Ans.1 Explain in your own words the DOS attack scenario.
Denial of Service attacks (DOC) is a hacker using hacking software to denies service to other users or delaying the response time of the website, server or database. Hacker try to use up the resources of the network to complete attack. For example, use up the disk space or memory of the server or take up all the available bandwidth.
To perform a DOS attack, the hacker simply flooded the target sever with multiple ping request until is was overload and could not respond to another request by other user. Back in 2000, hacker can send something that the server does not expected can shut down the server or send a big packet to use up all the crash in a machine also able to shut down the server.
Another way to perform DOC is by TCP/IP 3-way handshake. In normal situation, client send a SYN packet to the server to ask for a conversation. When the server receives the SYN packet, it will return a packet called SYN-ACK which is acknowledging the SYN request. Then the client sends back an acknowledging packet of the SYN-ACK and wait for the connection establish.
Under the DOS attack scenario, hacker can mess up the 3-way handshake by not responding the final ACK then the server will wait for the ACK from the hacker and use up the resources. Hacker can send a large among of SYN packet and not response the SYN-ACK packet to fill up the incoming queue which make another user can not have a response from the server.
Hacker can also target to the database to perform the DOS attack by sending unusual query to overload the database. In normal situation, user perform a search through the search bar on the website. the website will make a query to the database and it will return the result back to the server. In DOS attack, hacker can make a query like ‘a e I o u’ to make the database search all the information with the vowel which make the search much longer than the normal one. If the hacker perform this kind of search many time in a shot period, the database will lock up and not able to perform any query anymore.
Ans.2 Explain in your own words how the Hping3 attack causes the denial of service.
Hping3 is a denial of service attack tool by sending TCP SYN signal to the target computer. The TCP handshake consist of three steps,
- The client sends a SYN packet to the server,
- when the server receives the SYN packet, it will send back a SYN-ACT back to the client.
- After the client receives the SYN-ACT packet, the client will the back a ACK packet to complete the TCP handshake to establish the connection.
If the three steps handshake have not finished in a proper way, it could cause a TCP SYN flood on the target computer.
- These is the useful parameter for the Hping3 attack:
- -count option for determine the number of send packet
- -l (interval), for determine how fast the packet send.
- -S option is specific the software generate the SYN packet
- -p number is specific the port number
- -flood is setting the high omission rate to cause flooding
- The default mood in Hping3 is TCP mode
After the Hping3 attack launched, it will use up the resources of the CPU and internet bandwidth of the target compute and causing stress of the computer and causing serious response problems.
Ans.3 Discuss the benefits of using anti-phishing functionality.
Phishing is a way to obtain sensitive information, such as bank login name and password. Most people have an online bank account and use the account to buy or sell thing online. People who want to get your personal information will send you an email. Saying some excuse to make you click the link on the email to link to another website which look pretty much the real one. However, the website on the link is a not real, it just wants you to input your personal information.
So, anti-phishing software or add-on can prevent you visit phishing website. When you trying to visit these websites, the anti-phishing can recognize it and display an alert screen to warn you and telling you that website may stole your personal information.
Albert's blog 