A Multitude of Tools and Techniques for Hackers

781 Words2 Pages

Hackers have a multitude of tools and techniques to accomplish their goals, and as old tools and techniques become obsolete, new ones are created. Three questions regarding hacker tools and techniques are addressed here. What are the common tools used to conduct a denial of service attack (DoS)? What is a buffer overflow attack, and how does a SQL injection attack take place?
Tools for a DoS Attack
Unlike many other attack types used by hackers, DoS attacks do not seek to steal information, break into systems or escalate privileges. A DoS attack is used to deny services of a network resource, such as a web server. According to Vangie Beal, “This type of attack is essentially designed to bring a network to its knees by flooding it with useless traffic” (2010). Various tools can be used to perpetrate a DoS attack including Internet Control Message Protocol (ICMP) echo requests, R-U-Dead-Yet (RUDY), Dirt Jumper, and virus/worm programs which automate an attack.
A simplistic form of DoS is practiced by using the ping command with certain options set for the purpose of flooding an IP address with echo requests. According to Chuck Easttom (2012), the echo request is configured so that it is set to near its maximum packet size, response wait time is set to zero, and -t is added to continue pinging until explicitly instructed to stop (p.73). Sending echo requests this way will not inundate a network resource, but if many computers are all simultaneously sending this type of echo request to the same system, eventually the system will not have any resources left to reply to legitimate requests.
RUDY is a program that uses HTML POST requests, such as a login, to simulate multiple slow bandwidth requests, effectively creating a DoS atta...

... middle of paper ...

...ces
Beal, V. (2012). Denial of Service (DoS) Attacks. Retrieved December 28, 2013 from http://www.webopedia.com/DidYouKnow/Internet/2005/DoS_attack.asp
Easttom, C. (2012). Computer security fundamentals. Indianapolis. Pearson.
Hunt, T. (2013). Everything you wanted to know about SQL injection (but were afraid to ask). Retrieved December 28, 2013 from http://www.troyhunt.com/2013/07/everything-you-wanted-to-know-about-sql.html
Hybrid Security. (n.d.). R-U-Dead-Yet. Retrieved December 28, 2013 from http://code.google.com/p/r-u-dead-yet/
Imperva. (2012). Hacker Intelligence Initiative, Monthly Trend Report #12. Retrieved December 28, 2012 from https://www.imperva.com/docs/HII_Denial_of_Service_Attacks-Trends_Techniques_and_Technologies.pdf
Rouse, M. (2007). Buffer Overflow. Retrieved December 28, 2013 from http://searchsecurity.techtarget.com/definition/buffer-overflow

Open Document