Website Attack Investigation

Denial of Service (DOS)

A Denial of Service (Do’s) is a type of attack one service that disrupts its normal function and
prevents other users from accessing it.

The most common target for a Do’s attack is an online service such as a website, though attacks can
also be launched against

Networks, machines or even a single program.

Link: - https://www.youtube.com/watch?v=xdd505iOmDg&ab_channel=Cloudflare

Investigation

Once a DDoS attack occurs, immediate identification of the source ports, and in what form the
attack is coming in as, is necessary so blocking, and filtering can be activated to stop the
intrusion.

Working with your Internet Service Provider (ISP) is required so they can work with your security
support teams to immediately remediate the issue from the service provider’s routing systems,
as well as your company’s security perimeter.

Why hire DDoS Investigation Experts?

DDoS attack is an on-going struggle for businesses in the industry, today. Prevention and immediate
mitigation will continue to be the best solution available. You need DDoS real-world, Black Hat
subject-matter-experts using White Hat industry-proven best practice techniques to offset and
protect your company from these types of attacks that could potentially disable your company’s
cyberspace solutions.

Propagation of Malicious Codes :-

There are three most commonly used malicious code propagation methods.

1. Central Source Propagation (Publicity)

2. Back-Chaining Propagation (Publicity)

3. Autonomous Propagation
Central Source Propagation:

It requires central source where attack toolkit is installed. When an attacker exploits the vulnerability
machine, it opens the

Connection on infected system listening for file transfer.

File transferring mechanism that is used for transferring Malicious Code (toolkit) is normally, HTTP,
FTP, and RPC.

Back-Chaining Propagation

Back-Chaining Propagation requires attack toolkit installed on attacker's machine. When an attacker
exploits the vulnerable

Machine. It opens the connection on infected system listening for file transfer. Then the toolkit is
copied from the attacker. Once

Toolkit is installed on the infected system, it will search for other vulnerable system and the process
continues.

Autonomous Propagation:

In this process the attacker exploits & send malicious code to the vulnerable system. The toolkit is
installed & search for other

Vulnerable systems. Unlike Central Source Propagation, it does not require any Central Source or
planning toolkit on own system.

Distributed Denial of Service

(DDOS):-
A distributed denial-of-service (Dodos) attack is a malicious attempt to disrupt normal traffic of a
targeted server, service or network

By overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. Dodo’s
attacks achieve effectiveness by

Utilizing multiple compromised computer systems as sources of attack traffic.

Link: - https://www.youtube.com/watch?v=OhA9PAfkJ10

Link: - https:/www.youtube.com/watch=yLbC7G71lyE
Ping of Death:-
A Ping of Death attack is a denial-of-service (Do’s) attack, in which the attacker aims to disrupt a
targeted machine by sending a Packet larger than the maximum allowable size, the original Ping of
Death attack is Less common today. A related attack known as an ICMP flood attack is more
prevalent.

How does a Ping of Death work:-

An Internet Control Message Protocol (ICMP) echo-reply message or “ping”, is a network utility used
to test a network connection,

And it works much like sonar - a “pulse” is sent out and the “echo” from that pulse tells the operator
information about the

Environment. If the connection is working, the source machine receives a reply from the targeted
machine.

While some ping packets are very small, IP4 ping packets are much larger, and can be as large as the
maximum allowable packet

Size of 65,535 bytes. Some TCP/IP systems were never designed to handle packets larger than the
maximum, making them Vulnerable to packets above that size.

When a maliciously large packet is transmitted from the attacker to the target, the packet becomes
fragmented into segments,

Each of which is below the maximum size limit. When the target machine attempts to put the pieces
back together, the total Exceeds the size limit and a buffer overflow can occur, causing the target
machine to freeze, crash or restart.

#--------------------------=============================--------------------------------------#

Defending against a Do’s Attack :

The threat of being targeted by Do’s attacks have lead many major online services to implement
various strategies for handling overwhelming Floods of data or traffic

Some of the anti-Do’s techniques :-

1. Traffic analysis and filtering

2. Sink holing

3. IP-based Prevention
Traffic analysis and filtering:
Traffic analysis is the process of monitoring network protocols and the data that streams through
them within a network.

Sink holing:-
Sink holing is the redirection of traffic from its original destination to one specified by the sinkhole
owners the sinkhole. (The name is a reference to a physical sinkhole, into which items apparently
disappear.) Sinkholes can be used for good or ill intent.

Link: - https://www.youtube.com/watch?v=mf6OMPNfLN8

Link: - https://www.youtube.com/watch?v=yPNKQZar-Fw&ab_channel=HackerSploit

IP-based Prevention
An intrusion prevention system (IPS) is a form of Powell Secure that Works to patent and prevent
identified threats. Intrusion prevention

===================
==============
SECURITY via IDS, IPS
Firewall
A firewall is a component which is used to filter the incoming and outgoing OR the inbound and
outbound rules of a particular network. A Firewall is having a database of signatures for the data
packets moving inside or outside of a Network. The data packets moving in a Network Traffic having
a malicious content can be blocked by a firewall according to the rule sets created by a Network
Administrator.

Link: - https://www.youtube.com/watch?v=kDEX1HXybrU&ab_channel=PowerCertAnimatedVideos

How Firewall Work:

Firewalls are software or hardware that work as a filtration system for the data attempting to enter
your computer or network. Firewalls scan Packets for malicious code or attack vectors that have
already been identified as established threats. Should a data packet be flagged and determined to be
a security risk, the firewall prevents it from entering the network or reaching your computer.

Link: - https://www.youtube.com/watch?v=KZc1KaE1OKU
 Types of Firewall:-
Proxy firewall
An early type of firewall device, a proxy firewall serves as the gateway from one network to another
for a specific application. Proxy servers can provide additional functionality such as content caching
and security by preventing direct connections from outside the network. However, this also may
impact throughput capabilities and the applications they can support.

Tasteful inspection firewall

Now thought of as a “traditional” firewall, a tasteful inspection firewall allows or blocks traffic based
on state, port, and protocol. It monitors all activity from the opening of a connection until it is
closed. Filtering decisions are made based on both administrator-defined rules as well as context,
which refers to using information from previous connections and packets belonging to the same
connection.

Unified threat management (UTM) firewall

A UTM device typically combines, in a loosely coupled way, the functions of a tasteful inspection
firewall with intrusion prevention and antivirus. It may also include additional services and often
cloud management. UTMs focus on simplicity and ease of use.
See our UTM devices.

Next-generation firewall (NGFW)

Firewalls have evolved beyond simple packet filtering and tasteful inspection. Most companies are
deploying next-generation firewalls to block modern threats such as advanced malware and
application-layer attacks.
According to Gartner, Inc.’s definition, a next-generation firewall must include:

 Standard firewall capabilities like tasteful inspection

 Integrated intrusion prevention

 Application awareness and control to see and block risky apps

 Upgrade paths to include future information feeds

 Techniques to address evolving security threats

While these capabilities are increasingly becoming the standard for most companies, NGFWs can do
more.