Hello to dear TurkHackTeam family.A couple days ago some people said "we dont know the content of methods"
at to the comments which is about our Booter Series.
I will share to the skeleton method's names and their contents which uses at Cyber Security with large expression for that people.
I hope we can inform to friends.
The Amplification Attack which underlying to mostly DDoS attacks is depends to an attacker person who exploits to different protocols for have more sources.
With 1 Gbps' Capacity LDAP Method, its effect can be increased up to almost 50 Gbps.
We can remember this as a service which takes to information of time at devices.
It uses UDP/Port:123.
It sends question packet more than other device can answer , so it provides to the device be inaccessible.
It's full name is Simple Service Discovery Protocol SSDP.
It allows to universal plug-and-run devices to send and receive information by using UDP on 1900 port.
SSDP is very attractive for DDos attacks through it allows to increase of attack's interaction.
SSDP's DDoS attack and the DDoS attack supported by DNS and NTP are in same category because
SSDP's DDoS attack is using a weak botnet network which one copying to victims IP address by attackers.
Then they query to home routers, firewalls, printers, access points with uPnP service open to the Internet etc.
by these and something like these by using that botnet.
We nearly can say "It's from the basic methods of DDoS attack"
There are said to be thousands of Syn variants with modified content.
Maybe I come across with 250-300 piece but there are hundreds of variants too.
I will talk about the basic Syn Attack types.
SYN attack or with other name SYN Flood is a type of blocking to Network service attack.
At that attacking way, the attacker is trying to consuming server resources by make inaccessible to system.
SYN Attack is working with sequencing send SYN request.
SYN Attack is an attack that working without sending ACK code which waiting at server to server.
It doesn't send ACK code ,Malicious client or it spoofs to IP address which at SYN by using fake IP address.
because server try to sends SYN-ACK to fake IP but it the ACK will not be able to send because it knows that a SYN with that address was not sent.
Server will wait a few moments for acknowledgement but because of the request are increasing at attacks the server becomes can't to create new connections.
Then server becomes disable.
Other Strengthened DDoS Attacks
All strengthened attacks that I said at above are using sama strategy for LDAP,NTP etc.
Other UDP protocols that identified as possible tools for "Strengthened attacking".
SNMPv2
NetBIOS
QOTD
BitTorrent
Kad
Quake Network Protocol
Steam Protocol
Except the methods that I told at up , maybe 10000 different methods can be counted.
Though that methods are building to Layer4 based method's basics, new methods are growing and increasing on
that methods.Now let's look at the Layer7 based methods.
One of the most common DoS attacks is HTTP Get / Post attacks.
The basic logic of attack is provide to make nonanswer of server by enduring
GET or POST request from same or diffrent IP address to selected page or pages which at targeted system.
At the situation like this it will look like a real HTTP connect and server will answer to it.
However when more request sends to the server can take, the web server and database service running in the background will be overloaded and out of service.
I don't need to explain Layer7 Method's content because it doesn't have the detailed protocol logic like Layer4.
I will show to specific methods and I will talk about some of the important point about Layer7 attack as extra.
GET Flood,
POST Flood,
Slow Headers,
Slow POST,
Hash DoS,
GET/POST Flood,
Range Bytes,
HTTP Header Fuzz,
Slow Header Fuzz
MX Flood over Balancer
Like I said they are builded on send request to selected website's targeted page.
Now lets look to practice Layer7 attack types,I leave the patterns below.
Http://examplesite.com/
Http://examplesite.com/index.php/
Http://examplesite.com/sayfa search around and send Get/Post requests to links which one insides by extending the link.
Http://examplesite.com/register.php/
Patterns vary changes according to the Target Site structure!
Son düzenleme:
