Service (DDoS) attack.
FIGURE 2.5: DoSHTTP Evaluation mode pop-up
9. L aunch die Wireshark netw ork p ro toco l analyzer 111 die Windows 7 virtual machine and start its interface.
10. D oS H T T P sends asynchronous sockets and perform s HTTP flooding o f die target network.
11. G o to Virtual machine, open Wireshark. and observe that a lo t o f packet traffic is captured by W ireshark.
y DoSHTTP can help IT Professionals test web server performance and evaluate web server protection software. DoSHTTP was developed by certified IT Security and Software Development professionals
Ethical H ack ing and C ounterm easures Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
C E H Lab M anual Page 712
![Page 12: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/12.jpg)
Module 10 - Denial of Service
j" ptjringfromMicrosofKorporat!onADev!n\NP^605FlD1^2CMEA^A6^E48A8CW2^File £dit View £0 Capture Analyze Statistics Telephony Tools Internals Help
p y a i ojai 1 ט * mm »Filter | ▼ | Expression.. Clear Apply Save
No. Time Source Destination Protocol Length Info •*
81 1 4 .2 2 6 8 5 3 0 1 0 . 0 . 0 . 1 0 1 0 .0 .0 .1 1 TCP 66 57281 > h t t p [SYN ] Sec
ARP 4 2 who has 1 0 .0 .0 . 1 3 ? TeNBNS 92 Name q u e r y NB WPAD<00>l l n n r 84 s ta n d a r d q u e r y 0 x fe 9 9LLNNR 64 s ta r d a r d q u e r y 0 x fe 9 9LLNNR 84 S ta r d a rd q u e r y 0 x fe 9 9
85 14 . 94 89 03 0 Del I_ c 3 :c 3 : c c B ro ad c as t85 1 5 .4 8 1 0 9 4 0 1 0 . 0 . 0 . 1 0 1 0 .0 .0 . 2 5 587 1 5 .4 8 1 2 8 0 0 fe 8 0 : : 3 8 a a : 63 90 : 554 f f 0 2 : : 1 :3 83 1 5 .4 8 1 3 2 8 0 1 0 . 0 . 0 . 1 0 2 2 4 .0 .0 .2 5 289 15 . 9 0 1 2 2 7 0 f e 8 0 : : 3 8 a a :6 3 9 0 : 5 5 4 f f 0 2 : :1 :3
l l n n r 64 s ta r d a r d q u e r y 0 x fe 9 9ARP 4 2 who ha s 1 0 .0 .0 . 1 3 ? T€NBNS 92 Name q u e r y NB w pad<00>n b n s 92 Name q u e r y NB WPAD<00>.DHCPv6 157 S o l i c i t XTD: 0 x a QQ84 CARP 4 2 who ha s 1 0 .0 .0 . 1 1 ? T€
2 2 4 .0 .0 .2 5 2 B ro a d c a s t1 0 .0 .0 .2 5 51 0 .0 .0 .2 5 5
90 13 02 0 1 0 .0 .0 . 1 094 94 97 0 D e 1 1 _ c 3 :c 3 :c c 23 13 28 0 1 0 .0 .0 . 1 0 99 62 12 0 1 0 .0 .0 . 1 076 75 60 0 f p80 : : 38aa : 63 90 :5 54 f f 0? : :1 7 4 5 4 7 8 0 0 D e l1 _ c 3 :c 3 :c c M ic r o s o f_ a 8 :7 8 :0 5
90 1591 1592 1693 1694 1795 18
w F rane 1: 42 b y te s on w ire (336 b i t s ) . 42 b y te s cap tu red (336 b i t s ) on in t e r fa c e 0• E th e rne t I I , s r c : D e11_c3:c3 :cc (d 4 :b e :d 9 : c 3 : c 3 : c c ) , D st: B roadcast ( f f : f f : f f : f f : f f : f f )
ffi Addrpss R P *0 lu t1 0 n P ro to c o l ( r e q u e s t )
0 0 00 f f f f f f f t f t f f d4 be d9 c3 c3 cc 08 0 6 0 0 010 0 10 0 8 00 06 04 0 0 01 d4 be d 9 c3 c3 cc Oa 0 0 0 0 Oa0 0 20 0 0 00 00 00 0 0 0 0 Oa 00 0 0 Od
F I G U R E 26: Wireshaik window
12. Y ou see a lo t o l H T T P packets are flooded to die ho st m achine.
13. D oS H T T P uses m ultiple asynchronous sockets to perform an H T T P flood against die entered network.
Lab AnalysisA nalyze and docum ent die results related to the lab exercise.
T o o l /U t i l i ty In fo r m a tio n C o l le c te d /O b je c t iv e s A c h ie v e d
D o S H T T P H T T P packets obse rved flood ing the h o s t m achine
PLEASE TALK TO YOUR I NS TRUCTOR IF YOU HAVE QUESTI ONS RELATED TO THI S LAB.
QuestionsEvaluate how D oS H T T P can be used sim ultaneously o n m ultiple clients and perform D D oS attacks.
DoSHTTP can be used simultaneously on multiple clients to emulate a Distributed Denial of Service (DDoS) attack.
Eth ical H ack ing and C ounterm easures Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Stricdy Prohibited.
C E H Lab M anual Page 713
![Page 13: Ceh v8 labs module 10 denial of service](https://reader031.vdocument.in/reader031/viewer/2022030316/5874320b1a28ab72188b7bcd/html5/thumbnails/13.jpg)
Module 10 - Denial of Service
2. D eterm ine how you can prevent D oS H T T P attacks 011 a network.
In te r n e t C o n n e c t io n R e q u ire d
□ Y es
P la tfo rm S u p p o r te d
0 C la s s ro o m 0 !Labs
Ethical H ack ing and C ountenneasures Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Stricdy Prohibited.
C E H Lab M anual Page 714