Denial of Service(DOS) attack is an attempt by hackers to make a network resource unavailable. It is usually temporary or indefinitely interrupt the host which is connected to the internet. These attacks typically target services hosted on mission critical web servers such as banks, credit card payment gateways.
Symptoms of DOS
- Unusually slow network performance.
- Unavailability of a particular web site.
- Inability to access any web site.
- Dramatic increase in the number of spam emails received.
- Long term denial of access to the web or any internet services.
- Unavailability of a particular web site.
Hands ON
1 .Launch WebGoat and navigate to 'Denial of Service' section. The snapshot of the scenario is given below. We need to login multiple times there by breaching maximum DB thread pool size.
2 .First we need to get the list of valid logins. We will use SQL Injection in this case.
3 .If the attempt is successful, then it displays all valid credentials to the user.
4 .Now login with each one of these user in atleast 3
different sessions inorder to make the DoS attack successful. As we know
that DB connection can handle only 2 threads, by using all logins it
will create 3 threads which makes the attack successful.
Preventing Mechanisms
Perform thorough input validations. It is always better to expect worst case scenarios.It is better to seperate Data disks from system disks.
Aucun commentaire:
Enregistrer un commentaire