Network Vulnerabilities: Denial of Service - Paiet/SEC-335 GitHub Wiki

Packet flood

• Flood of TCP packets

SYN flood

• Flood of TCP SYN packets
  • hping3 -c 100000 -d 120 -S -w 64 -p $port --flood --rand-source $target

Ping of Death

• Large ICMP echo request
  • Up to 65536 bytes
• Used to crash systems
• Create a batch file so multiple instances can be quickly executed

  • :loop
    ping <target IP> -l 65500 -w 1 -n 1
    goto :loop
    
    

ICMP/UDP Fragmentation Attack

• Send fragmented ICMP/UDP
  • When reassembled, Packet too large for MTU

TCP Fragmentation Attack

• Send TCP fragments with overlapping sequence numbers
  • Packets cannot be reassembled

Smurf Attack

• Send ICMP requests to multiple devices
  • ICMP request has spoofed source IP
    • Each device responds to intended target

Fraggle Attack

• Same as Smurf
  • Utilizes UDP instead of ICMP

Land Attack

• Self TCP flood
  • Spoof packet with source IP of Target
    • Make it send itself packets
  • Send packet to Target
  • Target floods itself

Malformed SMB Request

• BSOD the target

Slowloris

• Opens maximum number of web connections
  • Keeps them open as long as possible
• DoS Web without affecting other services

NTP Amplification

HTTP Flood

• High/Low Orbit Ion Cannon
  • Show them attacking a target

DNS Flood

• Flood DNS server with DNS queries
  • Service crashes
    • DNS server CPU/MEM gets consumed

DNS Amplification Attack

• Send DNS queries to multiple DNS servers
  • Done with a spoofed source address
    • Target gets replies and can't respond to legit traffic or crashes