Question about DDos?
Results 1 to 7 of 7

Thread: Question about DDos?

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    127

    Question about DDos?

    Ok, ive read around about how distributed denial of service attacks kinda work and from what i understand is that alot of them are trojans or viruses that make the computer log into irc servers and wait for a command. My question is, wouldn't it be making a denial of service attack on the irc server?
    The only four things i need are food, water, a computer, and the internet.

  2. #2
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    No.

    If you are hit by a virus or worm that happens to leave a Trojan horse behind, or someone just hacks your system and leaves a backdoor open or a Trojan horse it just gives them an avenue to get into your computer at a future date.

    When a virus drops a Trojan it will typically either connect to a specific server or send an email message or something to let the attacker know that the machine is compromised and available for their use.

    When the time comes that they want to initiate a DDoS attack they can issue the command to all of the various compromised machines "under their control" and specify which IP address or range they should flood to create the denial-of-service.

    Hope that helps

  3. #3
    Senior Member
    Join Date
    Dec 2002
    Posts
    127
    Thanks, that does help. But i remember reading something about ddos attacks and it said that some of them waited for commands in irc servers. I dont really know too much about it but it made me a little curious.
    Thanks again tony.
    The only four things i need are food, water, a computer, and the internet.

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Posts
    117
    What you are referring to Madseel, is DDos Ircbots (Zomibes).

    An example of a trojan that did just what you descibed is IRC.Mimic.

    You can read about it here:
    http://securityresponse.symantec.com...irc.mimic.html

    Now I havent had this happen too me, but I read a paper about it and I have found some Zombie-channels on various IRC-networks in the past. Pretty scary to see 120 clients or so sittin dead just waiting for commands...

    From what I've heard a herd of 120 Zombies is pretty small. These can go to the thousands.
    .sig - There never was a .sig?
    I own a Schneider EuroPC with MS-Dos 3.3 and it works.

  5. #5
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    You have the general idea behind DDoS, the improtant thing to know also is that it does not have to be a trojaned binary on a group of hosts, in fact the attacker/cracker/hacker (pick your term ) does not even need to have access to any of the machines except for via some protocol (ICMP, UDP, TCP, X.25, etc).

    The most classic and widely known of all these sort of attacks was the 'smurf' attack. Basically, the attack caused all the machines in a range of ip's to ping-flood a single host. Now imagine 254 of your own boxes ping flooding your host with packets > 65450 kb..... Now what if several whole networks (n * 255 hosts) were doing this to your host?

    Many of the trojans you have read about are quite efficient at generating DDoS attacks, however for the sake of understanding the term....

    DoS = An attack (typically carried out by a single machine) against a vulnerable system to cause it to become so busy handling the traffic that it is unable to handle and *new* traffic, thus making it effectively unreachable.

    DDoS = An attack launched by several host against a vulnerable system to cause them to be so overcome with traffic that they are effectively unreachable. Or simply DoS ^ n attacking hosts.

    Ping floods are very simple and common types of DoS/DDoS attacks, but you will also see rpc-floods, udp-floods, SYN-floods, and many others. The essential idea is to simply overwhelm the target.

    Good question, sorry for being such a nerd with my reply....
    Get OpenSolaris http://www.opensolaris.org/

  6. #6
    Junior Member
    Join Date
    Apr 2003
    Posts
    26
    to add more to it, ping-flooding doesn't work anymore. almost all the systems around the work can cop with it quite easily now. anyhow, there's still some very big holes left for flooding....
    how one should cop with DDoS? buy and Intrusion Detection System (IDS) from cisco?
    Life would have been alot easier if I had the source code!

  7. #7
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    Madseel, u should visit http://grc.com/files/grcdos.pdf

    It describe a DDoS using evilbots based on IRC. But there is many other type of Zombies running through the net
    [shadow] SHARING KNOWLEDGE[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •