9,082
edits
Changes
→Packet Flooding Attack
* '''[[UDP]] Floods'''- A stream of UDP is sent to the victim's IP Address
* '''[[UDP]] Floods'''- A stream of UDP is sent to the victim's IP Address
These attack tools changes the characteristics of packets in the packet stream such as the '''Source IP Address''' to hide the real source of the packet stream. The method of sending packet streams to one or more intermediate sites to create responses that will be sent to a victim is called '''IP Spoofing.'''<ref>[http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/Spoofing/default.htm Spoofing]</ref> Other packet stream attribute being altered by intruders are the '''Source/Destination Ports''' and '''Other IP Header Values''''.
These attack tools changes the characteristics of packets in the packet stream such as the '''Source IP Address''' to hide the real source of the packet stream. The method of sending packet streams to one or more intermediate sites to create responses that will be sent to a victim is called '''IP Spoofing.'''<ref>[http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/Spoofing/default.htm Spoofing]</ref> Other packet stream attribute being altered by intruders are the '''Source/Destination Ports''' and '''Other IP Header Values'''.
==Timeline of Trends in DoS Attack Technology==
* July 1999- [[Trinoo]] and [[Tribe Flood Network]] (TFN) DDoS Network tools were widely distributed using UDP Flood attack, TCP SYN flood, ICMP echo request flood, and ICMP directed broadcast denial of service attacks respectively.<ref>[http://www.cert.org/incident_notes/IN-99-07.html Cert Incident Notes IN-99-09 Distributed Denial of Service Tools]</ref>
* August 1999- [[Stacheldraht]] DDoS tool was discovered in isolated cases using combined features of trinoo, TFN ad some new encypted DDoS tools to protect the attacker.Stacheldraht involved selective based targeting on the packet generating capability of the target systems.<ref>[http://www.sans.org/security-resources/malwarefaq/stacheldraht.php Malware FAQ: Analysis on DDOS tool Stacheldraht v1.666]</ref>*
* November 1999- CERT/CC sponsored the Distributed Systems Intruder Tools (DIST) Workshop.<ref>[http://www.docslibrary.com/results-of-the-distributed-systems-intruder-tools-workshop Results of the Distributed-Systems Intruder Tools Workshop]</ref>
* December 1999- [[Tribe Flood Network 2000]] (TFN200) was released and it was designed to attack some UNIX and UNIX-like systems and Windows NT to destabilize and crash systems by sending malformed or invalid packets.<ref>[http://www.cert.org/advisories/CA-1999-17.html CERT Advisory-CA-1999-17]</ref>
* January 2000- Stacheldraht DDoS tool was discovered and widely spread on multiple compromised hosts in several organizations.<ref>[http://www.cert.org/advisories/CA-2000-01.html CA-2000-01 Denial-of-Service Developments]</ref>
* Packet Amplified Attacks on Name Servers became common.
==References==
==References==