What is DOS for?

This paper is divided into two parts: concept and how to.

The concept will tell you the definition, background and principle of this term.

How to tell you the application, skills and possible problems of this entry.

DOS has two different concepts, namely denial of service or disk operating system.

Concept-Denial of Service

1 DoS overview

Denial of service (DoS) refers to an attack mode in which an attacker directly or indirectly sends a large number of data packets to the service port of the target host, resulting in its network being blocked and unable to provide normal services to customers. Warning: For your safety and the future of the network, please don't attack the Internet host with DoS under any name.

According to the means of implementation, it can be divided into DoS, Ddos, DRDos and so on.

1. 1 What is DoS?

DoS is the abbreviation of "denial of service" in English and "denial of service" in Chinese. DoS attacks are specially designed to prevent authorized users from accessing the system and system data. The usual attack method is to overload the system server or crash the system. Similar to hundreds of people dialing a phone at the same time, the phone is busy and unavailable. DoS attacks may include sending a large number of erroneous network packets through the Internet. If the DoS attack comes from a single point attack, a simple flow control system can be used to detect computer hackers. More complex DoS attacks can contain multiple structures and a large number of attack points. Computer hackers often manipulate other computers and network servers and use their addresses to carry out DoS attacks, thus covering up their true identities.

1.2 What is DdoS?

Another closely related concept is DDOS, which is the abbreviation of "distributed denial of service" in English and "distributed denial of service attack" in Chinese. This attack method uses the same method as the ordinary denial of service attack, but there are multiple sources to launch the attack. Usually, the attacker uses the downloaded tools to infiltrate the unprotected host, and after obtaining the corresponding access rights of the host, installs software services or processes (hereinafter referred to as agents) in the host. These agents have been dormant until they get instructions from their owners. The master terminal commands the agent to launch a denial-of-service attack on the specified target. With the widespread use of cable modems, DSL and harmful and powerful hacking tools, more and more hosts can be accessed. Distributed denial of service attack means that the host can launch thousands of attacks on a target at the same time. The power of a single denial-of-service attack may not affect broadband websites, but thousands of attacks distributed around the world will have a fatal impact.

1.3 What is DRDoS?

DRDOS is the abbreviation of "distributed reflection denial of service attack" in English and "distributed reflection denial of service attack" in Chinese. Different from the above two methods, this method relies on sending a packet with the victim's IP address to the attacking host (a bit like sending a wrong letter). Because it is the second step of "three-way handshake" using TCP/IP service, the attacker doesn't need to install Trojan horse for the victim, and it only takes the attacker very little resources to start DRDoS. For more information about DRDoS, please refer to the following materials:

1. Essentials of Hacker Defense (Volume II, 2002) ... A new generation of DDoS attacks. The author of this paper introduces the discovery, analysis, solution and reflection of DRDoS as a victim.

B.TCP/IP Network Management, published by O 'Reilly, the English name of TCP/IP network administrator, and issued by China Electric Power Press. P26 introduces the details of "three-way handshake".

How-Denial of service

1. 1 How to implement DOS

The simplest DOS is to use the "device name resolution vulnerability" of WIN9X/ME. To test whether you have this vulnerability, just enter "c:\con\con" when operating, if there is a blue screen. In fact, con is a special device of WINDOWS ... "itself", then the above command system is understood as infinite loop of drive C. Therefore, you receive a blue screen code such as 0X0008 or 0X000e, indicating that there is not enough memory.

Network applications are mainly aimed at local area networks. The premise is that the target host is a WIN9X/ME system, and "file and printer sharing * * *" is started.

Suppose our Target host name is "target", and when we operate, we enter "\\Target\print$", and we hang it there (other * * * directories will do). But you can't use the start menu until it crashes.

The other is "ping of death". Ping is a DOS command to send internet control message protocol. The size of the internet control message protocol ICMP be specified by the -L parameter. When the size exceeds 65536 bytes, fragmentation will occur due to buffer overflow. If such packets are sent continuously, the CPU of the other computer will have to be busy reorganizing these fragmented packets, and its CPU utilization will remain at the level of 100%.

Fortunately, WINDOWS PING can only send packets smaller than 65500. Of course, running multiple commands at the same time like this also has a certain effect-ping target-L65500-T, which is also effective for WINDOWS2000.

These are the DoS methods that exploit vulnerabilities. Although it works, it's all patched up now. In fact, what DoS is really terrible is to directly attack the victim's port with pipeline software such as NC(NETCAT).

1.2 How to implement DDOS?

The advantage of DDOs is "distributed", and the process is C-S-T, that is, client-puppet host-target machine. Puppet host is a bridge. On the one hand, it accepts the instructions of the client (such as the IP address and port of the target machine); On the one hand, it sends junk data to the target machine.

There are two kinds of puppet masters, one is the Trojan master. Attackers install Trojans on puppet hosts by means of overflow or kidnapping such as IE, JPEG, RPC, etc., and they are at their mercy. Shock waves and dictators are like this.

The second is "good people do bad things". For example, CC attacks with IE proxy, and now some people use "mobile phone subscription" to engage in SMS DoS.

1.3 How to implement DRDoS?

There is an available DRDoS WIN32 program in Security Focus. The principle of DRDOS is similar to man-in-the-middle attack, and we can study it from TCP/IP protocol.

2. 1 How to enhance DoS?

2. 1. 1 First of all, you should have the principle of least authority. If * * * is not used, close ports 135 and 139 to avoid shock wave.

The second application of the principle of least privilege is to use users with low privilege (no more than POWER users) and use NTFS file system (convert disk C to NTFS and run this command: convert c: /fs:ntfs), so that most vulnerabilities can be immune, and viruses are hidden in the snow because of insufficient privilege.

2. 1.2 If you are an individual user or a small business, it is recommended to use BLACKICE, which can not only intercept overflows and Trojans, but also block IP. Its built-in intrusion monitoring can also tell you the attack methods and harm of intruders. Xiaohei has been downloaded in the new century of China culture.

2. 1.3 If you are a big enterprise, you may have to open a port like 80. However, before DoS, they usually step on the spot first. If there is a honeypot or IDS, they can get the signature of the packet and discard it at the firewall.

* UNIX firewalls such as iptables can define a rule that IP can only be accessed once in 1S, which is also a good method.

In a word, DoS is a powerful technology. If you are interested in it, I hope it will be your motivation to learn TCP/IP protocol, not a tool for revenge.

Another explanation of DOS is disk operating system, that is, disk operating system.

Concept-Disk Operating System

1. 1 What is DOS?

DOS (Disk Operating System) is the name of an operating system, which mainly includes shell(command.com) and IO interface (io.sys).

Shell is the shell of dos, which is responsible for translating the commands input by users into languages that the operating system can understand.

IO interface of DOS usually implements a set of interrupts based on int 21h.

At present, the commonly used DOS are: MS-DOS PC-DOS, FreeDOS, ROM-DOS and so on.

Introduction to 1.2MS-DOS

The popular Windows9x system is based on MS-DOS.

Since the DOS of 198 1 came out, its version has been constantly updated. From the initial DOS 1.0 to the latest DOS8.0(Windows ME system), the highest version of pure DOS is DOS6.22. Since then, all new versions of DOS have been provided by Windows systems and do not exist alone.

DOS is divided into two parts: the kernel startup program and the command program.

The core boot program of DOS includes boot system boot program, IO. SYS，MSDOS。 SYS and COMMAND.COM. They are the most basic part of DOS system, and they can be used to start the system.

However, it is not enough to have a startup program. As a character-based operating system, DOS is generally operated by commands. DOS commands are divided into internal commands and external commands. Internal commands are commonly used command programs that don't take up too much space, such as dir and cd, which exist in COMMAND.COM files and will be loaded into memory when the system starts, making it easy to call. Other external commands exist as separate executable files and are only transferred to memory when used.

The advantage of DOS is its high speed. Skilled users can complete some tedious tasks by creating BAT or CMD batch files, and even make some small programs through some judgment commands (IF, |). So even under XP, CMD is still the favorite of experts.

1.3 Brief Introduction to Fat (32)

FAT or FAT32 file system consists of file allocation table and data area. The file allocation table is like a dictionary directory, which records the physical addresses of files in the data area. Because WINDOWS is a multitasking operating system, multiple files are written to the disk at the same time. So your files are not neatly stored on the disk, but randomly distributed like pearls. The string of these pearls is the file allocation table!

So when we query files, we are actually looking up the file allocation table, and when we delete files, we also delete them on the file allocation table. It is not surprising that files that have been "completely" deleted can be recovered. It is logical that deleting or moving files on the same disk is faster than copying files.

FAT/FAT32 stores files in DOS in 8.3 format, that is, the file name is 8 characters at most and the extension is 3 characters at most. The extension is the file type, such as. TXT is an ASCII encoded text file. If this is the file name: asdfghjk.lkj.hgfd, how does DOS display it? The answer is: asdf~ 1.gfd! Smart you should find a pattern.

Note: FAT(32) and NTFS are case-insensitive.

How to operate the disk operating system

Common commands of 1. 1 MS-DOS:

1, disk operation

The fdisk parameter /mbr rebuilds the master boot record EXP:fdisk /mbr rebuilds the master boot record (the recovery wizard can wash it off).

Format parameter: /q quick format /u unrecoverable /autotest does not prompt /s to create MS-DOS boot disk EXP:format c: /q /u /autotest.

Automatic quick format drive c (danger! ! ! )

2. Directory operation

DIR[ directory name or file name] [/S][/W][/P][/A] List directory parameters: /S Find subdirectories /W Show only file names /P Pagination /A Show hidden files exp: dir format.exe/s Find the format.exe file of this disk and report its location.

Cd [directory name] PS: You can use relative directory or absolute directory to enter the directory exp:CD AA to enter the AA directory under the current folder, CD ... to enter the previous folder cd \ to return to the root directory; Cd c:\windows enters the c:\windows folder.

MKDIR [directory name] creates a directory EXP:MKDIR HELLOWORLD creates a HELLOWORLD directory.

3. File operation

Del[ directory name or file name] [/f][/s][/q] Delete parameters: /f Delete read-only file /s Delete this directory and all its contents /q Do not confirm before deleting.

Exp: del c:\del /s /q automatically delete the del directory of drive C.

Copy[ source file or directory] [target directory] copy file exp: copy d: \ pwin98 \ *. * c: \ presetup copies all files of pwin98 on disk D to presetup on disk C.

Step 4 store waterfalls

Debug debug memory parameter -w[ file name] is written into binary file -o[ address 1][ address 2] output memory -q exit exp:o 70 10[ return] o 7 1 0 1.

[return] 0 1 [return] q [return] Change the memory from 70 to 7 1 to 01to clear the password of the AWARDbios. Debug can also crack the hard disk protection card, but it can only be used in pure DOS.