Monday, August 05, 2013

Hack Addministrative pass

 Hack Addministrative pass


This is a short and effective way to recovery your Windows Login password without knowing the previous password. This trick works only in case you are already logged into Windows and you have all the administrative privileges. So here we go:
1.Open Command prompt
START>RUN
Type in; cmd

How to Use any Sim in any Modem without Unlocking it


How to Use any Sim in any Modem without Unlocking it



Things we need for this
1) Nokia PC Suite
2) Modem or USB 3G Dongle

---Let us get started with the article, and follow the below steps neatly


Thursday, August 01, 2013

Cool Notepade Tricks

 Test Your Antivirus

Want to test your antivirus that is it effective or not,Don’t worry you can solve this by using one of the Notepad Tricks.Just Follow the steps written below to get the answer.
  • Open Notepad
  • Copy and paste this In your notepad.
[Download]X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*[/Download]
  • Save with an .exe extension like testingvirus.exe
As soon as you save this file your Antivirus will detect it and will ask for removal,if your Antivirus detects it then it’s all right but if not then you need to change your Antivirus.

Monday, July 01, 2013

Mobile Bluetooth Hacking:

Here is a list of what you can do when you have hacked the other phone. Have Fun!
  • Read Messages. (They are no more personal!)
  • Read Contacts. (Check your lover’s phonebook to see what name he/she has saved your name. Hey, please don’t suicide when you see he/she has saved your number as lover no. 9! HeHe)
  • Change Profile (Change the other’s profile to silent mode when you are on a date!)
  • Play Ringtone even if the phone is silent (Annoy your classmates!)
  • Play songs from the hacked phone in the same phone.
  • Restart the phone (Show some magic to your friends!)
  • Switch off the phone (Ultimate thing that you can do!)
  • Restore Factory Settings (Do this to the most organized one and run away quickly!)
  • Change Ringing Volume (You have enough experience how to use it. Don’t you?)




Follow these steps to hack any Bluetooth enabled mobile phone.
  1. Download Super Bluetooth Hack 1.8 and also check that your mobile is in the list of supported handsets from the link provided. After you have downloaded the .jar file, install it in your mobile.
  2. There is no need to install the software in the mobile which you want to hack.
  3. Turn on the Bluetooth of your handset and open the Super Bluetooth Hack Application.
  4. Select the connect option and then Inquiry Devices to search for any of mobile that has its Bluetooth turned on nearby.
  5. Your friend’s Bluetooth must also be turned on to be found. Pairing between the devices is also necessary sometimes.
  6. Once your friend’s phone has been found, try out its functions!

Friday, June 28, 2013

Make inernational call at local rates


Hey Guys,If Your Friends or any Family Members are live in a Other Country.
than you daily call them.The International call rates are high.So Here
I Suggest you to that Use EvaPhone That Website provide you to
Make a Call International at Local Rates.



You Just Sign Up On that Website and Get the First Call free.This Website
are Easy to use.So,Use Evaphone and Make Call in Local Rates.


Airtel Reduce Call Rate




Hi Friends,Now Here I Post new Trick for airtel to reduce call rates.By using this trick you get call rate Airtel to Airtel 10paisa and Other 30paisa.
This Trick is 100% Working in all states.So,Read Below Steps for Reducing
Call Rates.


-------------------------
Follow These Steps :-
-------------------------

Step 1 :- You have to Send a sms for MNP (Mobile Number portability).

Send PORT to 1900

Like :- PORT 8511610107 to 1900

Step 2 :- You will get confirmation message for your request.

Step 3 :- After that you will get a call from airtel customer care executive in     24 hrs.It will take longer some times 2 or 3 days.

Step 4 :He/she will ask you the reason for the portability.You have to tell them any reason like “airtel call rates are so expensive,I want to change my Prepaid card ” .

Whatever the reason it is.You have to make him/her that you really want to change service provider.

Step 5: Now He/she will offer you the call reducing pack for free .This pack will reduce call rates Airtel to airtel 10ps and airtel to other 30paisa.

Step 6 :Now tell him/her that If you are offering such a good offer i am not going to migrate.

Step 7 :After that customer care executive will activate that offer on your airtel number.Now Enjoy the Free Reduced call rates For 90 Days !!

If You Like this Post Than please share it with your friends.

Call anyone to anyone number

Today we are going to learn how to hide your number or appearing any CallerID you wish and call anyone in the world. This trick helps you to call anyone in the world by hiding your number or appearing any CallerID you wish. Yes! in this trick you can change your CallerID you wish and call anyone.
Things you will need:
1.A mobile phone.
2. and a brain to follow the steps correctly.

Procedure:
Step1: Go to www.crazycall.net
Step2: Select your country
Step3: Enter The number that you want to appear on your friends phone when he receives the call. 
Eg: 9999999999

anonymous-calling


Step4: Enter The number of the friend you want to fool or prank.Eg: 9014567335
Step5: If you want you can change your voice to low, normal, High pitch.
Step6: Now click the button GET ME THE CODE
Step7: You will get a phone number and a code as shown below

anonymous-calling

Step8: Now call to the number which you got from your mobile phone and you will ask to enter the code. Enter the code and after 2 seconds it will connect to the friend you want to fool or prank.
That's It Enjoy calling Anonymous.
Note: At present this service charges Rs.10 per minute. So keep this in mind and call .

Call Your Friend With His Number






Last year in March, early morning I got a miscall,
and when I see the number I was shocked to see that the number which was
displaying on screen is my own number. Quickly i contact customer care and again after
 taking at least 23 minutes they replied ―Sorry Sir it is impossible to get any call
from your own number‖.


Then finally I open my laptop and start searching that how can it be possible to get a call
from own number, after a while I come to learn that it is possible.


A website can help you to do this, here is the full tutorial how it can be done.


1. Go to http://www.mobivox.com and register there for free account.


2. During registration, remember to insert Victim mobile number in "Phone number" field.
3. Complete registration and confirm your email id and then login to your account.
Click on "Direct Web Call".

4. You will arrive at page shown below. In "Enter a number" box,
select your country and also any mobile number (you can enter yours).
Now, simply hit on "Call Now" button to call your friend with his own number.

5. Bingo!! That‘s It Now Your Friend Will Shocked To see his/her number
displaying on their screen.

Sunday, March 31, 2013

Saving YouTube Videos from Cache to any browser


Step 1: Go to YouTube and play the video you want to download.
Step 2: After the video has loaded, open a new tab (Ctrl + T) or a new Firefox window and type
about:cache
in the address bar.
Copy the location of the Cache Directory. (It’s different for everyone)
like
about:cache
Step 3: Open the Run dialog box (Start -> Run), paste the path of the Cache Directory (Ctrl + V), and press enter. You’ll now see a list of files with weird names 
Step 4: Sort the files according to their size.  u can select that size from your flash player. The biggest file is most probably your video. Usually, the size of a 4-5 minute long video is around 10 MB.
Step 5: After you locate the largest file, copy it to some folder on your computer and give it an extension – .flv
now u can watch it.
second method: just install internet download manager nand just play you tube video the idm cache automatically download adddrres and u can download it
share it cmnt on it.
Thanks...............!!!!!!!!!!!!!!!!!!

Setting a Background Image for your Pen Drive in 2 Simple Steps


Create a desktop.ini file in your Pen Drive (folder) and ya copy the following into it.
[{BE098140-A513-11D0-A3A4-00C04FD706EC}]
IconArea_Image=bg.jpg
IconArea_Text=0×00000000
2. Put your background picture into your drive (folder) and modify IconArea_Image suitably.
For example, if the name of your image is, say, wallpaper.jpg, then you need to replace
IconArea_Image=bg.jpg
by
IconArea_Image=wallpaper.jpg
It’s not necessary that your image should be a JPEG. You can apply this for most of the popular image formats. For example, if you want a gradient.png as your background, then
Replace
IconArea_Image=bg.jpg
with this
IconArea_Image=gradient.png
You can also modify the Icon’s font color by giving the hex code corresponding to the color you want.
To give a white color to the icon text, replace
IconArea_Text=0x00000000
with
IconArea_Text=0x00FFFFFF
You can also use any other color by replacing the last 6 zeroes by the corresponding color codes.
3. Change the attributes of desktop.ini and the image to hidden. You can do this by selecting the files (desktop.ini and the image file), Right-click -> Properties, and under the Attributes section, enable Hidden. This is not necessary, but it’ll help you impress your friends more
now u refresh n see result.
hey it oes  do cmnt.
Thnks

Friday, March 22, 2013

Reset cmos password


  • Here's a DOS trick for Windows 9x, that will reset (delete) your motherboard's BIOS password (aka CMOS password) without any need to open up your computer to remove the battery or mess with jumpers.

This method can come in very handy in the event you ever lose and forget your BIOS password or if you acquire used computers where the unknown previous owners had BIOS passwords set. It's important to note here that the password we are talking about is only the one that prevents a user from entering the BIOS setup at bootup, not the one that stops you from getting past the boot.

Normally, at bootup you can press a key (usually the DEL key) to access your BIOS allowing you to view it or make changes. With a password set, there is no way to enter setup. Though a password can provide a basic and very effective level of PC security, losing it can be a real headache if you don't know how to fix the problem.

The MS-DOS command that will makes this trick possible is the DEBUG command (debug itself is a utility—debug.exe—which is located in your Windows Command folder). This is not a command to be taken lightly—in other words, it's not a command to play with! You can cause serious corruption with this command and can end up not being able to even boot your computer! Debug is used to work with binary and executable files and allows you to alter (hex edit) the contents of a file or CPU register right down to the binary and byte level.

To begin debug mode, type debug at a MS-DOS prompt or you can specify a file, i.e., DEBUG FILE.EXE. There is a difference in screen output between the two methods. When you type DEBUG alone, debug responds with a hyphen (-) prompt waiting for you to enter commands. The second method, with a file specified, loads the file into memory and you type all the commands on the line used to start debug. In this tip, we will be writing to the BIOS, so the first method is the one that would be used. All debug commands can be aborted at any time by pressing CTRL/C
Accessing BIOS with DEBUG
The basic trick will be to fool the BIOS into thinking there is a checksum error, in which case it resets itself, including the password. This is done by invalidating the CMOS and to do that we must know how to access the BIOS and where the checksum value of the CMOS is located so that we can change it. Access to the the BIOS content is via what are known as CMOS Ports and it's Port 70 and 71 that will give us the needed access. On almost all AT motherboards, the checksum is located at hexadecimal address 2e and 2f and filling the address 2e with ff is all you should have to do to invalidate the checksum.

Here's what to do if you ever need to reset the password and have no other method, and you don't want to open up your computer to remove the battery or jumpers.

Note! Do this at your own risk. I can only tell you that it has worked for me more than once and has worked for others as well. But I cannot make any guarantees. When I did this, I took a willing risk. The BIOS was Award Modular BIOS v4.51PG

Restart your computer in MS-DOS mode.


When you get to the C:\> or C:\WINDOWS> prompt, type DEBUG and press Enter.


A hyphen (-) prompt will appear waiting for you to enter commands.


Enter the following commands, pressing Enter after each one. Note: the o is the letter o and stands for OUTPUT.


o 70 2e


o 71 ff


q


After the q command (which stands for QUIT), enter Exit.


Then try to enter your BIOS at bootup. The password prompt should now be gone and you should now have full access to it again. However, you will now be at the default BIOS settings and may want to change them to your preference. You may also want to have your drives auto detected again.
In closing, I should state that in the case of a lost BIOS password, your first step should always be to contact your manufacturer to see if a back door password is available that will allow you to bypass the forgotten password bt dnt give those more than 3 times!

Create exucuyable file


  • Many of u might be knowing this but still newbies can learn something from this


How to make an executable file?
when it is in .exe form no one will be able to change look or modify the code (note:it will make it to a self extraction thing but it will still act like a exe)

This is how you make it to a .exe

goto to start run and type iexpress


STEP BY STEP ON HOW TO USE IT
click create new self extraction then next

click extract files and run an installation command and click next


type what you want to name the files (ex. hello,virus,fake game hack) then click next

click no prompt then next

license agreement unless you want to put one click do not display license

package files(most important) click add then choose your .bat file(also does .vbs files) then click next

under install program choose your .bat or .vbs file and click next(don't worry about the other one)

show window pick one and click next

finished message pick one and click next

click browse and type the name of it and save to desktop or C: then next

configure restart just click no restart and then next

just click don't save then next

their click next and watchyour file change into something better

when its done click finish and check out your new file.

-----------******------------

PROTECT YOUR pc from hAcKErS


Follow These Simple Guidelines n chances of hacking uy pc less(for Windows OS)
1. Stop using Internet Explorer and make the switch to Opera, it's more secure, plain and simple. 
2. Get Spybot Search and Destroy or Spyware Doctor and immediately update it.
3. Get Adaware SE and immediately update it. 
(Use both as a 1-2 punch on infected client computers and between the two there's not much they won't kill) 
4. Update your anti virus 
5. Boot into safe mode and run all three scans 
6. While the scans are going check your registry (Click start --> Run and type regedit to get intot he registry) and look in HKEY_CurrentUser/software/microsoft/windows/currentversion/run & HKEY_Local_Machine/software/microsoft/windows/currentversion/run. Verify that all programs listed are legitimate and wanted. 
7. If or when your antivirus scan comes across anything, search for that file name in your registry and delete it
8. Use explorer to go to the windows/system32 folder and sort by date. If you haven't already done so, make sure you can see the entire file names. click Tools --> Folder Options and unclick the box labeled "Hide extensions for known file types" and under Hidden files and folders click "Show hidden files and folders." However, make sure you choose "Hide protected operating system files" so you don't accidentally remove anything that would cripple your computer.. You are looking for recent files with names ending with .exe and .dll that look suspicious. Major culprits will have gibberish names such as alkjdlkjfa.exe. 
9. Once you can get clean scans in safe mode, reboot in normal mode and scan all over again. If you can't get a clean scan in regular mode then you have something more persistant that could take more research. 
10. Make sure your firewall doesn't have strange exceptions. 
11. If you suspect anything that is going wrong with your computer is the action of a stalker, on a more secure system change all your passwords. 
12. If your system has been specifically targeted and hacked you can never be 100% sure that your system is no longer compromised so start with 11, make backups of personal files on the infected system and format and re-install Windows.

Wednesday, March 20, 2013

Open Source Softwares


http://openit.biteus.org/wp-content/uploads/2007/11/osi.png
Open source software (OSS) began as a marketing campaign for free software.OSS can be defined as computer software for which the human-readable source code is made available under a copyright license (or arrangement such as the public domain) that meets the Open Source Definition. This permits users to use, change, and improve the software, and to redistribute it in modified or unmodified form. It is very often developed in a public, collaborative manner. Open source software is the most prominent example of open source development and often compared to user generated content.
Open Source Softwares have following main advantages:
#Users should be treated as co-developers
#Early releases
The first version of the software should be released as early as possible so as to increase one’s chances of finding co-developers early.
#Frequent integration
New code should be integrated as often as possible so as to avoid the overhead of fixing a large number of bugs at the end of the project life cycle. Some open source projects have nightly builds where integration is done automatically on a daily basis.
#Several versions
There should be at least two versions of the software. There should be a buggier version with more features and a more stable version with fewer features. The buggy version (also called the development version) is for users who want the immediate use of the latest features, and are willing to accept the risk of using code that is not yet thoroughly tested. The users can then act as co-developers, reporting bugs and providing bug fixes.
#High modularization
The general structure of the software should be modular allowing for parallel development.
#Dynamic decision making structure
There is a need for a decision making structure, whether formal or informal, that makes strategic decisions depending on changing user requirements and other factors. Cf. Extreme programming.
Most well known OSS products include projects such as Linux, Firefox, Apache, the GNU Compiler Collection, and Perl to mention a few.
Linux kernel comes up with many distributions so we can download it through the distribution’s site such as http://www.fedoraproject.org
PHP: PHP hypertext pre-processor can be downloaded from www.php.net/downloads.php
Apache: One of the most famous HTTP server http://httpd.apache.org/download.cgi
Mozilla Firefox, The most commonly used and best Explorer http://www.getfirefox.com
Pidgin: A multi-protocol instant messenger formerly known as GAIM http://www.pidgin.im/download/
MySQL: one of the leading database management program http://dev.mysql.com/downloads/

Recovering Linux after Windows Install



It has always been a very common problem among the users when they install Windows after LINUX, The master boot records from the memory are Lost and they are writed for windows only systems, So here is the way to write Master boot records or rather installing grub again so that LINUX gets back to work

1. Boot the Desktop/Live CD.
2. Open a terminal (Applications -> Accessories -> Terminal)
3. Start grub as root with the following command :
* sudo grub
4. You will get a grub prompt (see below) which we will use to find the root partition and install grub to the MBR (hd0,0)
* [ Minimal BASH-like line editing is supported. For
the first word, TAB lists possible command
completions. Anywhere else TAB lists the possible
completions of a device/filename. ]
grub>
Type the following and press enter:
find /boot/grub/stage1
Using this information, set the root device:
grub> root (hd0,1)
Install Grub:
grub> setup (hd0)
Exit Grub:
grub> quit
5. Reboot (to hard drive). Grub should be installed and both Ubuntu and Windows should have been automatically detected.
6. If, after installing grub, Windows will not boot you may need to edit /boot/grub/menu.lst (That is a small “L” and not the number 1 in menu.lst)
* Open a terminal and enter :
gksu gedit /boot/grub/menu.lst
Or, in Kubuntu:
kdesu kate /boot/grub/menu.lst
Your Windows stanza should look something like this :
title Windows XP/Vista # You can use any title you wish, this will appear on your grub boot menu
rootnoverify (hd0,0) #(hd0,0) will be most common, you may need to adjust accordingly
makeactive
chainloader +1

Resetting Root Authorization in Linux and Prevention



The root authentications can be reset to NULL value from the following method.
Do not use this information for committing cyber crimes.
AT Grub Loader.
highlight the desired kernel which you want to boot ‘fedora core fc9′
press ‘e’ to edit the run levels and other options
then the second menu arrives as ..
(hd0,1)
rhgb quiethighlight the part with quiet and then again press ‘e’
now you will get a prompt to edit the command …
add 1 as
rhgb quiet 1
space is must…
then press enter
and then press ‘b’ to boot
you will be booted and awarded with a root console….
root@machine#
root@machine#passwd
change the password of root>
Enter New password>
Retype password>
all pasword tokens authenticated….
root@machine#reboot
Explaination:
By editing the grub we edit the kelrnel line from where the OS will get booted. in doing so FC or any other distro it boots the Os kernel with the runlevel one.
In doing so it repairs the the filesystem and reinstalls the users and makes the default value of each password to NULL.
this can be prevented by editing the runlevel from restting the passwd. just add a # to the line of passwd in /boot/boot.conf under the heading of runlevel one.
then you may add the numbers such a 1, 2, 3 to have different run levels.
2 will open in text mode.
suppose you have various kernels on your system then /etc/grub.conf will show
title Fedora Core (2.6.12-1.1398_FC4)
root (hd0,0)
kernel /vmlinuz-2.6.12-1.1398_FC8 ro root=LABEL=/1 rhgb quiet
initrd /initrd-2.6.12-1.1398_FC8.img
title Fedora Core (2.6.12-1.1390_FC8)
root (hd0,0)
kernel /vmlinuz-2.6.12-1.1390_FC8 ro root=LABEL=/1 rhgb quiet
initrd /initrd-2.6.12-1.1390_FC8.img
title Fedora Core (2.6.12-1.1387_FC8)
root (hd0,0)
kernel /vmlinuz-2.6.12-1.1387_FC4 ro root=LABEL=/1 rhgb quiet
initrd /initrd-2.6.12-1.1387_FC4.img
title Fedora Core (2.6.11-1.1369_FC8)
root (hd0,0)
you may chnge the preference and remove the hash from password protected grub and edit the password value.
Prevention:
The above method for resetting the password value can be prevented by using a password protection over grub.
This can be done via terminal,
login as Super user by su -
and then type grub-md5-crypt
you will then be prompted to type password, retype when asked. Then copy the MD5 hash which is generated for the grub.
now open /etc/grub.conf
Locate hiddenmenu
now below this write : password –md5
Now whenever you enter the grub screen it will not edit the kernel line, unless you provide the correct password.
You can also prevent the boot of certain kernel by changing the place from below of “hiddenmenu” to above of the desired kernel.
Hope you enjoyed the post.

Some linux commands


Starting & Stopping

shutdown -h now Shutdown the system now and do not
reboot
halt Stop all processes – same as above
shutdown -r 5 Shutdown the system in 5 minutes and
reboot

shutdown -r
 now Shutdown the system now and reboot
reboot Stop all processes and then reboot – same
as above
startx Start the X system

Accessing & mounting file systems

mount -t iso9660 /dev/cdrom/mnt/cdrom Mount the device cdrom and call it cdrom under the /mnt directory
mount -t msdos /dev/hdd/mnt/ddrive Mount hard disk “d” as a msdos file system and call it ddrive under the /mnt directory
mount -t vfat /dev/hda1/mnt/cdrive Mount hard disk “a” as a VFAT file system and call it cdrive under the /mnt directory
umount /mnt/cdrom Unmount the cdrom

Finding files and text within files

find / -name fname Starting with the root directory, look for the file called fname
find / -name ”*fname*” Starting with the root directory, look for the file containing the string fname
locate missingfilename Find a file called missingfilename using the locate command – this assumes you have already used the command updatedb
updatedb Create or update the database of files on all file systems attached to the linux root directory
which missingfilename Show the subdirectory containing the executable file called missingfilename
grep textstringtofind/dir Starting with the directory called dir , look for and list all files containing textstringtofind

The X Window System

xvidtune Run the X graphics tuning utility
XF86Setup Run the X configuration menu with automatic probing of graphics cards
Xconfigurator Run another X configuration menu with automatic probing of graphics cards
xf86config Run a text based X configuration menu

Moving, copying, deleting & viewing files

ls -l List files in current directory using long format
ls -F List files in current directory and indicate the file type
ls -laC List all files in current directory in long format and display in columns
rm name Remove a file or directory called name
rm -rf name Kill off an entire directory and all it’s includes files and subdirectories
cp filename/home/dirname Copy the file called filename to the /home/dirname directory
mv filename/home/dirname Move the file called filename to the /home/dirname directory
cat filetoview Display the file called filetoview
man -k keyword Display man pages containing keyword
more filetoview Display the file called filetoview one page at a time, proceed to next page using the spacebar
head filetoview Display the first 10 lines of the file called filetoview
head -20 filetoview Display the first 20 lines of the file called filetoview
tail filetoview Display the last 10 lines of the file called filetoview
tail -20 filetoview Display the last 20 lines of the file called filetoview

Installing software

rpm -ihv name.rpm Install the rpm package called name
rpm -Uhv name.rpm Upgrade the rpm package called name
rpm -e package Delete the rpm package called package
rpm -l package List the files in the package called package
rpm -ql package List the files and state the installed version of the package called package
rpm -i –force package Reinstall the rpm package called name having deleted parts of it (not deleting using rpm -e)
tar -zxvf archive.tar.gz or tar -zxvf archive.tgz Decompress the files contained in the zipped and tarred archive called archive
./configure Execute the script preparing the installed files for compiling

User Administration

adduser accountname Create a new user call accountname
passwd accountname Give accountname a new password
su Log in as superuser from current login
exit Stop being superuser and revert tonormal user

X Shortcuts – (mainly for Redhat)

Control|Alt + or - Increase or decrease the screen resolution. eg. from 640×480 to 800×600
Alt | escape Display list of active windows
Shift|Control F8 Resize the selected window
Right click on desktop background Display menu
Shift|Control Altr Refresh the screen
Shift|Control Altx Start an xterm session

Printing

/etc/rc.d/init.d/lpd start Start the print daemon
/etc/rc.d/init.d/lpd stop Stop the print daemon
/etc/rc.d/init.d/lpd status Display status of the print daemon
lpq Display jobs in print queue
lprm Remove jobs from queue
lpr Print a file
lpc Printer control tool
man subject | lpr Print the manual page called subject as plain text
man -t subject | lpr Print the manual page called subject as Postscript output
printtool Start X printer setup interface

Some More

ifconfig List ip addresses for all devices on the machine
apropos subject List manual pages for subject
usermount Executes graphical application for mounting and unmounting file systems

Restoring lost partitions using Ubuntu live CD



FAQ: How do I restore my lost partition table? I accidentally deleted my partition table, how do I recover my data? How to recover deleted partitions and data in them? Recover data from deleted drives.
WARNING: If you’ve formatted and/or added new data to the drive, or carried on with an OS installation, chances of recovery are very less.
Most people end up deleting their partition table while they try to install a new OS for the first time, I personally know a couple of them who ended up deleting their partition table while they tried to install Linux for the first time, (more on that later), Now what I am going to introduce to you a tiny tool called “gpart”which will help you restore your deleted partition table.
Things you’ll need.


  1. An Ubuntu or similar, live CD (actually any Linux live CD / USB will do, but I am demonstrating here using Ubuntu 9.04 (Jaunty Jackalope)
  2. A working internet connection or this file (35.8 KiB)
  3. Patience!
Here is the step by step procedure for restoring your lost partition table, and hence your lost data
  1. Boot using your live cd, I am using Ubuntu 9.04, Jackalope here.
  2. You will need this file (35.8 KiB), or if you’re using another version of Ubuntu or a different Linux distro, the name of the package you need is gpart.
  3. You can install these packages using apt-get as well, from the terminal, if you have a working internet connection, here is the procedure for that
  • Open the repository file by typing the following at the terminal :
  • sudo gedit /etc/apt/sources.list
  • Add the following line to it :
  • deb http://archive.ubuntu.com/ubuntu gutsy main restricted universe
  • Install gpart by typing the following commands in the terminal :
  • sudo apt-get update
  • sudo apt-get install gpart
  1. Once you’ve downloaded and installed it, (it’s a binary file, just double click and go)
  2. Open up terminal from the applications menu at the top
  3. And type in the following command to detect the lost partitions : sudo gpart /dev/sda [This might take some time]
  4. This command assume that the drive is detected as /dev/sda if this is the only drive you’ve got, 99% chances are that it will be detected like this, otherwise change the /dev/sda parameter accordingly.
  5. This command will output the detected partitions that might have been lost due to some reasons, if they’re correct, and then this partition table needs to be written to the disk, use the following command for it.
  6. sudo gpart /dev/sda -W /dev/sda
After the partition table has been successfully written [after considerable time], you will be asked to restart the computer, if everything goes well, you will be presented with your lost partition table and data on the next restart!
Now, if you’re using terminal for everything, here is a short-cut.
  • ubuntu@ubuntu:~$ sudo gedit /etc/apt/sources.list[You will have to add the following line to the end of the file that is opened: deb http://archive.ubuntu.com/ubuntu gutsy main restricted universe, save and close this file.]
  • ubuntu@ubuntu:~$ sudo apt-get update
  • ubuntu@ubuntu:~$ sudo apt-get install gpart
  • ubuntu@ubuntu:~$ sudo gpart /dev/sda
    [you will have to verify if the detected partition data is correct before proceeding, this command is supposed to take some time]
  • ubuntu@ubuntu:~$ sudo gpart /dev/sda -W sudo gpart /dev/sda
    [Restart if this command is completed successfully, This command may take considerable time
This post was originally published at tuespeaks.co.cc by phoenix@tuespeaks.co.cc

DDoS Attacks and DDoS Defense Mechanisms


 

Introduction
Distributed denial-of-service attacks (DDoS) pose an immense threat to the Internet, and consequently many defense mechanisms have been proposed to combat them. Attackers constantly modify their tools to bypass these security systems, and researchers in turn modify their approaches to handle new attacks.The DDoS field is evolving quickly, and it is becoming increasingly hard to grasp a global view of the problem.
DDoS Attack Overview
A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. A distributed denial-of-service attack deploys multiple machines to attain this goal. The service is denied by sending a stream of packets to a victim that either consumes some key resource, thus rendering it unavailable to legitimate clients, or provides the attacker with unlimited access to the victim machine so he can inflict arbitrary damage. This section will answer the following questions:
1. What makes DDoS attacks possible?
2. How do these attacks occur?
3. Why do they occur?
Internet Architecture
The Internet is managed in a distributed manner; therefore no common policy can be enforced among its participants.Such design opens several security issues that provide opportunities for distributed denial-of-service attacks:
1. Internet security is highly interdependent. DDoS attacks are commonly launched from systems that are subverted through security related compromises. Regardless of how well secured the victim system may be, its susceptibility to DDoS attacks depends on the state of security in the rest of the global Internet.
2. Internet resource is limited. Each Internet host has limited resources that can be consumed by a sufficient number of users.
3. Power of many is greater than power of few. Coordinated and simultaneous malicious actions by some participants can always be detrimental to others, if the resources of the attackers are greater than the resources of the victims.
4. Intelligence and resources are not collocated an end-to-end communication paradigm led to locating most of the intelligence needed for service guarantees with end hosts. At the same time, a desire for large throughput led to the design of high bandwidth pathways in the intermediate network. Thus, malicious clients can misuse the abundant resources of unwitting network for delivery of numerous messages to a victim.
DDoS Attack Strategy
In order to perform a distributed denial-of-service attack, the attacker needs to recruit the multiple agent (slave) machines. This process is usually performed automatically through scanning of remote machines, looking for security holes that would enable subversion. Vulnerable machines are then exploited by using the discovered vulnerability to gain access to the machine, and they are infected with the attack code. The exploit/infection phase is also automated, and the infected machines can be used for further recruitment of new agents .Agent machines perform the attack against the victim. Attackers usually hide the identity of the agent machines during the attack through spoofing of the source address field in packets. The agent machines can thus be reused for future attacks.
DDoS Goals
The goal of a DDoS attack is to inflict damage on the victim, either for personal reasons (a significant number of DDoS attacks are against home computers, presumably for purposes of revenge), for material gain (damaging competitor’s resources) or for popularity (successful attacks on popular Web servers gain the respect of the hacker community).
Taxonomy of DDoS Attacks
In order to devise a taxonomy of distributed denialof- service attacks we observe the means used to prepare and perform the attack, the characteristics of the attack itself and the effect it has on the victim. Various classification criteria are indicated in bold type. Figure 1 summarizes the taxonomy.
Classification by Degree of Automation
During the attack preparation, the attacker needs to locate prospective agent machines and infect them with the attack code. Based on the degree of automation of the attack, we differentiate between manual, semi-automatic and automatic DDoS attacks.
Manual Attacks
Only the early DDoS attacks belonged to the manual category. The attacker scanned remote machines for vulnerabilities, broke into them and installed the attack code, and then commanded the onset of the attack. All of these actions were soon automated, leading to development of semiautomatic DDoS attacks, the category where most contemporary attacks belong.
Semi-Automatic Attacks
In semi-automatic attacks, the DDoS network consists of handler (master) and agent (slave, daemon) machines. The attacker deploys automated scripts for scanning and compromise of those machines and installation of the attack code. He then uses handler machines to specify the attack type and the victim’s address and to command the onset of the attack to agents, who send packets to the victim. Based on the communication mechanism deployed between agent and handler machines we divide semi-automatic attacks into attacks with direct communication and attacks with indirect communication.
Attacks with direct communication
During attacks with direct communication, the agent and handler machines need to know each other’s identity in order to communicate. This is achieved by hard-coding the IP address of the handler machines in the attack code that is later installed on the agent. Each agent then reports its readiness to the handlers, who store its IP address in a file for later communication. The obvious drawback of this approach is that discovery of one compromised machine can expose the whole DDoS network. Also, since agents and handlers listen to network connections, they are identifiable by network scanners.
Attacks with indirect communication
Attacks with indirect communication deploy a level of indirection to increase the survivability of a DDoS network.Recent attacks provide the example of using IRC channels for agent/handler communication. The use of IRC services replaces the function of a handler, since the IRC channel offers sufficient anonymity to the attacker. Since DDoS agents establish outbound connections to a standard service port used by a legitimate network service, agent communications to the control point may not be easily differentiated from legitimate network traffic. The agents do not incorporate a listening port that is easily detectable with network scanners. An attacker controls the agents using IRC communications channels. Thus, discovery of a single agent may lead no further than the identification of one or more IRC servers and channel names used by the DDoS network. From there, identification of the DDoS network depends on the ability to track agents currently connected to the IRC server. Although the IRC service is the only current example of indirect communication, there is nothing to prevent attackers from subverting other legitimate services for similar purposes.
Automatic Attacks
Automatic DDoS attacks additionally automate the attack phase, thus avoiding the need for communication between attacker and agent machines. The time of the onset of the attack,
attack type, duration and victim’s address is preprogrammed in the attack code. It is obvious that such deployment mechanisms offer minimal exposure to the attacker, since he is only involved in issuing a single command – the start of the attack script. The hard coded attack specification suggests a single-purpose use of the DDoS network. However, the propagation mechanisms usually leave the backdoor to the compromised DDoS machine open, enabling easy future access and modification of the attack code. Both semi-automatic and automatic attacks recruit the agent machines by deploying automatic scanning and propagation techniques. Based on the scanning strategy, we differentiate between attacks that deploy random scanning, hit list scanning, topological scanning, permutation scanning and local subnet scanning. Attackers usually combine the scanning and exploitation phases, thus gaining a larger agent population, and my description of scanning techniques relates to this model.
Attacks with Random Scanning
During random scanning each compromised host probes random addresses in the IP address space, using a different seed. This potentially creates a high traffic volume since many machines probe the same addresses. Code Red (CRv2) performed random scanning .
Attacks with Hitlist Scanning
A machine performing hitlist scanning probes all addresses from an externally supplied list. When it detects the vulnerable machine, it sends one half of the initial hitlist to the recipient and keeps the other half. This technique allows for great propagation speed (due to exponential spread) and no collisions during the scanning phase. An attack deploying hitlist scanning could obtain the list from netscan.org of domains that still support directed IP broadcast and can thus be used for a Smurf attack.
Attacks with Topological Scanning
Topological scanning uses the information on the compromised host to select new targets. All mail worms use topological scanning, exploiting the information from address books for their spread.
Attacks with Permutation Scanning
During permutation scanning, all compromised machines share a common pseudo-random permutation of the IP address space; each IP address is mapped to an index in this permutation. A machine begins scanning by using the index computed from its IP address as a starting point. Whenever it sees an already infected machine, it chooses a new random start point. This has the effect of providing a semi coordinated, comprehensive scan while maintaining the benefits of random probing. This technique is described in as not yet deployed.
Attacks with Local Subnet Scanning
Local subnet scanning can be added to any of the previously described techniques to preferentially scan for targets that reside on the same subnet as the compromised host. Using this technique, a single copy of the scanning program can compromise many vulnerable machines behind a firewall. Code Red II and Nimda Worm used local subnet scanning. Based on the attack code propagation mechanism, we differentiate between attacks that deploy central source propagation, back-chaining propagation and autonomous propagation .
Attacks with Central Source Propagation
During central source propagation, the attack code resides on a central server or set of servers.
After compromise of the agent machine, the code is downloaded from the central source through a file transfer mechanism. The 1i0n worm operated in this manner.
Attacks with Back-chaining Propagation
During back-chaining propagation, the attack code is downloaded from the machine that was used to exploit the system.The infected machine then becomes the source for the next propagation step. Back-chaining propagation is more survivable than central-source propagation since it avoids a single point of failure. The Ramen worm and Morris Worm used backchaining propagation.
Attacks with Autonomous Propagation
Autonomous propagation avoids the file retrieval step by injecting attack instructions directly into the target host during the exploitation phase. Code Red, Warhol Worm and numerous E-mail worms use autonomous propagation.
Classification by Exploited Vulnerability
Distributed denial-of-service attacks exploit different strategies to deny the service of the victim to its clients. Based on the vulnerability that is targeted during an attack, we differentiate between protocol attacks and brute-force attacks.
Protocol Attacks
Protocol attacks exploit a specific feature or implementation bug of some protocol installed at the victim in order to consume excess amounts of its resources. Examples include the TCP SYN attack, the CGI request attack and the authentication server attack. In the TCP SYN attack, the exploited feature is the allocation of substantial space in a connection queue immediately upon receipt of a TCP SYN request. The attacker initiates multiple connections
that are never completed, thus filling up the connection queue indefinitely. In the CGI request attack, the attacker consumes the CPU time of the victim by issuing multiple CGI requests. In the authentication server attack, the attacker exploits the fact that the signature verification process consumes significantly more resources than bogus signature generation. He sends numerous bogus authentication requests to the server, tying up its resources.
Brute-force Attacks
Brute-force attacks are performed by initiating a vast amount of seemingly legitimate transactions. Since an upstream network can usually deliver higher traffic volume than the victim network can handle, this exhausts the victim’s resources. We further divide brute-force attacks based on the relation of packet contents with victim services into filterable and non-filterable attacks.
Filterable Attacks
Filterable attacks use bogus packets or packets for non-critical services of the victim’s operation, and thus can be filtered by a firewall. Examples of such attacks are a UDP flood attack or an
ICMP request flood attack on a Web server.
Non-filterable Attacks
Non-filterable attacks use packets that request legitimate services from the victim. Thus, filtering all packets that match the attack signature would lead to an immediate denial of the specified service to both attackers and the legitimate clients. Examples are a HTTP request flood targeting a Web server or a DNS request flood targeting a name server. The line between protocol and brute force attacks is thin. Protocol attacks also overwhelm a victim’s resources with excess traffic, and badly designed protocol features at remote hosts are frequently used to perform “reflector” brute-force attacks, such as the DNS request attack or the Smurf attack. The difference is that a victim can mitigate the effect of protocol attacks by modifying the deployed protocols at its site, while it is helpless against brute-force attacks due to their misuse of legitimate services (non-filterable attacks) or due to its own limited resources (a victim can do nothing about an attack that swamps its network bandwidth). Countering protocol attacks by modifying the deployed protocol pushes the corresponding attack mechanism into the brute-force category. For example, if the victim deploys TCP SYN cookies to combat TCP SYN attacks, it will still be vulnerable to TCP SYN attacks that generate more requests than its network can accommodate. However, the brute-force attacks need to generate a much higher volume of attack packets than protocol attacks, to inflict damage at the victim. So by modifying the deployed protocols the victim pushes the vulnerability limit higher. Evidently, classification of the specific attack needs to take into account both the attack mechanisms used and the victim’s configuration. It is interesting to note that the variability of attack packet contents is determined by the exploited vulnerability. Packets comprising protocol and non-filterable brute force attacks must specify some valid header fields and possibly some valid contents. For example TCP SYN attack packets cannot vary the protocol or flag field, and HTTP flood packets must belong to an established TCP connection and therefore cannot spoof source addresses, unless they hijack connections from legitimate clients.
Classification by Attack Rate Dynamics
Depending on the attack rate dynamics we differentiate between continuous rate and variable rate attacks.
Continuous Rate Attacks
The majority of known attacks deploy a continuous rate mechanism. After the onset is commanded, agent machines generate the attack packets with full force. This sudden packet flood disrupts the victim’s services quickly, and thus leads to attack detection.
Variable Rate Attacks
Variable rate attacks are more cautious in their engagement, and they vary the attack rate to avoid detection and response. Based on the rate change mechanism we differentiate between attacks with increasing rate and fluctuating rate
.
Increasing Rate Attacks
Attacks that have a gradually increasing rate lead to a slow exhaustion of victim’s resources. A state change of the victim could be so gradual that its services degrade slowly over a long time period, thus delaying detection of the attack.
Fluctuating Rate Attacks
Attacks that have a fluctuating rate adjust the attack rate based on the victim’s behavior, occasionally relieving the effect to avoid detection. At the extreme end, there is the example of pulsing attacks. During pulsing attacks, agent hosts periodically abort the attack and resume it at a later time. If this behavior is simultaneous for all agents, the victim experiences periodic service disruptions. If, however, agents are divided into groups who coordinate so that one group is always active, then the victim experiences continuous denial of service.
Classification by Impact
Depending on the impact of a DDoS attack on the victim we differentiate between disruptive and degrading attacks.
Disruptive Attacks
The goal of disruptive attacks is to completely deny the victim’s service to its clients. All currently known attacks belong to this category.
Degrading Attacks
The goal of degrading attacks would be to consume some (presumably constant) portion of a victim’s resources. Since these attacks do not lead to total service disruption, they could remain undetected for a significant time period. On the other hand, damage inflicted on the victim could be immense. For example, an attack that effectively ties up 30% of the victim’s resources would lead to denial of service to some percentage of customers during high load periods, and possibly slower average service. Some customers, dissatisfied with the quality, would consequently change their service provider and victim would thus lose income. Alternately, the false load could result in a victim spending money to upgrade its servers and networks.
Taxonomy of DDoS Defense Mechanisms
The seriousness of the DDoS problem and the increased frequency of DDoS attacks have led to the advent of numerous DDoS defense mechanisms. Some of these mechanisms address a specific kind of DDoS attack such as attacks on Web servers or authentication servers. Other approaches attempt to solve the entire generic DDoS problem. Most of the proposed approaches require certain features to achieve their peak performance, and will perform quite differently if deployed in an environment where these requirements are not met.
As is frequently pointed out, there is no “ram ban (means the weapon which never misses the target in hindi)” against DDoS attacks. Therefore we need to understand not only each existing DDoS defense approach, but also how those approaches might be combined together to effectively and completely solve the problem.
Classification by Activity Level
Based on the activity level of DDoS defense mechanisms, we differentiate between preventive and reactive mechanisms.
Preventive Mechanisms
The goal of preventive mechanisms is either to eliminate the possibility of DDoS attacks altogether or to enable potential victims to endure the attack without denying services to legitimate clients. According to these goals we further divide preventive mechanisms into attack prevention and denial-of-service prevention mechanisms.
Attack Prevention Mechanisms
Attack prevention mechanisms modify the system configuration to eliminate the possibility of a DDoS attack. Based on the target they secure, we further divide them into system security and protocol security mechanisms.
System Security Mechanisms
System security mechanisms increase the overall security of the system, guarding against illegitimate accesses to the machine, removing application bugs and updating protocol installations to prevent intrusions and misuse of the system. DDoS attacks owe their power to large numbers of subverted machines that cooperatively generate the attack streams. If these machines were secured, the attackers would lose their army and the DDoS threat would then disappear. On the other hand, systems vulnerable to intrusions can themselves become victims of DDoS attacks in which the attacker, having gained unlimited access to the machine, deletes or alters its contents. Potential victims of DDoS attacks can be easily overwhelmed if they deploy vulnerable protocols. Examples of system security mechanisms include monitored access to the machine, applications that download and install security patches, firewall systems, virus scanners, intrusion detection systems, access lists for critical resources, capability-based systems and client-legitimacy-based systems. The history of computer security suggests that this approach can never be 100% effective, but doing a good job here will certainly decrease the frequency and strength of DDoS attacks.
Protocol Security Mechanisms
Protocol security mechanisms address the problem of bad protocol design. Many protocols contain operations that are cheap for the client but expensive for the server. Such protocols can be misused to exhaust the resources of a server by initiating large numbers of simultaneous transactions. Classic misuse examples are the TCP SYN attack, the authentication server attack, and the fragmented packet attack, in which the attacker bombards the victim with malformed packet fragments forcing it to waste its resources on reassembling attempts. Examples of protocol security mechanisms include guidelines for a safe protocol design in which resources are committed to the client only after sufficient authentication is done , or the client has paid a sufficient price , deployment of powerful proxy server that completes TCP connections , etc. Deploying comprehensive protocol and system security mechanisms can make the victim completely resilient to protocol attacks. Also, these approaches are inherently compatible with and complementary to all other approaches.
Denial-of-service prevention mechanisms enable the victim to endure attack attempts without denying service to legitimate clients. This is done either by enforcing policies for resource consumption or by ensuring that abundant resources exist so that legitimate clients will not be affected by the attack. Consequently, based on the prevention method, we differentiate between resource accounting and resource multiplication mechanisms.
Resource Accounting Mechanisms
Resource accounting mechanisms police the access of each user to resources based on the privileges of the user and his behavior. Such mechanisms guarantee fair service to legitimate well-behaving users. In order to avoid user identity theft, they are usually coupled with legitimacy-based access mechanisms that verify the user’s identity. Approaches proposed in illustrate resource accounting mechanisms.
Resource Multiplication Mechanisms
Resource multiplication mechanisms provide an abundance of resources to counter DDoS threats. The straightforward example is a system that deploys a pool of servers with a load balancer and installs high bandwidth links between itself and upstream routers. This approach essentially raises the bar on how many machines must participate in an attack to be effective. While not providing perfect protection, for those who can afford the costs, this approach has often proven sufficient. For example, Microsoft has used it to weather large DDoS attacks.
Reactive Mechanisms
Reactive mechanisms strive to alleviate the impact of an attack on the victim. In order to attain this goal they need to detect the attack and respond to it. The goal of attack detection is to detect every attempted DDoS attack as early as possible and to have a low degree of false positives. Upon attack detection, steps can be taken to characterize the packets belonging to the attack stream and provide this characterization to the response mechanism. We classify reactive mechanisms based on the attack detection strategy into mechanisms that deploy pattern detection, anomaly detection, hybrid detection, and third-party detection.
Mechanisms with Pattern Attack Detection
Mechanisms that deploy pattern detection store the signatures of known attacks in a database. Each communication is monitored and compared with database entries to discover occurrences of DDoS attacks. Occasionally, the database is updated with new attack signatures. The obvious drawback of this detection mechanism is that it can only detect known attacks, and it is usually helpless against new attacks or even slight variations of old attacks that cannot be matched to the stored signature. On the other hand, known attacks are easily and reliably detected, and no false positives are encountered
Mechanisms with Anomaly Attack Detection
Mechanisms that deploy anomaly detection have a model of normal system behavior, such as a model of normal traffic dynamics or expected system performance. The current state of the system is periodically compared with the models to detect anomalies. Approaches presented in provide examples of mechanisms that use anomaly detection. The advantage of anomaly detection over pattern detection is that unknown attacks can be discovered. However, anomaly-based detection has to address two issues:
1. Threshold setting. Anomalies are detected when the current system state differs from the model by a certain threshold. The setting of a low threshold leads to many false positives, while a high threshold reduces the sensitivity of the detection mechanism.
2. Model update. Systems and communication patterns evolve with time, and models need to be updated to reflect this change. Anomaly based systems usually perform automatic model update using statistics gathered at a time when no attack was detected. This approach makes the detection mechanism vulnerable to increasing rate attacks that can mistrial models and delay or even avoid attack detection.
Mechanisms with Hybrid Attack Detection
Mechanisms that deploy hybrid detection combine the pattern-based and anomaly-based detection, using data about attacks discovered through an anomaly detection mechanism to devise new attack signatures and update the database. Many intrusion detection systems use hybrid detection. If these systems are fully automated, properly extracting a signature from a detected attack can be challenging. The system must be careful not to permit attackers to fool it into detecting normal behavior as an attack signature, or the system itself becomes a denial-of-service tool.
Mechanisms with Third-Party Attack Detection
Mechanisms that deploy third-party detection do not handle the detection process themselves, but rely on an external message that signals the occurrence of the attack and provides attack characterization. Examples of mechanisms that use third-party detection are easily found among trace back mechanisms The goal of the attack response is to relieve the impact of the attack on the victim, while imposing minimal collateral damage to legitimate clients of the victim. I classify reactive mechanisms based on the response strategy into mechanisms that deploy agent identification, rate-limiting, filtering and reconfiguration approaches.
Agent Identification Mechanisms
Agent identification mechanisms provide the victim with information about the identity of the machines that are performing the attack. This information can then be combined with other response approaches to alleviate the impact of the attack. Agent identification examples include numerous trace back techniques and approaches that eliminate spoofing thus enabling use of the source address field for agent identification.
Rate-Limiting Mechanisms
Rate-limiting mechanisms impose a rate limit on a stream that has been characterized as malicious by the detection mechanism. Examples of rate limiting mechanisms are found in Rate limiting is a lenient response technique that is usually deployed when the detection mechanism has a high level of false positives or cannot precisely characterize the attack stream. The disadvantage is that they allow some attack traffic through, so extremely high scale attacks might still be effective even if all traffic streams are rate-limited.
Filtering Mechanisms
Filtering mechanisms use the characterization provided by a detection mechanism to filter out the attack stream completely. Examples include dynamically deployed firewalls , and also a commercial system Traffic Master . Unless detection strategy is very reliable, filtering mechanisms run the risk of accidentally denying service to legitimate traffic. Worse, clever attackers might leverage them as denial-of service tools.
Reconfiguration Mechanisms
Reconfiguration mechanisms change the topology of the victim or the intermediate network to either add more resources to the victim or to isolate the attack machines. Examples include reconfigurable overlay networks, resource replication services, attack isolation strategies etc. Reactive DDoS defense mechanisms can perform detection and response either alone or in cooperation with other entities in the Internet. Based on the cooperation degree we differentiate between autonomous, cooperative and interdependent mechanisms.
Autonomous Mechanisms
Autonomous mechanisms perform independent attack detection and response. They are usually deployed at a single point in the Internet and act locally. Firewalls and intrusion detection systems provide an easy example of autonomous mechanisms.
Cooperative Mechanisms
Cooperative mechanisms are capable of autonomous detection and response, but can achieve significantly better performance through cooperation with other entities. Mechanisms deploying pushback provide examples of cooperative mechanisms. They detect the occurrence of a DDoS attack by observing congestion in a router’s buffer, characterize the traffic that creates the congestion, and act locally to impose a rate limit on that traffic. However, they achieve significantly better performance if the rate limit requests can be propagated to upstream routers who otherwise may be unaware of the attack.
Interdependent Mechanisms
Interdependent mechanisms cannot operate autonomously; they rely on other entities either for attack detection or for efficient response. Traceback mechanisms provide examples of interdependent mechanisms. A traceback mechanism deployed on a single router would provide almost no benefit.
Classification by Deployment Location
With regard to a deployment location, we differentiate between DDoS mechanisms deployed at the victim, intermediate, or source network.
Victim-Network Mechanisms
DDoS defense mechanisms deployed at the victim network protect this network from DDoS attacks and respond to detected attacks by alleviating the impact on the victim. Historically, most defense systems were located at the victim since it suffered the greatest impact of the attack and was therefore the most motivated to sacrifice some resources for increased security. Resource accounting and protocol security mechanisms provide examples of these systems.
Intermediate-Network Mechanisms
DDoS defense mechanisms deployed at the intermediate network provide infrastructural service to a large number of Internet hosts. Victims of DDoS attacks can contact the infrastructure and request the service, possibly providing adequate compensation. Pushback and traceback techniques are examples of intermediate-network mechanisms.
Source-Network Mechanisms
The goal of DDoS defense mechanisms deployed at the source network is to prevent customers using this network from generating DDoS attacks. Such mechanisms are necessary and desirable, but motivation for their deployment is low since it is unclear who would pay the expenses associated with this service. Mechanisms proposed in provide examples of source-network mechanisms.
REFRENCE
http://www.cert.org/tech_tips/denial_of_service.html
http://www.cert.org/archive/pdf/DoS_trends.pdf
http://www.cert.org/incident_notes/IN-2001-08.html
http://www.cert.org/incident_notes/IN-2001-03.html
http://www.cert.org/incident_notes/IN-2001-01.html
http://www.cs.berkeley.edu/~nweaver/warhol.html
http://www.cert.org/incident_notes/IN-2001-09.html
http://www.cert.org/advisories/CA-2001-26.html
http://www.cert.org/incident_notes/IN-2000-04.html
http://www.cert.org/advisories/CA-1998-01.html
http://www.cisco.com/warp/public/707/newsflash.html
J. D. Howard, “An analysis of security incidents on the Internet,”
F. Kargl, J. Maier and M. Weber, “Protecting web servers from distributed denial of service attacks,”
J. D. Howard and T. A. Longstaff, “A common language for computer security incidents”
http://www.cert.org/research/taxonomy_988667.pdf
S. Axelsson, “Intrusion detection systems: A survey and taxonomy, “
K. Hafner and J. Markoff, Cyberpunk: Outlaws and hackers on the computer frontier
http://www.tripwire.com/products/servers/
http://www.usenix.org/publications/login/2000-7/apropos.html.
M. Franklin and A. Stubblefield, “An algebraic approach to IP Traceback”,
http://search.ietf.org/internet-drafts/draft-ietf-itrace-01.txt, Oct.
RFC 2267,
J. Leiwo, P. Nikander, and T. Aura, “Towards network denial of service resistant protocols
Wikipedia and
Also Credits-some articles by my hackers friends for writing different parts (WAR10RD, DIGITAL, ICEBEAR 64 ETC) ,Jelena , Martin and Peter