DOS ATTACKS by Darkness I'm writing this article for DataZine, because of the recent DOS attacks on some major servers and sites on the internet. Personally I think DOS attacks are lame as fuck. I mean who cares if you can take a server off the net?? Its not hacking, it is against hacker ethics. Its not hard to sit in a couple shell accounts, and compile some DOS scripts, anyone can do that, it doesn't take talent or skill to do that!! There are manily two types of DOS attacks, one is where a fucked up packet was sent with bugs in, that is sent to the host, and the host machine doesn't know what to do or how to handle the packet, so the system simply just crashes. A good example of this is when you used to be playing on your Windows95 box, and you got a blue screen, you were probably "nuked" by some lame fuck. The second type of DOS attack I'm going to talk about is a DOS attack that is aimed to take down a whole network. These are usally the "flooding" programs, like smurf. They send tons of packets to a host you specify, by doing this they lag all traffic, and all the other packets comming into the host, so people who are just surfing to a website or something, they can't get in, because the host is trying to deal with all of the DOS packets at the same time. But the shutdown a whole network of computers, your going to need more then one attacking computer. You need several different computers to launch your strikes from. Once you have shells on other computers, you can't just ftp your DOS script in and compile it in your shell, then run the program on the same host, and at the same time, and BAM the host will go down after getting enough packets. The reason that it is so hard to catch anyone doing this kind of stuff is that, most scripts have a built in ip spoofer, they put fake IP's on the packet. So they only real way to trace a packet is one by one, going back through the route of the packet, and back through all of the routers, that the packet came through, and you have to do this one by one, so it can take a long time to track, and then once you get there, you end up with the shell that the hacker used, and I bet that its probably not even his shell. DOS attacks are hard to defend. But you can do it. If your on windows get a PC Coseal Firewall and write a good rule set, keep logs and monitor connections, you could even get nuke nabber 2.9 and listen to your ports, and log any incoming attacks. I use FreeBSD a lot, so if you use BSD or UNIX, set up IPFW, you have to compile support into your kernel for it, but it is a firewall just made for filtering packets, so set up your IP Firewall, and try to re-direct all of your packets to another target, so when someone packets you, its all directed to like www.aol.com, or www.antionline.com. Heres some services that I reccomend that you should filter out. DNS zone transfers - socket 53 (TCP) tftpd - socket 69 (UDP) link - socket 87 (TCP) (commonly used by intruders) SunRPC & NFS - socket 111 and 2049 (UDP and TCP) BSD UNIX "r" cmds - sockets 512, 513, and 514 (TCP) lpd - socket 515 (TCP) uucpd - socket 540 (TCP) openwindows - socket 2000 (UDP and TCP) X windows - socket 6000+ (UDP and TCP) You should always filter ICMP redirect and ICMP destination unreachable packets. In addition, sites should filter source routed packets. Well this is all I have for now, have fun securing yourselfs from DOS attacks. Remember DOS is lame, if you do it your are lame, your not a hacker, and it takes no skill, you just give the whole underground community a bad name!! Shouts to: TheHex, MetGod, Napalm, the rest of www.tdcore.com, www.hfactorx.com , and Uneek!! Written by: Darkness