Hackers have a multitude of tools and techniques to accomplish their goals, and as old tools and techniques become obsolete, new ones are created. Three questions regarding hacker tools and techniques are addressed here. What are the common tools used to conduct a denial of service attack (DoS)? What is a buffer overflow attack, and how does a SQL injection attack take place?
Tools for a DoS Attack
Unlike many other attack types used by hackers, DoS attacks do not seek to steal information, break into systems or escalate privileges. A DoS attack is used to deny services of a network resource, such as a web server. According to Vangie Beal, “This type of attack is essentially designed to ...view middle of the document...
While the request is pending, more requests are sent, until eventually so many requests are open that the victim system has no resources left to handle legitimate requests (n.d.).
Dirt Jumper is not a single DoS platform, but a group of programs which are variations of the same program. Each variation has its own features and functionality, but generally they all are capable of performing HTTP flood, SYN flood and POST flood attacks. According to Imperva (2012), “Dirt Jumper itself has more than 5 versions, all freely available online. Its availability lead to the development of many similar tools with minor modifications that go by other names, like RussKill, September, Simple Di Botnet and Pandora DDoS” (p.11).
Viruses and Worms can be used to automate a Distributed DoS (DDoS). Such was the case with the MyDoom worm which used the email accounts of infected computers to spread itself to the users email contacts. At a predetermined date and time, all of the infected machines launched a successful DDoS attack against www.sco.com ( Chuck Easttom, 2012, p.81).
The Buffer Overflow Attack
Operating systems (OS) and the programs that run on an OS which receive input data use a reserved space in memory to temporarily hold data – the space is called a buffer. The buffer is a predetermined size, and when the size of data is larger than the size of the buffer, the program must handle the data in some way. A secure program will either reject the data or truncate it. If the program is not designed to handle unusually large data appropriately, the data may spill over into RAM that was not set aside for that purpose. If that data was specifically designed to overflow the buffer, the portion that overflows into non-buffer memory could be a malicious program designed to execute code on the target system. Potentially the overflow of buffer data can unseat other information from RAM, causing other programs to crash. This type of attack is known as a buffer overflow. According to Margaret Rouse, “Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming...