Unlimited Attempts AllowedDetails

Virtual Labs: Perpetrators of DoS

Consider what you have learned so far about Denial of Service as you review the objectives and scenario below.  Complete the lab that follows on EC-Council’s website using the link below.

Objective

Denial of Service (DoS) is an attack on a computer or network that prevents legitimate use of its resources. In a DoS attack, attackers flood a victim’s system with illegitimate service requests or traffic to overload its resources and prevent it from performing intended tasks.

The objective of this lab is to help students learn to perform Denial of Service attacks and test a network for DoS flaws. In this lab, you will:

• Perform a DoS attack by sending a large number of SYN packets continuously
• Perform an HTTP flooding attack
• Perform a DDoS attack
• Detect and analyze DoS attack traffic

Scenario

In computing, a denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Although the means, motives, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

One common method of attack involves saturating the target machine with external communications requests so that it cannot respond to legitimate traffic, or it responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. DoS attacks can essentially disable your computer or your network. DoS attacks can be lucrative for criminals; recent attacks have shown that DoS attacks are a way for cybercriminals to profit.

As an expert Ethical Hacker or Pen Tester, you should have sound knowledge of Denial of Service and Distributed Denial of Service attacks in order to detect and neutralize attack handlers and mitigate such attacks. The labs in this module will give you a hands-on experience in auditing a network against DoD and DDoS attacks.

Week 8 Lab Assignment 1: Auditing a Network against DoD and DDoS attacks.

Lab Task:

The objective of this lab is to help students learn how to perform a DDoS attack—in this case, HTTP Flooding.

Lab Description:

A distributed denial of service (DDoS) attack is a more sophisticated form of DoS attack in which, in some cases, it is difficult to trace the attackers. A DDoS attack is a large-scale, coordinated attack on the availability of services on a victim’s system or network, launched indirectly through many compromised computers on the Internet.

A DDoS attack uses many computers to launch a coordinated DoS attack against one or more targets. Using client/server technology, the perpetrator is able to multiply the effectiveness of the DoS significantly by harnessing the resources of multiple unwitting accomplice computers, which serve as attack platforms. The flood of incoming messages essentially forces the target system to shut down, thereby denying service to legitimate users.

These attacks come from various machines that can be in the same location or various other locations. As large numbers of “zombies” participate in this attack, an enormous amount of traffic is directed onto the victim machine, resulting in temporary or permanent damage to its resources.

As an expert Ethical Hacker and Penetration Tester, you must be aware of all types of DoS attempts and prevent them from affecting information systems.

Access the lab here: EC-Council | iLabsLinks to an external site.

Submit proof of this assignment completion by uploading and submitting a screenshot of the graded lab from EC-Council Labs. Refer to the Course Projects page for more information on project submissions.