Denial of Service attacks are rather simple, but I'd still like to elaborate a bit on the subject. A typical DoS attack is made when a computer sends packets to a victim machine in order to cause disruption of the service provided by the victim. The attack could rely on specially formed packets that causes undesirable effect on the victim (100% CPU usage, OS crash, etc), or simply flood the victim with packets in order to reduce dramatically the bandwidth available to the victim, making it harder to reach for valid requests.
In order to achieve better results with the second option, the attacker will benefit if he uses more than one machine to bombard the victim(s). This is Distributed Denial of Service. I don't have actual experience of using DoS tools, but in order to understand how these tools works, I read "The "stacheldraht" distributed denial of service attack tool" by David Dittrich ([email protected]). Here is an excerpt from his paper:
-----
The stacheldraht network is made up of one or more handler programs
("mserv.c") and a large set of agents ("leaf/td.c"). The attacker uses
an encrypting "telnet alike" program to connect to and communicate
with the handlers ("telnetc/client.c"). A stacheldraht network would
look like this:
+--------+ +--------+
| client | | client |
+--------+ +--------+
| |
. . . --+------+---------------+------+----------------+-- . . .
| | |
| | |
+-----------+ +-----------+ +-----------+
| handler | | handler | | handler |
+-----------+ +-----------+ +-----------+
| | |
| | |
. . . ---+------+-----+------------+---+--------+------------+-+-- . . .
| | | | |
| | | | |
+-------+ +-------+ +-------+ +-------+ +-------+
| agent | | agent | | agent | | agent | | agent |
+-------+ +-------+ +-------+ +-------+ +-------+
-----
In short, what David Dittrich explains in his paper is that the attacker will connect to his "handlers" (or masters) through one or more "telnet-like" client. He then configures the handlers with its assigned list of targets and agents (or slaves). The handlers then sends the list of targets to its assigned agents, and will forward any command sent by the attacker to the agents (add IP in list, remove IP in list, start or stop the DoS attack, etc.) It will be the agents that will bombard victims sites with network packets. Of course, handlers and agents are compromised machines.
I know Denial of Service attacks are lame, and that they are mostly used by script kiddies. This is exactly why I'm surprised to see so much interoperability and sophistication in such a tool, I would have thought it was simpler.
I will tell you how simple, and "efficient" it could be.
2. Some quick talk about viruses
4. Adding things up
Table of contents