Pentest Tutorials

introduction to break the security using Denial of Service attack

This topic contains 0 replies, has 1 voice, and was last updated by  spartacus 7 years, 8 months ago.

  • Author
  • #602


    A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

    Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used with regards to computer networks, but is not limited to this field, for example, it is also used in reference to CPU resource management.

    Sometimes could a denial of service attack be a part of an attack to gain access at a system. At the moment I can think of the following reasons and specific holes:

    1. Some older X-lock versions could be crashed with a method from the denial of service family leaving the system open. Physical access was needed to use the work space after.

    2. Syn flooding could be a part of a IP-spoof attack method.

    3. Some program systems could have holes under the startup, that could be used to gain root, for example some versions of SSH (secure shell).

    4. Under an attack it could be usable to crash other machines in the network or to deny certain persons the ability to access the system.

    5. Also could a system being booted sometimes be subverted, especially rarp-boots. If we know which port the machine listen to under the boot we can send false packets to it and almost totally control the boot.

    6. Crashing a router or firewall can be part of an attack to gain access.


    1.A denial of service attack could be a part of a revenge against a user or an administrator.
    2.Imaginate the small company A moving into a business totally dominated by company B. A and B customers make the orders by computers and depends heavily on that the order is done in a specific time (A and B could be stock trading companies). If A and B can’t perform the order the customers lose money and change company. As a part of a business strategy A pays a computer expert a sum of money to get him to crash B:s computer systems a number of times. A year later A is the dominating company.

    # Unusually slow network performance (opening files or accessing web sites)
    # Unavailability of a particular web site
    # Inability to access any web site
    # Dramatic increase in the number of spam emails received—(this type of DoS attack is considered an e-mail bomb)

    Methods of attack

    The five basic types of attack are

    Consumption of computational resources, such as bandwidth, disk space, or processor time.
    Disruption of configuration information, such as routing information.
    Disruption of state information, such as unsolicited resetting of TCP sessions.
    Disruption of physical network components.
    Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

You must be logged in to reply to this topic.