427 Botnet fm qxd

■
RDP.LST
■
RIP-MD5.LST
■
RIPEMD-160.LST
■
SHA-1.LST
■
SHA-2.LST
■
SIP.LST
■
SIPHASHES.LST
■
SMB.LST
■
SMTP.LST
■
SNMP.LST
■
SSH-1.LST
■
TDS.LST
■
TELNET.LST
■
VNC-3DES.LST
■
VNC.LST
■
VoIP.LST
■
VRRP-HMAC.LST
DDoS
The earliest malicious use of a botnet was to launch Distributed Denial of
Service attacks against competitors, rivals, or people who annoyed the both-
erder.You can see a typical botnet DDoS attack in Figure 2.3.The sidebar, “A
Simple Botnet” in Chapter 1 describes the play-by-play for the DDoS.The
actual DDoS attack could involve any one of a number of attack technolo-
gies, for example TCP Syn floods or UDP floods.
In order to understand how a TCP Syn Flood works you first have to
understand the TCP connection handshake.TCP is a connection-oriented
protocol. In order to establish a connection,TCP sends a starting synchroniza-
tion (SYN) message that establishes an initial sequence number.The receiving
party acknowledges the request by returning the SYN message and also
includes an acknowledgement message for the initial SYN.The sending party
www.syngress.com
46
Chapter 2 • Botnets Overview
427_Botnet_02.qxd 1/9/07 9:49 AM Page 46

increments the acknowledgment number and sends it back to the receiver.
Figure 2.4 illustrates the TCP three-way handshake.
Figure 2.3
A DDoS Attack
Figure 2.4
A TCP Connection Handshake

Download 6,98 Mb.

Do'stlaringiz bilan baham: