The denial of service (DOS) attack is one of the most powerful attacks used by hackers to harm a company or organization. Don’t confuse a DOS attack with DOS, the disc operating system developed by Microsoft. This attack is one of most dangerous cyber attacks. It causes service outages and the loss of millions, depending on the duration of attack. In past few years, the use of the attack has increased due to the availability of free tools. This tool can be blocked easily by having a good firewall. But a widespread and clever DOS attack can bypass most of the restrictions. In this post, we will see more about the DOS attack, its variants, and the tools that are used to perform the attack.
Just as the network security and hacking world is continually evolving, so too are the tools used to carry out distributed denial of service (DDoS) attacks. For example, DDoS tools such as Trinoo and Stacheldraht were widely used at the turn of the century, but these tools ran only on the Linux and Solaris operating systems. Specialized DDoS attack tools have since evolved to target multiple platforms, rendering DDoS attacks more dangerous for targets and much easier for hackers to carry out.
Here are seven of the most common – and most threatening – specialized DDoS attack tools.
“Hacktivist” group Anonymous’ initial tool of choice, Low Orbit Ion Cannon (LOIC) is a simple flooding tool that can generate massive volumes of TCP, UDP, or HTTP traffic to subject a server to a heavy network load. LOIC’s original developers, Praetox Technologies, intended the tool to be used by developers who wanted to subject their own servers to heavy network traffic loads for testing purposes.
High Orbit Ion Cannon (HOIC) quickly took the spotlight when it was used to target the U.S. Department of Justice in response to its decision to take down Megaupload.com. At its core, HOIC is a simple cross-platform basic script for sending HTTP POST and GET requests wrapped in an easy-to-use GUI.
The DDoS attack tool hping is a fairly basic command line utility similar to the ping utility. However, it offers more functionality than simply sending an ICMP echo request. In fact, hping can be used to send large volumes of TCP traffic to a target while spoofing the source IP addresses, making it appear to be random or even to originate from a specific, user-defined source. This powerful, robust tool is among Anonymous’ current DDoS attack tools of choice
Many of the more intricate low and slow DDoS attack types rely on easy-to-use tools, yielding denial of service attacks that are much harder to detect. Developed by a gray hat hacker who goes by the handle “RSnake,” Slowloris creates a DoS condition for a server by using a very slow HTTP request. By sending HTTP headers to the target site in tiny chunks as slowly as possible, the server is forced to continue to wait for the headers to arrive. If enough connections are opened to the server in this way, the server becomes unable to handle legitimate requests
R U Dead Yet? (R.U.D.Y.)
Another slow-rate DDoS attack tool, R U Dead Yet? (R.U.D.Y.) achieves denial of service by using long-form field HTTP POST submissions rather than HTTP headers, as Slowloris does. By injecting one byte of information into an application POST field at a time, R.U.D.Y. causes application threads to await the end of never-ending posts in order to perform processing. Since R.U.D.Y. causes the target web server to hang while waiting for the rest of an HTTP POST request, a user can create many simultaneous connections to the server, ultimately exhausting the server’s connection table and causing a denial of service condition
While all of the aforementioned tools are non-vulnerability-based, #RefRef, another tool in Anonymous’ arsenal, is based on vulnerabilities in SQL database software that allow for injection attacks. Using an SQL injection, #RefRef forces a target server to use a special SQL function that repeatedly executes SQL expressions. Nonstop execution of a few lines of code consumes the target servers’ resources, resulting in denial of service for a target server.
Unlike LOIC or HOIC, #RefRef does not require a large number of machines to take down a server due to the nature of its attack vector. If the server’s backend uses SQL and is vulnerable, only a few machines are needed to cause significant outage. While developing the tool, Anonymous ran #RefRef on a single machine and caused outages on various sites for minutes at a time. For example, a 17-second attack on Pastebin took the site offline for 42 minutes
Botnets as a DDoS Attack Tool
Regardless of the attack tool used, the ability to launch an attack from hundreds, thousands, or millions of computers significantly amplifies the potential of that attack to cause denial of service, which is why attackers often use botnets. Botnets are large collections of compromised computers, often referred to as “zombies,” that are infected with malware that allows an attacker to control them. Botnet owners, or “herders,” can control the machines in the botnet using a covert channel, such as IRC, issuing commands to perform malicious activities such as DDoS attacks, distribution of spam mail, and information theft.