Just like most other things associated with hacking, a denial of service attack is not everyone's cup of tea. It, however, can be understood if explained properly. In this tutorial, I'll try to give you a big picture of denial of service attacks, before I start using geeky terms like packets and all that. We'll start at the easiest point.
What effect does a denial of service attack have
Wireless hacking usually gives you the password of a wireless network. A man in the middle attack lets you spy on network traffic. Exploiting a vulnerability and sending a payload gives you access and control over the target machine. What exactly does a Denial of Service (DOS) attack do? Basically, it robs the legitimate owner of a resource from the right to use it. I mean if I successfully perform a DOS on your machine, you won't be able to use it anymore. In the modern scenario, it is used to disrupt online services. Many hacktivist groups (internet activists who use hacking as a form of active resistance - a name worth mentioning here is Anonymous) do a Distributed Denial of service attack on government and private websites to make them listen to the people's opinion (the legitimacy of this method of dictating your opinion has been a topic of debate, and a lot of hactivists had to suffer jailtime for participating in DDOS). So basically it's just what its name suggests, Denial Of Service.
Basic Concept
It uses the fact that while a service can be more than sufficient to cater to the demands of the desired users, a drastic increase in unwelcome users can make the service go down. Most of us use the words like "This website was down the other day" without any idea what it actually means. Well now you do. To give you a good idea of what is happening, I'll take the example from the movie "We Are Legion".
Scenario One : Multiplayer online game
Now consider you are playing an online multi-player game. There are millions of other people who also play this game. Now there's a pool in the game that everyone likes to visit. Now you and your friends know that they have the power of numbers. There are a lot of you, and together you decide to make identical characters in the game. And then all of you go and block the access to the pool. You just carried out a denial of service attack. The users of the game have now been deprived of a service which they had obtained the right to use when they signed up for the game. This is just what the guys at 4chan (birthplace and residence of Anonymous) did a long time ago. This is the kind of thing that gives you a very basic idea what a denial of service attack can be.
 |
| They made a Swastika and blocked access to the pool |
Scenario 2 : Bus stop
Now assume that due to some reason, you want to disrupt the bus service of your city and stop the people from using the service. To stop the legitimate people from utilizing this service, you can call your friends to unnecessarily use it. Basically you can invite millions of friends to come and crowd around all the bus stops and take the buses without any purpose. Practically it is not feasible since you don't have millions of friends, and they are definitely not wasting their time and money riding aimlessly from one place to another.
So while this may seem impossible in the real world, in the virtual world, you can cause as much load as a thousand (or even a million) users alone at the click of a button. There are many tools out there for this purpose, however, you are not recommended to use them as a DOS on someone else is illegal, and easy to detect (Knock, knock. It's the police). We will, come back to this later, and do a DOS on our own computer.
How denial of service attacks are carried out
Basically, when you visit a website, you send them a request to deliver their content to you. What you send is a packet. Basically, it take more than just one packet, you need a lot of them. But still, the bandwidth that you consume in requesting the server to send you some data is very little. In return, the data they send you is huge. This takes up server resources, for which they pay for. A legitimate view can easily earn more than the server costs on account of advertisements, etc. So, companies buy server that can provide enough data transfer for its regular users. However, if the number of users suddenly increases, the server gives up. It goes down. And since the company knows it under DOS, it just turns off the server, so that it does not have to waste its monetary resources on a DOS, and wait till the DOS stops. Now with the modern computers and bandwidth, we alone can easily pretend to be a thousand or even more users at once. While this is not good for the server, it is not something that can make it succumb (your computer is not the only thing that gets better with time, the servers do too). However, if a lot of people like you do a DOS attack, it becomes a distributed denial of service attack. This can easily be fatal for a server. It's just like you go to a page, and start refreshing it very fast, maybe a thousand times every second. And you are not the only one. There are thousand others that are doing the same thing. So basically you guys are equivalent to more than a million users using the site simultaneously, and that's not something the server can take. Sites like Google and Facebook have stronger servers, and algorithms that can easily identify a DOS and block the traffic from that IP. But it's not just the websites that get better, and the black hat hackers too are improving every day. This leaves a huge scope for understanding DOS attacks and becoming an asset to one of these sides ( the good, the bad and the ugly).
A Live DOS on your Kali Machine
If you have Kali linux (The hackers OS- the OS of choice if you use this blog) the here's a small exercise for you.
We are going to execute a command in the Kali linux terminal that will cripple the operating system and make it hand. It will most probably work on other linux distributions too.
Warning : This code will freeze Kali linux, and most probably it will not recover from the shock. You'll lose any unsaved data. You will have to restart the machine the hard way (turn of the virtual machine directly or cut the power supply if its a real machine). Just copy paste the code and your computer is gone.
:(){ :|:& };:
The machine froze right after I pressed enter. I had to power it off from the Vmware interface.
What basically happened is that the one line command asked the operating system to keep opening process very fast for an infinite period of time. It just gave up.
Here's something for the Windows Users
Crashing Windows Using Batch file
Open a notepad. Put the following code in it-
:1
Start
goto 1
Save the file as name.bat
Bat here is batch file extension. Run it. Game over.
It basically executes the second line, and the third line makes it go over to the first, execute the second, and then over to first again, execute the second..... infinitely. So again, denial of service. All the processing power is used by a useless command, while you, the legitimate user, can't do anything.
That's it for this tutorial, we'll discuss the technical details of a practical denial of service in a later tutorial.
PS:
As suggested in the comments, this script will crash windows much faster-
:1
bash name.bat
goto 1
If you look at the script carefully, it is quite easy to understand what it does. Everytime the script is executed, it does two things-
- Opens another instance of the same script
- Goes to the beginning of the script
So for every execution, the number of scripts slowing down your computer doubles up. This means that instead of linear, the load on memory and processor is now exponential (the script gets more and more dangerous with time).
In a previous post, I had introduced you to the basic idea of a denial of service attack. We used real life examples (bus stop and online game) to depict the idea behind a DOS attack. We crashed our own Windows and Kali Linux machine (using batch and command line interface respectively). Now it's time to learn how actually DOS of service attacks work, in terms of packets and other networking terms. So here is a one by one description on four of the well known attacks.
