Disqus for Cyber Fort

Saturday, 13 July 2013

Pin It

Widgets

The Basic Fundamentals of Layer 4 & 7 DoS and DDoS Attacks


Introduction
Hello, I'm Mark. I thought I'd give a little introduction to you guys if you don't know me. I have been on this forum since 2011 and usually hang out at marketplace discussions. I am interested primarily in cyber security and have been learning different stuff for about a year now because of my enthusiasm towards it.

Today I hope to show you the different layers in networking which are used for DDoS. This thread will cover layer 4 & 7. If you wish to learn about other layers like Layer 3, you will have to search it yourself. Many booters or stressers use these 2 layers to attack their targets. So without further or do, I should probably get down to the main piece.

The OSI Model
If any of you have ever been interested in Networking, which I hope you have (as we're in the networking section) then you have probably heard of theOSI Model. The OSI Model groups different aspects of networking functions together, this is my definition of it.


Quote:
A seven-layer model of network communications developed by the International Standards Organization (ISO).

Today, I will cover two Layers.

  • Layer 4 - Transport Layer
  • Layer 7 - Application Layer

  • When booters advertise Layer 4 & 7 attacks they a referencing from the OSI model.

    Layer 4

    Layer 4 is the "Transport Layer", when initiating an attack the methods main aim is to reach connection or bandwidth limits from the host. Layer 4 can be mitigated quite well and isn't as tricky to detect malicious packets unlike Layer 7. 

    Examples:

    Layer 4 can be really effective with home connections and servers without any DDoS protection. Layer 4 can be easily mitigated if there is DDoS protection present.

    A basic description of Layer 4 attacks is that they send so many packets to the target, in which the host is overwhelmed by the amount of packets that the attacker has sent. Which results in the host being unable to deal with the packets coming from a legitimate customer or visitor.


    LOIC is a shit tool. It is being used as an example.

    Most people remember this abomination of a tool. This was used "supposedly" to bring down Mastercard. Some people say that as well as people using LOIC there were a few members who used Botnets to bring the target down while Anonymous members were using LOIC. I'm not here to debate that, I'm here to tell you what this tool effectively does.

    I don't have actual numbers on how many people used this tool to attack Mastercard but effectively, it could take down mastercard. LOIC is very similar to a Botnet, someone sends a command (FOR LOIC someone on a IRC says we will attack at whatever time) to attack a target at the same time. Because so many people are sending packets at one time, many servers cannot withhold this amount of traffic.

    What I'm trying to put across is Layer 4 is just trying to drain the resources of a host until it cannot take it anymore.

    Layer 7

    Layer 7 is the "Application Layer". It is much harder to mitigate as it's harder to pick out the malicious traffic from the legitimate. Layer 7 could be effective on taking down effectively anything if it was a specialised attack.

    Example:

  • Slowloris
  • ARME
  • RUDY

  • Layer 7 can be an exploit to server software such as Apache or Nginx, a good example of this is ARME which consumes memory and CPU. You can customise your Layer 7 attack to the application you are trying to attack. 

    An example of a Layer 7 DDoS attack I'm going to use is Th3J35t3r. Although I am unsure what methods he uses, he routes them through the TOR Network, if any of you know the fundamental basics you'll understand that it would be pretty hard to find the source of the attack through TOR. While he hasn't released any information, we do have a screenshot of what it looks like. 

    The main thing we must remember from Layer 7 is that only one attacker is needed to initiate a huge attack. Layer 7 gives huge power to just one person.


    Resources

    I have a few resources if anyone wants to divulge some more. Some of these were sources as well so I thought I should put them here.

    The OSI Model Demystified
    Layer 4 vs Layer 7 DoS Attack
    Layer 7 DDOS - OWASP
    Saturday Night Fever: Layer 7 attacks against CloudFlare sites
    Generations of Dos Attacks
    The Jester Dynamic



    If you feel I should of added something else or find any errors please point them out. No ones perfect. Enjoy the read, took me a few hours for me to write this all up.


    pls regards..


    0 comments :