Page 78 - StudyBook.pdf
P. 78

62     Chapter 2 • General Security Concepts: Attacks

             masters) to commence the attack.The most widely known DDoS attacks are
             Trinoo,Tribe Flood Network, and Stacheldracht.
                 Hundreds, possibly thousands, of zombies can be co-opted into the attack by
             diligent hackers. Using the control software, each of these zombies can then be
             used to mount its own DoS attack on the target.The cumulative effect of the
             zombie attack is to either overwhelm the victim with massive amounts of traffic or
             to exhaust resources such as connection queues.
                 Additionally, this type of attack obfuscates the source of the original attacker:
             the commander of the zombie hordes.The multi-tier model of DDoS attacks and
             their ability to spoof packets and to encrypt communications, can make tracking
             down the real offender a tortuous process.
                 The command structure supporting a DDoS attack can be quite convoluted
             (see Figure 2.2), and it can be difficult to determine a terminology that describes it
             clearly. Let’s look at one of the more understandable naming conventions for a
             DDoS attack structure and the components involved.
                 Software components involved in a DDoS attack include:


                  ■   Client The control software used by the hacker to launch attacks.The
                      client directs command strings to its subordinate hosts.

                  ■   Daemon Software programs running on a zombie that receive incoming
                      client command strings and act on them accordingly.The daemon is the
                      process responsible for actually implementing the attack detailed in the
                      command strings.

                 Hosts involved in a DDoS attack include:

                  ■   Master A computer that runs the client software.
                  ■   Zombie A subordinate host that runs the daemon process.

                  ■   Target The recipient of the attack.
                 In order to recruit hosts for the attack, hackers target inadequately secured
             machines connected in some form to the Internet. Hackers use various inspection
             techniques—both automated and manual—to uncover inadequately secured net-
             works and hosts.After the insecure machines have been identified, the attacker
             compromises the systems through a variety of ways.The first task a thorough
             hacker undertakes is to erase evidence that the system has been compromised, and
             also to ensure that the compromised host will pass a cursory examination. Some of
             the compromised hosts become masters, while others are destined to be made into




          www.syngress.com
   73   74   75   76   77   78   79   80   81   82   83