what can you do?
Haykuro wrote:
Clog open ports forcing the IP offline. (mainly port 139, but if its a server its port 80 a.k.a a DoS/DDoS attack)
hmm.. im pretty sure i missed alot more so anyone feel free to add.
Actually, a D/DoS attack can take place against any open port.
Also, if you have their IP address, you can potentially 0wn their box.
Hey, The ports 137,138 and 139 are open on my system. I had earlier found a way to close them by removing some network components or something like 'Client for Microsoft Networks'. Sharing is disabled. But I find that the ports are still open for me :( . Any ideas. Last time, whatever I did made the logoff option disappear from Start menu. :) . Thats okay by me as it closeed the port too. Any help on how to close those holes?
Thomas:pB):p
@thomasantony: well, u cant really close the ports because there used for networking purposes, which is why they are idol to attacks. ounce they close the internet is disabled on that computer.
now as for port clogging, u just commence a DoS/DDoS style attack but on 1 port.
Basicly port clogging is when you do a simple port scan and if for example we have port 21 open on a server and we dont want to allow FTP access to the administrator, we eigther make a program our selves to distribute billions of packets to submit into that one port until the server shuts it down, or we go down the script kiddy lane and download a pre-made program that will attack 1 port (note these programs are usually less effective, thus i suggest learning how to program on ur own).
thousandtoone: Read that thread though.. I'm about to perform a flame. metsoc30: "which is why they are idol to attacks" metsoc30: idol metsoc30: haahah thousandtoone: Wait, what were they even trying to say? >_< metsoc30: according to the rest of the sentence i think he means to say "open" or "vulnerable" metsoc30: but i think he meant to type "idle" thousandtoone: Interestinggggg. metsoc30: yea thousandtoone: All the shit is wrong, though, 'port clogging,' 'taking down the IP..' metsoc30: i take down IPs all the time …. no thousandtoone: I do too, when a datacenter gives me a 10 IP block, I usually take down the references to two of them, and tell the server not to respond. metsoc30: and sometimes my ports get clogged with dust metsoc30: does that count? thousandtoone: Heh. My vacuum does, too metsoc30: maybe your vacuum is a computer too metsoc30: does your vacuum have a firewall? thousandtoone: ! thousandtoone: It's true! thousandtoone: Yeppy. metsoc30: damn metsoc30: anti-virus metsoc30: ? thousandtoone: Mhm.. HEPA filter! metsoc30: lol metsoc30: one day i'm gonna root your vacuum metsoc30: and then it's gonna get you thousandtoone: lmao thousandtoone: vacuum robot thingys thousandtoone: Rooting those would be fun.
Haykuro wrote: @thomasantony: well, u cant really close the ports because there used for networking purposes, which is why they are idol to attacks. ounce they close the internet is disabled on that computer.
Hey, I dont think so. AFAIK, even when I had somehow disabled those ports I was still able to access the net. I remember checking using netstat after browsing. No.. there must be some way to close them.
Thomas
Haykuro wrote: @thomasantony: well, u cant really close the ports because there used for networking purposes, which is why they are idol to attacks. ounce they close the internet is disabled on that computer.
Hey, I dont think so. AFAIK, even when I had somehow disabled those ports I was still able to access the net. I remember checking using netstat after browsing. No.. there must be some way to close them.
Thomas
Ok guys, this is enough. We can only take so much newbliness at a time.
n3w7yp3:
Actually, a D/DoS attack can take place against any open port.
Also, if you have their IP address, you can potentially 0wn their box.
In regards to the first comment, it is completely stupid of you to think of Denial of Service attacks as solely focusing on a single port. Are you forgetting that a port is merely a window to the world for an application? The DoS can stop all outgoing traffic, or it can misuse the applications processor. This is NOT limited to a single port. If someone ran Apache, IMAP, MySQL, CVS, and BIND, I would probably utilize ALL of the running daemons to slow the PROCESSOR specifically. You can't POSSIBLY think of a DoS as only being network-oriented. As well, 'ports' aren't the only way for data to travel over a network. Are you forgetting, first of all, about TCP vs. UDP? You don't necessarily need connections, just data transfer to a listening daemon. But what about ICMP and IGMP? ICMP is NOT limited to 'pings,' don't ever think that. You just don't understand the topic enough to be explaining it to someone else.
In regards to your second comment, how newbly do you get? I have honestly never heard something stupider than that. First of all, YES it's true. But it's meaningless. IPs are JUST -a single- method of identification over any form of networking. Potential to 0wn them? Well, following your logic I have the physical potential to step through time itself, and grow sixteen testicles by snapping with my right hand.
In short, you're a moron.
Haykuro:
Clog open ports forcing the IP offline. (mainly port 139, but if its a server its port 80 a.k.a a DoS/DDoS attack) now as for port clogging, u just commence a DoS/DDoS style attack but on 1 port.
Basicly port clogging is when you do a simple port scan and if for example we have port 21 open on a server and we dont want to allow FTP access to the administrator, we eigther make a program our selves to distribute billions of packets to submit into that one port until the server shuts it down, or we go down the script kiddy lane and download a pre-made program that will attack 1 port (note these programs are usually less effective, thus i suggest learning how to program on ur own).
First of all, since when is 'port clogging' a legitimate term? It's a DoS, no matter how you look at it. To be more literal with the term 'port clogging,' we would refer to completely filling up the computers physical network connection. Say they had a 10mbps line? Send 10mbps of data and expect their OS to send a bunch right back. Bam, DoS that clogs their pipe/port. You CANNOT simply send to much data to a single port in a network sense. You can send to much data to an application through the network, but that is totally different.
Write your own application? Wouldn't someone who has successfully written one likely be a better programming than someone who goes on a forum and asks what you can do with an IP? You're really dumb. Yes, it would be better for him to write it himself, but it is HIGHLY unlikely his would be more effective. You're really, really dumb. Both of you. (NOT the original thread poster, just the morons who replied with bad information.)
I don't even feel like flaming any further just because you people are so pathetic.
Yes. It seems there are always those couple jack asses running around the fourms.
Now let me clear myself up a bit before you continue to show how much of a dip shit u r.
i use the term port clogging, just because i feel like it. as for my loose use of the word D/DoS attack, please excuse me oh wise l33t h4xx0r of d4 un1v3rs3. i n33d n0t be critisized by little 16 year old fags who sit there doing spell checks on my writing.
its the internet, not a term paper.
as for shutting down port 139, yes its true this wud cause some users to be booted offline, i did not say at one point "THIS WILL H4XX0R 4LL C0MPU73R5!!!" i just simply stated "[clogging] port 139 is usually [ideal] to attacks because it may knock down the internet on [some] computers."
Now if ur in the mood for more flaming, please carry on. I just love being flamed by little n00bs who love running spell checks on my typing.
eiroejrojeroaiodsjaodjsaodjasoidjoerheijreiotpr <– Spell check please.
Thousandtoone,
Holy jeeze dude, calm down. I never insulted you at all, and then you come out and flame me? You say that I don't know enough to help someone (you used ICMP as an example). This thread was never an indepth discussion about ICMP, and yes, I do know about it and its potential to be used in a Denial of Service attack. I have read Fernando Gont's ICMP drafts, and I have wrote Perl scripts which implements most of them. I also know how to use differennt ICMP codes and message types in OS fingerprinting, and in network reconissance and/or enumeration. If you want to turn this into a discussion about ICMP, please, by all means do. I love discussing (relativley) low level aspects of the Internet.
Also, you talk about CPU consumption DoS attacks. You want CPU consumption?
for(;;)
{
fork;
system("perl $0");
}
There's your CPU consumption. And, yes, I do know that having an IP address in itself is quite meaningless, but he was asking, "What can you do with it?" I mentioned "0wning" beause it is one of the more common things. And oh yea, about your ridicouls comment regarding snaping your fingers and growing 16 testicles, ever hear of a private 0-day?
I'm not goning to debate about this in a public forum, where people have much better things to do than read half developed flame posts (which is what this will develop into if this keeps up). If you'd like to flame me some more, feel free to send them to /dev/null.
Absorb: you could also do DNS lookups to determin the ISP, you can do AS tracking traceroutes to find out more about the networks on the way to the IP, there are many things you can do with it.
I don't even feel like flaming any further just because you people are so pathetic.
I completely and utterly agree with a thousandandone dude. You guys are pathetic and lame, by using terminology taht makes the hacking world look like a bunch or nerds looking to "0wn" the fucking universe. "Port clogging"? wtf. Listen to the guy, he has a point. Call things by their technical attributes, so you can avoid confusing n3wbs and UrS3lvs. To know how to use DDos attacks:o, read up on some material online. Here are some links, which, I see, no one thought of providing you 2.
learn IRC
www.ircbeginner.com/ircinfo/tutorials.html
Worms N Botnets
www.windowsecurity.com/articles/Robot-Wars-How-Botnets-Work.html
Making Botnets
http://users.pandora.be/ahmadi/scripts.htm
Net Tools 4
http://users.pandora.be/ahmadi/nettools.htm
Tracking Botnets
http://www.honeynet.org/papers/bots/
Hope you enjoy it, and that you listen to people like thousandandone for future reference.
- netfish11
PS: Sorry, if i offended anyone (I get angry, when someone tries to teach someone something, and they refuse to listen!) :@
GAH!! Telling me to read up on tutorials just because i use some of my own terminology.. WTF?!!
Please excuse me but if the online community has come down to flaming other for nick naming a technical term, then by all means, fuck the online community.
calling me a n00b for giving a nickname to something, ur basicly mocking yourself. U gave yourself a nickname on the internet, does that make u a n00b? 0M-EFF-GG!!!111-SHIFT+1!!! Y0u n00b y0u us3 n1ckn4m35!!!
bah…
Grind:
UDP ports aren't exactly blocked in that sense, just to clear things up. They just don't route to any application or host if they are unused. Considering they are connectionless, they may just bounce off the face of the earth depending on the applications protocol, but having a port 'open' usually implies that it is being routed in some form or another, (or left explicity open by firewalls.) This just becomes awkward around UDP. (I know you know this, but just a clarification for those who travel through this thread and don't understand this.)
Hay/n3w:
Haykuro, why don't we all just refer to IPs as Gnutelle? Certainly that couldn't cause confusion.
n3w, fork bombs do commonly use a lot of CPU, but any smart administrator will limit CPU and forks for a specific username. This isn't exactly the case for external DoS attacks. Instead of relying strictly on bandwidth, if you use a more clever attack that pushes too much information into the application, it can cause a single application to shut down, or the computer itself depending on the application and operating system setup. The port may remain open, the 'IP' may stay online, but the application still no longer responds. Just because you have experience with one authors ICMP writings does not mean you overlooked other protocols, (which I never did limit to ICMP,) in your past post. Had you not written such a misleading work, maybe this wouldn't have come up. (Also, if you're serious about using ICMP for other purpose, why would you use Perl? It has no place in that type of application.) Hey look, your argument was just completely invalidated by a 'newb'.
Still, I do not see any valid argument from either of you. If you want to refute, go ahead. Don't just A) rely on personal attacks, B) simply try and act more intelligent than you are, or C) use weak arguments, such as 'its just what I call it.'
thousandtoone,
I never called you a "newb". And this is my last post on this thats flamish. I'm not here to piss people off, put them down, make them feel bad etc. I'm here to learn, and maybe help someone in the process.
BTW, I wrote them in Perl simply because Perl was my first programming language, and thus what I am most comfortable with. I have recoded some of them in C (using libnet), but I'm just a Perl fanboy ;)
Oh, about using buffer overflows as a DoS attack, http://downloads.securityfocus.com/vulnerabilities/exploits/goodtech_dos.pl.
So, lets just stop the flamming, eh? But seriously, if you wish to discuss things, drop me a PM, or an email (link is in my profile). Also, you can catch me on IRC at irc.nullnetwork.net #hf (SSL is on port 6697). If you prefer IM, my nick is n3w7yp3 (AIM protocol).
And pr1nc3, yes, I have read the Project Honeynet papers before, and I do know what a botnet is. I'm not a huge fan of them, mostly becuase I dislike the idea of hi-jacking client computers.
Alright I'm done. You guys can post mroe flames if you want to, but I'm not going to respond. Like I said in a previous post, I don't think that people reading a public forum should have to wade through flame posts.
lmao this is so fucking boring :) Just shout random viagina and or yeast infection insults at each other would have been a better use of this thread.
By the way I agree telling someone who doesnt know what an IP is to code a DoSer is slightly - erm - 'divvey'? meh.
now…
YOU ARE NOTHING BUT A CHEESEY SMELLING GOAT CUNT!
[sarcasm] yes, i understand how telling someone to go read and learn is out of question [/sarcasm]
all i did was say u can LEARN to code ur own, or go be a SK and download a pre-made flooder that most likely wudnt work unless u were back in the 90's were DoSing a server was as simple as doing a ping of death on a server.