264 Chapter 11 ■ Denial of Service
Fraggle
A fraggle attack is a variation of a smurf attack that uses UDP echo requests instead of
ICMP. It still uses an intermediary for amplification. Commonly a fraggle attack targets the
UDP echo requests to the chargen (character generator) port of the intermediary systems
via a broadcast request. Just as in a smurf attack, the attacker spoofs the victim’s IP address
as the source. Each client that receives the echo to the chargen port will in turn generate a
character to be sent to the victim. Once it’s received, the victim machine will echo back to
the intermediary’s chargen port, thus restarting the cycle.Land
A land attack sends traffic to the target machine with the source spoofed as the target
machine itself. The victim attempts to acknowledge the request repeatedly with no end.Permanent DoS Attacks
Most DoS attacks are temporary and only need to be stopped and any mess they created
cleaned up to put everything back the way it was. However, some types of DoS attacks
destroy a system and cause it to become permanently offline.
Phlashing is a form of permanent DoS that involves pushing bogus or incorrect updates
to a system’s firmware to a victim’s system. When this is done, the hardware becomes unus-
able in many cases without being replaced. When a system is attacked in such a manner, it
is said to be bricked. In other words, it is worthless as a computer and now is a brick.Application-level Attacks
Application-level attacks are those that result in a loss or degradation of a service to the
point it is unusable. These attacks can even result in the corruption or loss of data on a
system. Typically these types of attacks take the form of one of the following:Flood This attack overwhelms the target with traffic to make it difficult or impossible to
respond to legitimate requests.Disrupt This attack usually involves attacking a system with the intention of locking out
or blocking a user or users—for example, attempting to log into a system several times to
lock up the account so that the legitimate user cannot use it.Jam In this attack, typically the attacker is crafting SQL queries to lock up or corrupt a
database. We’ll discuss jam attacks in Chapter 14, “SQL Injections.”
See Exercise 11.1 on how to perform a SYN flood.E X E RC I S E 11.1Performing a SYN FloodLet’s go through a quick example of a SYN flood attack using hping3. Hping3 is a Linux util-
ity used to craft custom packets such as packets that have specific flags activated. Refer to
Chapter 5, “Scanning Networks,” for a review of TCP flags. Let’s get started.