Pluralsight blog Where devs, IT admins & creative pros go for news, tips, videos and more.
Pluralsight + Digital-Tutors - 3,000 tech & creative courses - starting at $29/month Get it now →
November 15, 2012

Ethical Hacking: How a DoS Attack Succeeds

By

Watch these Ethical Hacking videos, and you’ll understand skills like network sniffing, social engineering, hijacking, and more. With these tactics of ethical hacking you’ll learn security techniques through the mind of an attacker.

Transcription

Figuring out whether a denial of service attack will succeed is really based on whether you did a good job earlier planning out the network, looking at the systems and taking a really deep inventory of the services that are on different servers. Did you see where those services are and where those servers are, what they support, and did you understand what the intermediate devices are, the manufacturer, the model number and so forth? Getting a really good, complete, rich map early during the enumeration and foot printing processes is a critical component because that tells you whether you have anything that you can conduct a denial of service attack on in the network.

If you can, it tells you what to attack and where to attack. These machines are web servers, switches and clients that are vulnerable to this type of attack or that type of attack. The web front end might be very resilient but the database server may not be resilient and the database server is over here and it looks like this and it services these ports.

Looking For Vulnerabilities

The easiest thing to do is take that nefarious network map, that catalog of hosts and devices, and research that to look for unpatched vulnerabilities or even patched vulnerabilities where the patch level doesn’t match what you’ve found.

So, rather than brute force flooding a server you may only need to really give it a certain type of traffic or certain header of data to actually conduct a denial of service attack instead of having to flood the entire network or just ram traffic down the server’s throat or the service’s throat.

Queries

You may only need to construct very specific queries. You may need to construct an email that just has an attachment that happens to be really large. That’s enough against this service with this service level and patch level to actually bring it down.

I will mention here that conducting a denial of service attack against a target server, if a target server has a number of services on it, doesn’t actually attack just the service but the host itself as well.

Attacking a Domain Controller

Potentially attacking a domain controller that’s also running a web server and is also running an email server is great. If you can bring one of those services down or make it consume too much resource, you could potentially affect the other services.

You may not be able to flood the active directory side but if you can flood the email side to consume all system resources, you’ve brought down a domain controller. That’s an interesting aspect that I’ll demonstrate in a moment.

About the Author

has worked in the IT field for more than 20 years. He is an award-winning author, public speaker, and instructor on a variety of technology topics including security, virtualization, cloud computing, wireless and wired networking, and IT lifecycle processes. His operations experience includes managing the Xbox LIVE operations team, the largest cloud computing operations team in the world, and consulting on operations efficiency with countless clients around the world. Mike has published several books (including two for O’Reilly) and numerous papers. He is a frequent conference speaker and classroom instructor on IT operations, computer security, and technology frameworks. Mike holds a number of certifications and accreditations including Certified Information Systems Security Professional (CISSP) practitioner and instructor.

Author's Website: http://www.nextdirectiontech.com/


Discussion