strawberry wine Posted February 3, 2016 Share Posted February 3, 2016 hello everyone, i am new to this forum. and i wanted to know the difference. also what happens when you ddos/dos someone? is it a bad thing? is it illegal and why? Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 3, 2016 Share Posted February 3, 2016 Yes it's illegal unless if you have their written consent and you ensure you only touch their network. DoS stands for Denial of Service and DDoS stands for Distributed Denial of Service. A DoS attack simply floods a network/system with so many requests that it can't provide services to legitimate users. It is quite difficult for a single system to perform this kind of attack these days and if using a single system the attacker can be caught pretty easily. A DDoS attack uses many systems to flood the target and makes it more difficult to find the attacker. These types of attacks are generally performed by a botnet where an attacker has taken over many different machines. It is much easier to bring down a target system/network with hundreds, or thousands, of machines. Quote Link to comment Share on other sites More sharing options...
Rkiver Posted February 3, 2016 Share Posted February 3, 2016 DOS: Disk Operating System. (Exactly what it says on the tin). DDOS: Distrubuted Denial of Service attack. DDOS is illegal and likely to end you in prison. Using DOS is old school, but you can get Zork and Doom to run on it. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 3, 2016 Share Posted February 3, 2016 DOS: Disk Operating System. (Exactly what it says on the tin). Using DOS is old school, but you can get Zork and Doom to run on it. You forgot to mention DOS is not illegal. Or is it...? Quote Link to comment Share on other sites More sharing options...
barry99705 Posted February 3, 2016 Share Posted February 3, 2016 You forgot to mention DOS is not illegal. Or is it...? Depends on where you downloaded it from... Quote Link to comment Share on other sites More sharing options...
strawberry wine Posted February 4, 2016 Author Share Posted February 4, 2016 if you dos someone, can they still find you even if you used a vpn? Quote Link to comment Share on other sites More sharing options...
Fallen Archangel Posted February 4, 2016 Share Posted February 4, 2016 if you dos someone, can they still find you even if you used a vpn? Yes Quote Link to comment Share on other sites More sharing options...
cooper Posted February 4, 2016 Share Posted February 4, 2016 People are mixing up cause and effect here. (D)DoS is effect - The machine doesn't respond to legitimate traffic in a timely manner. This can have multiple causes. 1. Inbound traffic overload. There's so much data flowing into the pipe that you get the digital equivalent of a traffic jam. Typically the one flooding the network does so with junk because (s)he's not interested in the server response. 2. Outbound traffic overload. One or more client repeatedly requests so much data from the server that it creates an outbound traffic jam to the server. Think about what happens when you run something like Youtube on 1 server. The clients send simple, valid and relatively small requests to the server and the server responds by sending back a shitload of data. If you do that with enough concurrent connections, everything slows down to such a crawl that it becomes unusable. 3. Server malfunction. If you find a way to formulate your request to the server such that the server's process crashes (or for bonus points, gets taken over by your Metasploit instance) it isn't able to service the legitimate requests. 4. Server resource depletion. On UNIX there's a limit to the number of open files a process can have. If you find a bug in the server that results in the leaking of file descriptors you can prevent the server from opening new files, which may result in the service being unable to do what it should be doing. 5. Firewall misconfiguration. If you know the firewall auto-blocks traffic from an IP for a certain amount of time when 'dangerous' traffic is noticed (known attack signatures), you need to only provide 1 such request that seems to originate from your victim's IP address for every block clearance interval to deny all service to that IP. 6. Exploit the authentication protection system. Repeatedly log in as your victim with the wrong credentials to cause the account to get locked. This is just the tip of the iceberg. Look at this presentation from 32C3 where a guy who can test your site's resilience against DDoS attacks talks about the fails he's encountered. Quote Link to comment Share on other sites More sharing options...
bored369 Posted February 4, 2016 Share Posted February 4, 2016 This is just the tip of the iceberg. Look at this presentation from 32C3 where a guy who can test your site's resilience against DDoS attacks talks about the fails he's encountered. That was a good talk, thanks for the link! Quote Link to comment Share on other sites More sharing options...
fugu Posted February 4, 2016 Share Posted February 4, 2016 (edited) 3. Server malfunction. If you find a way to formulate your request to the server such that the server's process crashes (or for bonus points, gets taken over by your Metasploit instance) it isn't able to service the legitimate requests.I would also like to add that an exploit that is not able to execute remote code, but is able to crash the remote service can be called a Denial of Service Exploit. I don't think an exploit could ever be called a DDOS exploit. Edited February 4, 2016 by fugu Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 4, 2016 Share Posted February 4, 2016 (edited) I would also like to add that an exploit that is not able to execute remote code, but is able to crash the remote service can be called a Denial of Service Exploit. I don't think an exploit could ever be called a DDOS exploit. Yep. Anything that denies service is a DoS attack. It could be as simple as turning off a service in Windows Services and changing the name of the executable so it doesn't start back up. Edited February 4, 2016 by sud0nick Quote Link to comment Share on other sites More sharing options...
cooper Posted February 5, 2016 Share Posted February 5, 2016 (edited) I would also like to add that an exploit that is not able to execute remote code, but is able to crash the remote service can be called a Denial of Service Exploit. I don't think an exploit could ever be called a DDOS exploit. Think of an exploit that hits the main listening socket's process. You know, the one that does the accept() and then hands that off to a separate thread for handling but through some stupid bug allows you take over this process prior to your socket being handed off to a separate thread. While your exploit code is active within this process no new connections can be accepted (no thread is blocking on accept() on the listening socket anymore). Another example is a program that tries to do everything asynchronously from a single thread. If you manage to exploit that and take over the thread, the service is effectively gone meaning you've DoS'd the box. Edited February 5, 2016 by cooper Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.