DOS attacks using cmd and protection against them [closed] - security

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
After finding someones ip you can easily send pings to them to make DOS attacks. Me and my friend tried to make a defense against them and wanted to know how a low level attacker can send this DOS attacks. When one of us sent pings to the other using cmd when we were connected to the same modem(wifi) it succeed in sending pings. But when we were on different networks it failed and sent a message like "Request timed out". I assume this is a failure message but I've some questions in this matter.
I won't write the command to make DOS attacks since I don't want to encourage anyone in making those and anyone who is knowledgeable in this subject already knows how to do that.
//Assume that attacker knows the ip of the victim.
Questions
Can a computer be successful enough to slow down the second computer if he sends infinite pings? If so in how much time(approximately.)(assume their computers are same.) What can be the worst result for the victim?
How can someone be successful in making DOS attacks to people who are connected into different networks from cmd? And how can I take measures against them?

This will not work over the internet if the victim's router is set not to send ICMP replies to ping requests.
Can a computer be successful enough to slow down the second computer
if he sends infinite pings? If so in how much
time(approximately.)(assume their computers are same.) What can be the
worst result for the victim?
Not significantly. What you need is an amplification attack - that is the victim's computer has to do more work than you for each request. Sending a reply to a ping is minimal work and involves sending the same amount of bytes back, so you are not slowing the victim machine anymore than your own.
How can someone be successful in making DOS attacks to people who are
connected into different networks from cmd? And how can I take
measures against them?
You would be better off using a software tool to do this, or by setting up a botnet to do a distributed denial of service instead (DDoS). Usage of such tools are probably illegal depending on your jurisdiction and you should get full permission if testing this from the owners of all networks and systems where your traffic would flow.
Mitigating DDoS is the million dollar question. Services such as CloudFlare can help. It all depends on what you need to protect and who from.

Related

Using aircrack on Windows to Crack my WPA [closed]

Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 10 days ago.
Improve this question
I'm new to hacking and security in general. I wanted to learn a few things so I'm trying to break into my Wifi which is using WPA security. I've been googling and trying to find a way to do that for windows. What I found that has been helpful is this tutorial:
https://www.youtube.com/watch?v=TAbS_-uqhJQ
I've downloaded an older aircrack version (aircrack-ng-1.0-rc3-win) and Comm for Wifi like in the video. I ran the Comm for Wifi and I have packets that have the handshake protocol like this:
EAPOL-Key(4-Way Handshake Me...
When I insert the packet log into the aircrack GUI along with my wordlist. I get an error saying there no handshakes when very clearly in the log there are several handshakes. I used a .pcap file from the aircrack website (along with the same password list) and aircrack works fine with that .pcap file. I've compared their .pcap file with mine and I don't see a difference between them besides the obvious ESSID's and BSSID's and other small details but it looks like the same type of handshake packets are there.
I'm very new to this and I understand that probably Windows is not the best OS for hacking but I feel like I'm pretty close. Does anybody have any suggestions as to what to do next? Is there a way to fix this problem?
i prefer you to use kali 2.0 for cracking!
basically wpa cracking steps are
switching your wifi adapter to monitor mode.
locking a base network(to be attacked).
listing the clients connected to it.
(/ in wpa, packets doesnt contain any relevant data)
4.for cracking, we have to disconnect a client for few milliseconds ,forcing to reconnect by sending hand shake packets.
we have to capture above packets, compare with a wordlist.
Note: wpa cracking is hideous task, if we have no idea of password(its length,characters used)!! it could take several days to crack!!!..
u can test it to crack your own network

Is it flood DDOS attack? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I'm a regular user of your website but I never asked a question. I hope, it's a good way. For some weeks, I have special DDoS attacks on a website. I don't know what kind of attack they are and how is it possible to launch them. The question is not how to block them, I know this, but what kind of attack it is and how is it possible. I think it's flood DDOS attack, but how this one?
For some weeks, 3 times, I had on my website thousands and thousands gets (+/- 10,000/min, during 30 minutes, to make down my server), such as :
index.php/q=99999, all queries are different and existing on the website;
all IP are the same per attack (only one IP per attack, and the 3 IP used for each of these attacks are in the same segment xxx.xxx.xxx... From a same host in another country, which doesn't have link or competition or anything with my site.
the user-agents are different (+/- 40 different agents per attack, never two times the same successively, but all of them same time.)
I don't think that the IP sources are really the attackers, because, it's little stupid to use all the same IP for such attack. But I think that the hackers want to make me think that the attacks are really coming from these IP.
But, if these IP sources are not real, how is it possible to launch such attack, with +/- 40 different agents, coming from the same IP in same time. Is-it easy to do that? does it need big systems? A single hacker could do that? Or such services are cheap and existing on the net?....
I can block such attacks but I try to understand the goal, the meaning of them and how they do that. To block only is not enough. I need to understand. If you cannot help, maybe advise me where I could find the information.
Thank you so much.
It does sound like an attack alright. It's not hard to pull off, nor set up. These kinds of attacks are usually done via computer farm or a zombie horde, and as such it's fairly easy to set up, and as a result to that, it's a service offered online.
People do this because they can or because of a personal and/or business vendetta.
I could write about this topic for hours, but none of it wouldn't have been said before. So allow me to forward you to some further reading on the topic.
For a quick and dirty overview:
Tom's hardware entry on the topic is also a nice, condensed, straight to the point write up, which I've found useful in the past.
A more detailed, yet broad overview of DDoS attacks and protection:
Wikipedia's article on Distributed Denial of Service attacks is extremely well written and updated. I suggest you start there.
If you're serious about defending yourself/ educating yourself: CISCO's article on how to defend yourself against DDoS. It's extremely detailed and long and useful. I've come back to it several times over the years for help on the topic -- both academically and professionally.
Good luck!

How to Ensure outsourced programmers don't maliciously use your server? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I have outsourced the programming of an iPhone app.
The programmer has requested access to a server to uploaded data from the app which is a necessary part of our app.
However I have never met the programmer.
I don't have any programming skills, and wouldn't know what he has uploaded to the server.
So therefore,
Do you know of any solutions to my issue of ensuring that the server is only used for the purpose of our app, and not for running any other code.
I intend on using amazon servers, but could use another option depending on the answers
There is no easy "magic bullet" - You will need to trust someone whatever you do.
Either you will need to trust your developer to use the server correctly. Or you will need to trust an experienced sysadmin to set up the server properly and give defined access rights to other users.
In my experience, it is unlikely that a developer you hire will use your server for malicious purposes. However it is quite likely that either:
They will use the server for some other, non-malicious uses on the grounds that "no-one will notice" (e.g. transferring a few files). Probably not a big issue as long as they are sensible.
They will make a mistake with config / security that will allow others to gain unauthorised access. This could be a big problem - you could find your server hijacked and your customer data compromised.
Basically it all comes down to trust, your tolerance for risk, and how much you are willing to pay an expert to run this stuff for you.

why are ISP's only blocking sub domains and not the full domain [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
Using the popular torrent backdoor come.in as an example, why are only the sub domains being blocked by ISP's?
Originally my ISP blocked eztv.it so I found eztv.come.in which was eventually blocked after some time only to be replaced with ezztv.come.in.
They are now on ezzzztv.come.in and no doubt in time they will be on ezzzzzzzztv.
They also have backdoors to all the other big torrent sites and do the same thing, just open up again with a new sub domain URL
Is there some kind of technical reason that the main domain is not being blocked? Or maybe it's a legal reason. I am no expert but can't think of a logical reason the main domain is not being blocked instead of the ISP playing this cat and mouse game.
I doubt it's anything too mysterious. I'd say it depends heavily on how they are doing the blocking and I'm willing to bet this changes a good bit from ISP to ISP. I would guess that it's one of the following:
1) They get hostnames to block from some source (some kind of commercial feed maybe?), this source gives them the subdomains (i.e. specific hosts instead of a group of hosts), they import this to some list that gets blocked
2) Plain old ignorance or laziness - maybe whatever team is in charge of this just blocks based on hosts because they don't care enough to do basic pattern recognition on hosts they're ordered to block.
3) Technical reasons - maybe whatever tool they use to manage their blacklists only accepts subdomains?
Unless we get someone that does this kind of work for ISPs (and they do it the same way as you are describing), then we'll never know :-)
I do not know why the subdomains are being blocked, however I do know that using a encrypted VPN such as HotspotShield means that your ISPs cannot know what you are visiting (And therefore would have to either block everything or nothing), which means that you can bypass that block.
When I accidentally forgot to pay the bill (Was overdrawn) and my ISP limited me to only Google and Youtube, I used a VPN and was able to access everything fine.
I have only ever used HotspotShield, never used TOR, etc, so I don't know which VPNs it would work with or not (really the question is, which VPNs are encrypted?).
VPNs give higher latency, but to my knowledge do not give slower download speeds (Except if the VPN has a slower internet connection than you), so should be fine for downloads.

IIS Smtp Server [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
My application needs to send thousands of emails on a daily basis.
So I thought about writing my own smtp server, using C#, which would pull a database every minute to see if there are any pending email messages.
But, then I came across Microsoft's IIS SMTP service....
My question :
Can the IIS SMTP service handle that amount of outgoing emails, and is it reliable? Or should I reinvent the wheel and write my own?
Thanks
Yes, IIS SMTP can handle it.
Yes iis SMTP should be fine. But there are few things you should consider.
Load test the server : This will give you the maximum number of emails which can be sent at a time.
If you are planning to send large number of emails, its better to "sleep" after sending few emails and then continue with the rest.
I once wrote a cron job to send out emails in a short interval and I made a mistake of not checking the status of the previous job. A job crahsed in between and the second one started sending emails to the same address which crashed and then the next one started......
Only reinvent the wheel only if you can design a much much better wheel ;-)
I would consider using 3rd party services. This is not cheap, and there is good reason they charge money for that.
1st, if you plan on sending high volume of emails on regular basis, you need to build trust relationship with major email vendors: definately gmail, hotmail, yahoo, excite, altavista, etc. That relationship will take a while, but is well worth it. Without that, your server will get banned very fast.
Check out iContact, Mailchimp, or Aweber.
Good luck
I would suggest you do some load testing on the SMTP server to make sure it handles the load you are expecting to put on to it.
I would not suggest you reinvent the wheel by building your own SMTP server. If you find the IIS SMTP performance is not up to scratch you could try and find an open source one.

Resources