TechKnow

Author Topic: Protocols that could possibly be used for Distributed Denial of Service.  (Read 455 times)

0 Members and 1 Guest are viewing this topic.

Offline NotBeyar

  • EHVSN
  • Full Member
  • *
  • Posts: 176
  • Karma: +4/-0
  • Fully stacked developer.
We know by looking at the OSI-model that protocols from
L7 such as DNS, FTP, HTTP, SNMP, SSDP & NTP has been used for DDoS.
protocols on L6 like NetBios has also been used.
On L4 we know that TCP & UDP are the main protocols to be exploited.
By looking at the history of the internet, ICMP has also been used on the L3.

So my question is, do you guys know if there is any protocol that could possibly be used for DDoS? Do you have any suspicions?

Offline Llanz

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
  • Android Developer Newbie
  • Tablet / Size / Model: Raspberry Pi 3 B+!! And a Nokia 3310 attached with 256 DDR4 Ram and  GTX Titan V
Any protocol that could either flood the server's network or exhaust it's target could result in a Denial-Of-Service attack.
I chose a lazy person to do a hard job because it always finds an easy way to do it.

Offline NotBeyar

  • EHVSN
  • Full Member
  • *
  • Posts: 176
  • Karma: +4/-0
  • Fully stacked developer.
Yes, for sure. But the focus here is Distributed Denial of Service.

Offline @sim

  • Newbie
  • *
  • Posts: 35
  • Karma: +0/-0
  • Script kiddie
UDP, TCP (SYN, ACK, RST, FIN) , ICMP(ping flood), ARP, FTP, HTTP, DNS are already mentioned by @NotBeyar
Amplified or indirect attacks can be done through exploiting (sending spoofed ip packets to) protocols like SSDP, SNMP, NTP, BITORRENT or CHARGEN etc to make UDP floods as responses where ip spoofed i-e return address is that of victim (my fav.)
One last thing DDOS can be done even without using a single protocol (IP Null you know! )  😉
Sometimes Good Guys Don't Wear White

Offline NotBeyar

  • EHVSN
  • Full Member
  • *
  • Posts: 176
  • Karma: +4/-0
  • Fully stacked developer.
Have you heard of VSE? It exploits the Valve Source Engine to flood other game servers. Trying to dig a bit deeper about that one.

Offline @sim

  • Newbie
  • *
  • Posts: 35
  • Karma: +0/-0
  • Script kiddie
Hadn't really heard of that one before but found it really interesting. Here is what i've found after digging into it
The Valve Source Engine flood is a UDP (amplification) attack used to consume available resources against a server. The attack is designed to send TSource Engine Query requests (more precisely A2S_INFO packets that are used to retrive information about server) and a DRDOS can be done

From https://hothardware.com/news/mirai-iot-ddos-botnet-source-code-targets-valve-source-engine i found that Mirai IoT DDoS Botnet is capable of making this attack and the good news was that its source code was released to wild which can be found on github https://github.com/jgamblin/Mirai-Source-Code and https://github.com/Screamfox/-Mirai-Iot-BotNet

Here https://developer.valvesoftware.com/wiki/Server_queries is how it handles requests so that you can make your way
Good luck!
« Last Edit: August 05, 2018, 06:48:33 PM by @sim »
Sometimes Good Guys Don't Wear White