Databases, Systems & Networks

Source: linoxide.com

Iptables is a Linux kernel based packet filter firewall. The iptables modules are present in the kernel itself, there is no separate daemon for it. This makes it very fast and effective firewall. The iptables rules control the incoming and outgoing traffic on a network device. In this article, we will discuss about some common network attacks, and how we can block them using iptables. Some of the common network attacks are SYN flood attack, smurf attack, land attack, attacks by malfunctioning ICMP packet, and some other forms of DOS attack. Before going into the details of these attacks, let’s have an overview of iptables, and how to use this command.

Iptables

iptables has 3 filtering points for the default table: INPUT, OUTPUT and FORWARD. These are called chains in iptables. As their names suggest, they specify whether a packets is destined for the system (INPUT), originating from it (OUTPUT) or is routed to another node in the network (FORWARD).
The rules in iptables are stored in the form of records in a table. To list the rules, run “iptables -L”

root@local:~# iptables -L
 Chain INPUT (policy ACCEPT)
 target prot opt source destination

 Chain FORWARD (policy ACCEPT)
 target prot opt source destination

 Chain OUTPUT (policy ACCEPT)
 target prot opt source destination

Here, no rules are present for any chain.These rules are read from top to bottom, and if a match occurs, no further rules are checked. So if one rule overwrites any previous rule, then it must be below that rule. So we will append the rules below existing rules. But if your requirement is to insert explicitly, then you can insert them as well.

To insert a rule (above all other rules or at a specified number), -i, and to append, -A option is used. We need to specify the chain, for which we wish to write the rule. The -j option specifies the target, i.e. what we want to do with the packet if a rule is matched. Some of the values are ACCEPT, DROP (or REJECT), RETURN etc. This target can be some other existing or user defined chain. But for the purpose of this article, we will confine ourselves to existing chains only, and will not go in further details.

Lire la suite…

Source: linoxide.com

A SYN flood attack is a form of denial-of-service attack in which an attacker sends a large number of SYN requests to a target system’s services that uses TCP protocol. This will consume the server resources to make the system unresponsive to legitimate traffic. This attack can occur on any services that use TCP protocol and mainly on web service. In this article, we will go through the basics of SYN flood attacks and the mitigation steps in detail.

The SYN Flood attack exploits an implementation characteristic of the Transmission Control Protocol (TCP), which is called 3-way handshake. Following are the steps that happen in a normal 3-way handshake.

1. The client requests a connection by sending a SYN (synchronize) message to the server.
2. The server acknowledges this request by sending SYN-ACK back to the client.
3. The client responds with an ACK, and the connection is established

A SYN flood attack works by not responding to the server with the expected ACK code. By these half-open connections, the target machines TCP backlog will get filled up and hence all new connections may get ignored. This will cause the legitimate users will also get ignored.

Lire la suite…

Source: blackmoreops.com

In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, the motives for, and targets of a DoS attack vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. In this article I will show how to carry out a Denial-of-service Attack or DoS using hping3 with spoofed IP in Kali Linux.

As clarification, distributed denial-of-service attacks are sent by two or more persons, or bots, and denial-of-service attacks are sent by one person or system. As of 2014, the frequency of recognized DDoS attacks had reached an average rate of 28 per hour.

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

Denial-of-service threats are also common in business, and are sometimes responsible for website attacks.

This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games, such as popular Minecraft servers. Increasingly, DoS attacks have also been used as a form of resistance. Richard Stallman has stated that DoS is a form of ‘Internet Street Protests’. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.

One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.

hping3 works well if you have other DoS tools such as GoldenEye running (using multiple tools that attacks same site/server/service increases the chances of success). There are agencies and corporations to runs DoS attack map in Realtime. that shows worldwide DDoS attacks almost in realtime.

Lire la suite…