PACKET ATTACKS - VERSION 1.1 Let me start by saying the internet is full of wonderful tools and papers like this one. Alot of these things can help you increase your knowledge, perhaps your job or more. But just as easily as you can learn from them, people read into them to much and decide to harm other peoples work for no apparent reason. Let it be known that is in no way the purpose of this paper. A true hacker is one who strives to attain the answers for themselves through curiosity. Its the path we take to those answers that makes us hackers, not destruction of other peoples work. So with that said, please enjoy my work, as I have enjoyed writing it. The flow of data has always captured my interest. Just how does it work, how can we dissect it and use it to our advantage. Well I have spent a long time studying all of this, and that is why I wrote this paper. It's a collection of run on s entences on different packet attacks and how they work. Now we all know you can learn all you ever wanted to know about the specifications of a protocol by reading its 30 page RFC document. But that is the protocol according to design, in the wild its a different story all together. 'Packet Attacks' covers everything from basic DOS attacks to TCP/IP hijacking. Hence the name "Packet Attacks". This paper also focuses not just on attacks but practical ways to prevent such attacks and ideas on new methods to help us stop them and secure our networks. Introduction: TCP/IP Packet Switching Networks OSI MODEL ---Chapter 1.--- Section a. Introduction to DDOS/DOS & Packet Attacks Section b. How attacks are crafted ---Chapter 2.--- Section a. (attacks) ICMP Smurf SYN/ACK UDP DNS ARP DrDOS Special Bot / Trojans Worm DOS Unicode ping flood (new!) Section b. Phasing Section c. (hacks) TCP hijacking Sniffing Scans Information gathering / Footprinting Section d. Defense against these attacks Attack Detection Intrusion Detection Section e. IPSEC NAT as a means of security ---Chapter 3.--- Section a. The future of TCP/IP as a means of using IPv6 ---Chapter 4. --- Section a. New security application / protocol ----- Introduction. Well I assume most of you reading this paper already have a good understanding of TCP/IP and how it works so I wont get to much into detail on that, but I will scrape the surface on the parts we NEED to discuss. The internet is a MASSIVE web of machines all connected to one another through a series of hardware devices known as routers, switches, hubs, bridges and lots more. All of these devices (although some are smarter then others) push along packets. Our operating systems and applications craft these packets in order to send data to one another over the wire. Each packet, although varying in size, carries a small bit of data to and from one host to another. Each packet must also carry its own personal information such as where it came from and where its headed. Of course there is a lot more to a packet then just this information. But as far as attacks go this is the crucial information we need to look at. Now there are many many different types of protocols that craft many different types of packets. And they are all read differently when they are received at the other end. Where as an ARP packet may tell a host who has this MAC address on this subnet, a TCP packet might transfer the last few bits in that MP3 your downloading. Regardless the data, all of these packets use the same wire to move to and from locations. I couldn't possibly discuss every protocol and packet structure in this one paper. The average end user takes for granted all of this running in the background while they surf the net. Most people dont understand the complexity of this internet we are all so familiar with, the chat rooms etc. But there are people who do, and there are people who take advantage of that. Reverse engineering has led to the creation of attacks using the basic fundamentals these protocols rely on. And since TCP/IP is so embedded in our infrastructure we must adapt and learn to defend each new attack. OSI MODEL Open Systems Interconnection model, is a seven layered networking design. Its an industry standard that defines exactly how data is transffered between protocol to protocol. Not every protocol follows the OSI model exactly and some do. TCP the internets main mode of data transport does not follow it exactly. Let me take you through a brief over view of the OSI model. Layer Seven : Application Layer This layer is obviously application specific, it provides everything from authentication to email to ftp and telnet, the list goes on. Its specifically for end user processes, what we input into our applications we can see on our screens. Layer Six : Presentation Layer This layer changes and possibly encrypts the data so that the application layer can understand it. (you will understand what this means in a few minutes) Layer Five : Session Layer Think of this layer as Establishment, Control and Termination of the sessions formed by the application(client) to a remote host(server). Layer Four : Transport Layer This layer is responsible for the invisible transfer of data between host to host. It is there to ensure all data transfer goes accordingly. The protocols used are, UDP and TCP. Layer Three : Network Layer This layer is for error correction, packet sequencing, and for transmitting data from node to node. Addressing is also another function of this layer in inter-networking. Layer Two : Data Link Layer This layer decodes and encodes packets into bits so they are ready for the physical layer. It also handles error correction in the physical layer. This layer is also divided into two different sub-layers. The LLC (logical link control) and MAC (media access control) sub layers. The LLC sub layer provides control for frame synchronization and error checking. The MAC sub layer controls how a computer on your network has access to data. Layer One : Physical Layer This layer is the actual movement of the data. Using electrical impulse or some other form of data movement is pushes the bit stream towards the other host. This layer is the hardware level, the ethernet card, the wire etc. There are many protocols within this layer. You may ask yourself why I listed these from 7 to 1. Well I did to show you how the OSI model really works. Layer Seven really comes first, the end user types something into his instant messenger (for example) and the data flows down through the OSI model being encapsulated and changed at every level it has to be changed or corrected at. The data travels the wire and at the other end it moves back up the OSI model all the way back up to layer seven where the other host can read it in the original form it was sent. So theres a VERY basic understanding of the OSI model and how it works to transmit data from host to host. There is alot more protocols and parts to the OSI model but this basic representation should provide a firm understanding. To understand all of this more in depth please get your hands on a few RFC (request for comment) documents and start reading. Because it will take you a very long time to understand exactly how TCP/IP works. If your very knowledgeable in the way TCP/IP works then this paper should make alot of sense to you, perhaps even bore you! :( On the other hand if you dont understand TCP/IP as well as you would like to, you still might get something out of this. I try and explain all of the technical writing as easily as I can. Feel free to email me if you have a question or comment. Thanks :) Data_Clast --------------------------------------------------------------------------------------- Chapter 1. Section a. The most common attack on the internet today is a denial of service attack. There are many programs on the internet today that will assist anyone in crafting one of these attacks. The sad part is for as easy as they are to make their power can be destructive when used properly. No matter what kind of packet attack it may be most are based on the same principal, volume. Thousand and thousands of spoofed packets will eat up network resources within minutes, choking and essentially 'killing' any network. There are many types of packet attacks. Some are more sophisticated then others. I will also talk about TCP/IP hijacking and your typical port and vulnerability scans among other things. Why do people launch these attacks? How are they launched? How do they exactly (technically speaking) 'choke a network'?! Hold tight im getting to that. The lower end of these attacks are usually launched by what the hacker community calls a script kiddie. You see a hacker isnt a mindless web defacing juvenile (please see the mentors manifesto). A hacker is a person of true intellect and would never craft such an attack for no reason. But these lower end attacks are usually launched at peoples individual machines. Their IP address's may come from an IRC chat room, yahoo messenger, AOL, ICQ, or whatever other messenger you might use. Although not as sophisticated, these 'lower end' attacks can still knock an individual machine offline in minutes. The slightly more advanced attacks may be aimed at a business competitor in order to slow their sales or disrupt their outgoing internet connection. Whatever the reason may be they are usually launched for a reason. Attacking a box for no reason is typically useless and will only take up your own bandwidth. The more sophisticated attacks are aimed at government and root points of the internet. Such as the attacks on the root DNS servers in October of 2002. These attacks were sophisticated in the way they were crafted. The attacks laste...
kopia23