dos suite and raw socket programming group 16 thomas losier paul obame group 16 thomas losier paul...
TRANSCRIPT
![Page 1: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/1.jpg)
DoS Suite and Raw Socket Programming
DoS Suite and Raw Socket Programming
Group 16
Thomas Losier
Paul Obame
Group 16
Thomas Losier
Paul Obame
![Page 2: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/2.jpg)
MotivationMotivation
“We are not teaching you to be script kiddies in this class” Henry Owen
Give the students a better understanding of: Raw Socket programming
Coding Modifying Understanding
DoS Attacks Dangers Defenses
“We are not teaching you to be script kiddies in this class” Henry Owen
Give the students a better understanding of: Raw Socket programming
Coding Modifying Understanding
DoS Attacks Dangers Defenses
![Page 3: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/3.jpg)
Raw Socket ProgrammingRaw Socket Programming
“Raw socket is a computer networking term used to describe a socket that allows access to packet headers on incoming and outgoing packets. Raw sockets are usually used at the transport or network layers.” wikipedia.org
The ability to craft packet headers is a powerful tool that allows hackers to do many nefarious things
“Raw socket is a computer networking term used to describe a socket that allows access to packet headers on incoming and outgoing packets. Raw sockets are usually used at the transport or network layers.” wikipedia.org
The ability to craft packet headers is a powerful tool that allows hackers to do many nefarious things
![Page 4: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/4.jpg)
Lab StructureLab Structure
Expand knowledge on Particular DoS attack and IP protocols
Edit/Develop code based on understanding of previous section and given resources
Compile and Execute attack Gather data Analyze and implement defenses
Expand knowledge on Particular DoS attack and IP protocols
Edit/Develop code based on understanding of previous section and given resources
Compile and Execute attack Gather data Analyze and implement defenses
![Page 5: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/5.jpg)
IP HeadderIP Headder
What we are trying to create:
Figure 1: IP Packet Diagram (www.h3c.com)
![Page 6: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/6.jpg)
Creation of an IP headderCreation of an IP headder
void addIP(unsigned char *buf, struct pktInfo *pktInfo, int offset){
struct ip* ip = (struct ip*) (buf + offset); //ip points to some place in the bufferip->ip_v = 4; //ipv4ip->ip_hl = 5; //4 * 5 = 20 bytesip->ip_tos = 0; //didn't specify any special type of serviceip->ip_len = htons(pktInfo->pktSize); //total packet sizeip->ip_src.s_addr = pktInfo->srcAddr; //4 byte source IP addressip->ip_dst.s_addr = pktInfo->destAddr; //4 byte destinfation IP addressip->ip_id = rand(); //random idip->ip_off = 0; //mainly used for reassembly of fragmented IP datagrams.ip->ip_ttl = 255; //Time to live is the amount of hops before the packet is discardedip->ip_p = pktInfo->protocol; //protocol used: TCP, UDP, etcip->ip_sum = 0; //zero out the checksum field before computing the checksumip->ip_sum = in_chksum((unsigned short *) ip, IPHEADER); //compute the checksum
}
void addIP(unsigned char *buf, struct pktInfo *pktInfo, int offset){
struct ip* ip = (struct ip*) (buf + offset); //ip points to some place in the bufferip->ip_v = 4; //ipv4ip->ip_hl = 5; //4 * 5 = 20 bytesip->ip_tos = 0; //didn't specify any special type of serviceip->ip_len = htons(pktInfo->pktSize); //total packet sizeip->ip_src.s_addr = pktInfo->srcAddr; //4 byte source IP addressip->ip_dst.s_addr = pktInfo->destAddr; //4 byte destinfation IP addressip->ip_id = rand(); //random idip->ip_off = 0; //mainly used for reassembly of fragmented IP datagrams.ip->ip_ttl = 255; //Time to live is the amount of hops before the packet is discardedip->ip_p = pktInfo->protocol; //protocol used: TCP, UDP, etcip->ip_sum = 0; //zero out the checksum field before computing the checksumip->ip_sum = in_chksum((unsigned short *) ip, IPHEADER); //compute the checksum
}
using Raw Sockets
![Page 7: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/7.jpg)
Denial of Service (DoS)Denial of Service (DoS) The Internet was designed for easy
connectivity and scalability Not designed to support authentication
schemes Attempt to occupy all resources of a system Two general types of DoS attack
The Internet was designed for easy connectivity and scalability
Not designed to support authentication schemes
Attempt to occupy all resources of a system Two general types of DoS attack
![Page 8: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/8.jpg)
DoS SuiteDoS Suite
First type attack ICMP Reset attack
Second type attack TCP syn attack UPD flood attack Ping Request (smurf) attack
First type attack ICMP Reset attack
Second type attack TCP syn attack UPD flood attack Ping Request (smurf) attack
![Page 9: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/9.jpg)
Using the DoS SuiteUsing the DoS Suite
![Page 10: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/10.jpg)
ICMP Reset AttackICMP Reset Attack By spoofing a Hard ICMP error message a
hacker can kill any running TCP connection Requires the four-tuple
Determine the four-tuple using a packet sniffer Guessing the four-tuple
By gathering information of the operating systems being used and the communication method in use. ICMP reset packets can be sent over a range of port addresses killing a connection you can not sniff.
By spoofing a Hard ICMP error message a hacker can kill any running TCP connection
Requires the four-tuple Determine the four-tuple using a packet sniffer Guessing the four-tuple
By gathering information of the operating systems being used and the communication method in use. ICMP reset packets can be sent over a range of port addresses killing a connection you can not sniff.
![Page 11: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/11.jpg)
ICMP Reset Attack (Lab)ICMP Reset Attack (Lab)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
![Page 12: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/12.jpg)
ICMP Reset AttackICMP Reset Attack
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
![Page 13: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/13.jpg)
TCP SYN AttackTCP SYN Attack When a server receives a SYN it stores the
connection information in memory and sends back a SYN-ACK
Because the IP Address is spoofed it will never get a response and the information will stay until timeout
If packets are send fast enough they will fill the buffer and no new requests will be able to be processed
When a server receives a SYN it stores the connection information in memory and sends back a SYN-ACK
Because the IP Address is spoofed it will never get a response and the information will stay until timeout
If packets are send fast enough they will fill the buffer and no new requests will be able to be processed
![Page 14: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/14.jpg)
SYN Attack (Lab)SYN Attack (Lab)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
![Page 15: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/15.jpg)
SYN AttackSYN Attack
![Page 16: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/16.jpg)
SYN Attack (Summary)SYN Attack (Summary)
![Page 17: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/17.jpg)
UDP Flood AttackUDP Flood Attack The premise of the UDP attack is similar to
the SYN however when using UDP the client does not set aside memory for the connection information
If packets are send fast enough they will fill the network card buffer and no new requests will be able to be processed
The premise of the UDP attack is similar to the SYN however when using UDP the client does not set aside memory for the connection information
If packets are send fast enough they will fill the network card buffer and no new requests will be able to be processed
![Page 18: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/18.jpg)
UDP Flood Attack (Lab)UDP Flood Attack (Lab)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
![Page 19: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/19.jpg)
UDP Flood AttackUDP Flood Attack
![Page 20: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/20.jpg)
UDP Attack (Summary)UDP Attack (Summary)
![Page 21: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/21.jpg)
ICMP Ping (smurf) AttackICMP Ping (smurf) Attack DDoS attack Using a network of machines a lot more
information can be sent at once Send ping requests to a network of
machines with a return address of the “victim” machine
If packets are send fast enough they will fill the buffer and no new requests will be able to be processed
DDoS attack Using a network of machines a lot more
information can be sent at once Send ping requests to a network of
machines with a return address of the “victim” machine
If packets are send fast enough they will fill the buffer and no new requests will be able to be processed
![Page 22: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/22.jpg)
ICMP Ping Attack (Lab)ICMP Ping Attack (Lab)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
![Page 23: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/23.jpg)
ICMP Ping AttackICMP Ping Attack
![Page 24: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/24.jpg)
ICMP Attack (Summary)ICMP Attack (Summary)
![Page 25: DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame](https://reader036.vdocument.in/reader036/viewer/2022062321/56649f315503460f94c4be4b/html5/thumbnails/25.jpg)
DoS DefensesDoS Defenses
SYN Cookies Configure your firewall (refer to lab4)
IPtables CiscoPIX Real Secure
SYN Cookies Configure your firewall (refer to lab4)
IPtables CiscoPIX Real Secure