mcsa_ecsa-lpt-v8_ecsa-v8_ecsav8-module-21-denial-of-service-penetration-testing

Penetration Testing Surveillance Camera Penetration Testing Database Penetration Testing Virtual Machine Penetration Testing War Dialing File Integrity Checking Email Security Pen

Trang 2

Penetration Testing lViethodology

PDAs, and Cell Source Code N Security TY,

Testing Testing

Trang 3

Penetration Testing

Surveillance Camera Penetration Testing

Database Penetration

Testing

Virtual Machine Penetration

Testing

War Dialing

File Integrity Checking

Email Security Penetration Testing

SAP Penetration

Testing

Trang 4

Module Objectives

4 Introduction to Denial-of-Service § cisnd thie webs conascna

a ae to Conduct DoS Penetration @ Run Peer-to-Peer Attacks

Testing

Test for Buffer Overflow Attacks That

J Check for DoS Vulnerable Systems Recule in Denial OF Service

4 Run IP Fragmentation Attack on

Test for Memory Allocation in Applications

@ Run an Email Bomber on Email

Trang 5

How Does a Denial-of-Service Attack Work?

“4 Denial-of-Service (DoS) attacks are designed to bring down an enterprise network or e-commerce

site by flooding it with large amounts of traffic, similar to hundreds of people repeatedly dialing a

telephone number to keep it busy and unavailable

anes (0 Attack Traffic %2):

Trang 6

These attacks can effectively bring down

internet access; to most businesses, this would result in inconvenience and some

loss of productivity

A Distributed Denial-of-Service (DDoS) attack

uses the same methods as a regular DoS

attack, but it is launched from multiple

sources

The well-known DDOS attack on

Sony PlayStation that compromised

account information of 101 million users

created havoc by a simple flood of data that

distressed functionality of the website for 20

minutes

To web-based and ecommerce companies, this could result in substantial monetary losses from loss of

sales and customer confidence issues

Trang 7

How Do Distributed Denial-of-Service

Attacks Work?

Handler infects a large

number of computers

over the Internet

eC) P- seen orate

Attacker sets a _

Trang 8

Successful DoS attacks might

render their systems unusable,

resulting in loss of revenues;

hence, DoS penetration testing

should be performed ina _

restricted and regulated — i

environment

DoS tests on some network components can hamper or sabotage the host service

Checks on critical systems and DoS attacks on the client’s

network infrastructure can server can cause disruptions to debilitate the organization’s service and dwindle its overall

information structure performance

Trang 9

How to Conduct DoS Penetration Testing

Test heavy loads on the server

Trang 10

How to Conduct DoS Penetration Testing (Cont’d)

Run service request floods

Trang 11

Step 1: Test Heavy Loads on Server

C Neoload - [petstore*] ¬_=

and performance of the server jôg|svse»|@øav|o m=.n =

the client’s remote servers such =| Z œœ 2 ” [Sa gwen +f

server, web server, etc | fone El reheat mart not

es } © Advances | (ec) Lo Acoty +o sử

@ Send malicious or malformed Ren bie hie

E Conszant The load ic grown regdaty

intel user qurmber: ;ọo

packets to different data ys

protocols to distress the host | ` — fee

@ Use automated tools to [i one Gì gi0i20ai00 12g

> l

simulate heavy load on the client server such as Neoload, © seen | Webserver Stress Tool, etc

Trang 12

Load Testing Tool: IxChariot

4 IxChariot is a test tool for simulating real-world applications to predict device and

pe under realistic load conditions

File Eda View Fir Tools Wexkw Heb

H íi #

~ oS ~— đ

^

Pw Goer Tews Records | JON Contdence! Averege | Merwin) Moira] Measwred|] Felatien Groep Nene Mun States ©ctrcktaé lx te+ tor? Pte) toc) | Tee Gec)) Precition

g rs 106434 9910 72.026

ua Pert so Group Fritet Wenect) W -~! tý «+ $39 sys? 4it‡$

" Peri NoGouw Finished

Trang 13

Load Testing Tool: StressTester

StressTester is an enterprise and tool that simplifies and speed ups the

task of performance testing

It monitors as many of the of the system under test as required

` p+ ea © BOs Cat Jes eae Oana cae Ses ome ph) Tx pev #fn J ho om) tx pe MnQre Geach) Resparee Compernen

{ ) | Buy eee hwy Congres per Sex Avg Eeiporue per Mr Ore Pxe nae ~ cụ, Ooohutore '

Xaanev4 6X _ Average Response Times per Second

Lock wots (501 Sere

Ratres (secs): | TewRenas | L LL ~ Browse and Buy @ Crange Veet Oetats @ Users S= CPU Tọt3 (X0680100 | — = amen —- _

— Ueer Sosrey naw Ñ Crản Complete ji rơi — || MarReexose(m) || MRewpesegms) || Avg Recporee (ma) |

‘Rart Cube 99 x4 2009 13-42-22 Bowie wd Ory 0 a „” 9 —

Trang 14

Load Testing Tool: Proxy Sniffer

! PRX: txecute Load Test - Mozilla Firefox

FF hetp://127.0.0.1:7990/dhescher jwebadminatert ace/PopupOw ectonytiavigatorRartL oad Test Weblet "fle? athB64—QzpcR Gir dw I IbARIDVUZCEF aW/S2dG

eee

a: ee agen” Project Navigator - Execute Load Test Mẹ & Ratresh Che

Execute Load Test Job: Test0’

Execute Test from Host Remote ExecAgentt v

Number of Concurrent Users 800 «

Load Test Duration 32min v

Max Network Bandwidth per User unlimited Downlink unlimited Uplink Request Timeout per URL 60 xw Seconds

Max Error-Snapshots 20MB memory ¥ Statistic Sampling Interval 15 ~ Seconds

Additional Sampling Rate perPage Call 100% v

Additional Sampling Rate perURL Call 20% Y Add: recommended ¥

Debug Options nome - recommended ¥

Trang 17

bring down the overall network x9p+E xrrryey “tre dẢoonvs,

systems that are vulnerable to DoS _ ——

vulnerable systems such as software

applications, operating system,

network devices, etc

SS Corticate bntermastan Mecceot Wirceas SMB Sennce Detector byperTewt Trenster Protec! (MTTP) tormnaton

OS | TLS Verwons Supeorted Nessus Server Cietecties

service framework) packets to an

Denial-of-Service attacks on the Wer Server) Apadcaten laswesi k6 Verx$cs Í rượmggYvSrx2

Vows EMUGSX Server clu®Se<%er¬

network such as Nmap, GFI ss 4S abc se SRE

LanGuard, Nessus, etc secieaiseeaa palsies naeaieiaenidanamannnnaametiaE HTTP Metexte Alkowend (per rectory)

Trang 18

Fitter Gow Sard Overnew Computers Heaton, Vuinerabdties Paches Posts Stiwee Hartege xen

: receraton

& tntre nemmeork ® _» Entire Network - 1 computer

BR Locathost - WINMSSELOK AKA! “

* Local Domain | WORMGROUP s Vulnerability Loewe! Seasity Sersors WIN SS SELCK S41

tš “ we Update Firewall issues Credentais Setup

- ee

- e- = kí " 2 1 Corpus aN @ U toreư Jtộ rert

Ser packs and Up Unautnenzed Appicat_ Maturare Protection is

Wel ere cartels - nan "ÝÃ ` ˆ.ˆˆ

Trang 19

——-

connection request packets Import Expot*v oe * Add Insert đở © Copy Delete x | 2 MoveUp Checksum ý Send Send All N |8 ® ; ư- as0f Packet At

a fake source address to the fig Packet Nusber: oP Packet Length: 000004 64 2 1 0.100000 00000000) 0.190000 0.0.0.0 BE target server P Captured Length: 60 | 3 019999 00000

artiall open con ection with MP Source Address: 00:00:00:00:00:00

=- Differentiated Services Field 9000 0000 [15/1} 0xFF

D Differentiated Services Codepoint 9000 99 !t5/1]} 0O0xFC

= Check for any loopholes or flaws 2 Tan sử cal tà CE Bit cece ve 6, ;

2 Congestion oo = = = wees se, )

# Use ba nợ crafting tools such as 0020 | 00 09 00 09 02 00 00 3A FF BÀ 09 00 90 09 00 00 | sen no

Colasoft’s Packet Builder, Engage 0030 Ï 00 00 00 00 09 00 000000000000 i 7 1

Packet Builder, and Scapy to

send SYN requests to the server

Trang 20

step 4: Run Port Flooding Attack on Server

target network infrastructure

the ports under blockade

port, TCP port, ICMP

interrupting server performance

Trang 21

Step 5: Run IP Fragmentation Attack

on Server

File Managers Options Language Help

œi¡b ®%œ Sl(2 ® 3?

VULNERABILITE.COM

Le portail des professionne’s de lo sécurité

des systemes d'information

Specdy header ace |) 5 x4 [bytes]

Type ol service : | Roawtine vị

Computer Security Re sources

From Me L_]

[ Commands }

Nb of packets Ñ [ Serge ]

$ Packetlype TP + | SEND

| | RUN$CRIPT |

| START |

Send non-malicious IP packets

that crash the system and exhaust network resources

Test by sending known invalid

fragmented IP packets that

consume and interject with CPU capacity

Use IP packet builder tools such as TCP/IP Builder or Engage Packet Builder to send a large number of fragmented IP packets to the

target server

Trang 22

Step 6: Run Ping of Death

ef werngoogle.com - Colasoft Ping Too!

65,536 bytes by fragmenting it Tư i y

It is also known as long ICMP, sPING, uì @|?|_ (hee

malformed pings on the client’s system S8 TT TT HT TH ng nã ce!

7 af www.google.com [2011- 12-2 z8 1E- S845} Reply for fm www.google.com: bytes = 6 tme = 9m: TT =- % ˆ

packets to any port on the client’s © 4125.26.82 (2022-12-28 2098/47 Reply form www.google.com: bytes » 04 mg ZIms TTL = 30

© Lo<ationcUnited States [2011-12-28 16:58:48 Reply form www.google.com: bytes = 64 time = 29ms TTL = 56 netwo rk © Packets Sent-35 [2011-12-28 16-S8:50)Reply form www.google.com: bytes = 64 time = 29ms TIL = %

2011-12-78 16:58:51 Reply form www.google.com: bytes = tne = ms TTL =

[2021-22-78 16:58:51 Reply f goog 64 29m¿ TT{ = % [2011-12-28 16:58:53 Reply form www.google.com: bytes = 64 time = 29m: TTL = 5%

[2011-12-28 16:58:54 Reply form www.google.com: bytes = 64 time = 42ms TTL = %

[2011-12-26 16:53:56 Reply form www.google.com: bytes = 64 time = 32ms TIL = 6

Use packet generator tools such as Net

Tool or Colasoft’s Ping Tool to send ORO TO RTE OSI HERE

=e

Trang 23

so VULNERABILITE.COM Computer Security Resourcer overlapping IP fragments

Le porfail des professionnels de ia sécurité SEGUPEDIA >

Network interlace ',ØJ TP uoP | OP

1 Irlelf| PRIO/1099 MT Deskion Adapter [10.0 v ted

ren ar Sequence (0 Acknowledge 0

5 dwa cÍset — | 4 [ Ethemet ] Re) pooly deta offset | x4 [bytes]

(“tHRG | ACK | | PSH | | RST || SYN J] FN j

Specily scarce (MAC) () 000127951561

i Window fo - Urgert ol

SoucelP: 1002 —1 Specd#u TOP checksum

Destination |P Specšy TCP options J

| Đa | Specty header s Faom Re []

Type of service | Routine

Specily total length C]

Pidocol: |6: TCP

Nbol packet; - Í1 Packet ype: [TCP vị | SENO |

Specdy checksum C] 1 { Script ]

Speedy options (J 7

| Webserver: ]

|.) | RUN SCRIPT | Port

Trang 24

Storm the target by sending ping

to the client’s server

Send the known to the client’s

IP broadcast addresses

Check that these forged packets are all systems on the network

to send multiple ping requests

or ICMP packets to the client”s server

Trang 25

step 9: Run an Email Bomber on

Email Servers

a target mail server Ø@ bì $ $ | £ ø | d2 # 2Í: ® CIA BHP Be! RIO-

= Flood the email server with non- Si iol Ss Pelee onan :

ici i 4 % Recyrents a 5 ahkoster@plcdrect ni

malicious emails Be Ho Ít enigrtroEni

~ = Mail bomb with fake multiple j j j > ew ee sests 1 Ä a2znetŒnetzeto Se com

email addresses to the target | — _ Urgent Notiicaborns Hee ) & aalarcon@hotmai com

: * Hang [Zì Â abdelkaderusŒuahoo com

Bomber or Mail Bomber for Sa : Si

sending emails Mode Editing Rlecileris: 7236 Servers, 3 Mescages: 5

http://www.softheap.com

Trang 26

Step 10: Flood the Website Forms and

Guestbook with Bogus Entries

r”—

| * Title Please Select

| would like to receive communications from

Please outline the nature of your enquiry

or comments column of the sites

Submit

Trang 27

step 11: Run Serv aggBequest Floods

Exhaust server resources by setting Flood the client’s server with

up and tearing down TCP numerous service requests containing

connections large payloads

Parsing attacks can also be used to exploit Send queries for web services with a

vulnerabilities in the processing capabilities of grammatically correct SOAP document that

XML parser to create a DoS attack or generate contains infinite processing loops resulting in

logical errors in web service request processing exhaustion of XML parser and CPU resources

Định dạng
Số trang	46
Dung lượng	5,34 MB