Hack the network to achieve the overload attack to the process of parsing-vulnerability warning-the black bar safety net

2009-08-23T00:00:00
ID MYHACK58:62200924363
Type myhack58
Reporter 佚名
Modified 2009-08-23T00:00:00

Description

In network overload attack, a shared resource or service due to the need to process large amounts of request that cannot be met from other users of the arrival of the request. For example, a user generates a lot of processes, then other users cannot run own processes. If a user uses a lot of disk space, the other user cannot generate a new file. Effective protection system against overload attacks, the approach is to divide the computer resources, each user's usage limits on your own that parts. In addition, you can also let the system automatically checks whether the overload or restart the system.

  1. Process overload problem

The simplest denial of service attacks is a process attack. In the process of attack,―a user can be prevented at the same time another user uses the computer. The process of the attack usually happens in a shared computer, if there are no people with their compete for using the computer, it is not necessary to use this attack method. This attack on what is now the UNIX system does not have much effect, because now the UNIX system limit any UID(except o)using the process number. This limit is called MAXUPROC, when constructing the system, the kernel is set, some systems allow the startup to set this value.

For example soIarts allowed in the/etc/system file to set this value. set NAXUP Co C;1 0 0 for this attack the user consumes his own process number, and not someone else's. A super user can use the ps command to view a process the children of the number, use the kill Command to kill those unwanted processes. Sometimes not a turn―one kill these processes, because the remaining process will generate a new process. A good way is to use the kill Command to stop these processes, then kill them. In addition you can simultaneously kill a group of processes. In many cases, a user generates many processes, which is the same group. To find out the process group, you can use the ps command options, and then once to kill these processes.

Now in the UNIX system, one that has super user permissions the user still can by using the process of the method of attack to make the system shutdown. This is because the super user can make the number of processes, there is no limit, but as a super user, he can still shut down the system, or perform other commands, so this is not a very important issue. Unless the super-user is running the app has an extremum, and no one can get a process, even if it is just to log in. There are some other circumstances may cause the system overload. Although not enabling a user to reach his own maximum number of processes, but due to too many users in the use of computers, the system still reaches an allowable maximum process number. Another possibility is a system configuration error, a user is allowed to use the process tree itself has been equal to or exceed the system allowed maximum process number. When the system has too many processes, there is no better way to correct, only to let the system reboot. This is because:the user cannot run the ps command to determine how many processes need to kill, because the execution of the ps command also need to generate a process. If the network administrator is currently not logged in as a super user, you also can't use su or is 10gin command because these two commands also have to generate a new process. For this case, you can use exec% exec /b 2n/su Pass word:#note that do not knock the the wrong password, because the program will be executed, but after execution, it will automatically exit the system.

If the user encounters a rk in too many processes caused by system saturation, restart the system. The most simple method is based on the chassis of the RESET button. However, this destroys the file on disk blocks, because the system has not had time to refresh the disk. Not many systems are designed to be able to in suddenly closed, also perform a graceful shutdown of those work. A better way is to kill some process, and then enter the single user mode.

In modern unix systems, the superuser can send a SIGTEBM signal to the In addition to system processes and its own process of all processes:#KILL-TERM-1#

If you currently use UNIX without which it can execute the following command:#KILL-TERM1 to the INIT process sends a SIGTERM signal. UNIX automatically kills all the processes, into single-user mode, in this case, you can perform the sync command, and then restart the system.

  1. System overload attacks

Another popular process-based attack is a user to produce a number of processes, consuming large amounts of cpu time. This attack reduces the other user available CPU processing time. For example, a user using a find command, and use it in some directory find the file, these can cause the system to run like a crawl, like slow.

A better approach is to educate users to reasonably share the system, users are encouraged to use the nice command to reduce the processes running in the background priority. In addition, you can also use the at and batch commands, some of the length of the task scheduling in the system is not so busy time to go to perform. For those who deliberately or repeat this behavior the user can take some measures.

If the system is overloaded, using the root login, will be their priority for Newham is set to a higher value. Then use ps command to observe the running processes and use the kill Command.

  1. Disk attack

Attack way is to fill the disk space of a user to the disk filling up large number of files, the other user cannot generate a file to do other useful things.

Disk full attack

the du command can be found in the system partition disk space usage. the du command recursively search the directory tree, listing each one with the number of blocks. You can also use flnd command lists the file name. You can use the find command's-size option lists the size of the file exceeds a certain caution file.

quot command according to the Each user to summarize file system usage. Use the―f option, & quot; to print out each user using the file number and block number.

The UNIX File System uses inodes to store file information. One may be a disk can not be used approach is to consume all the on-disk free inode, so that it can not generate a new file. A user may generate thousands of empty files. This is a very confusing issue, because the df command prompt there are many available space, however when generating the file, but get an error. This is because each new file, directory, pipe, file requires an inode structure to Description. If the available inodes consumed, the system will not generate a new file, but in this case, the system has available disk space.

You can use the df command's―I option to see how many free inodes. Typically, a disk is divided into a number of smaller partitions, protect disk full attack. The different user's home directory into different partition. In this way, if a partition is full, other users are not affected.

Another effective approach is used in many modern unix systems have some quota system, to protect the system against such attacks. By the disk quota system, each user can determine how many inodes are available;how many disk blocks are available.

To prevent denial of service attacks

Many modern UNIX allows the administrator to set some restrictions, such as restrictions can use the Maximum Memory, CPU time and may generate the largest files. If the current is being developed―a new program, and you don't want to accidentally make the system become very slow, or make other share that hosts the user is unable to use these restrictions is very useful. The Korn Shell ulimit command and the Shell of the Iimit command can list the current process's resource limits.