Dos attack CNN and Dos Attack detail principle (tracert and ICMP principle)

How Dos attacks on CNN sites?
Method 1. Direct access to this page http://www.chenmin.org/doscnn.html,
Method 2. Save this page as an HTML file and open it in a browser.
Enable scripting by prompting, and then automatically connect to the CNN site every 5 Seconds
(note, it is automatic, as long as you do not close the browser window can be, and will not affect your other operations),
If the whole world of Chinese Unite, then CNN website absolutely collapse
As long as you are patriotic, please forward!!!

I tried this on the firefox below, and everything was fine, constantly connected www.cnn.com
I experimented in IE, the status bar prompts the continuous connection to CNN, Kaspersky did not prompt any exceptions,/temporary Internet files files also did not generate any. exe files.

:-) by the way to learn the Dos attack principle
Following from: http://www.chinaitlab.com/www/special/ciwddos.asp
The above is very detailed, there is time to take a closer look.
Let's make a general introduction:

The English full name of DOS is the denial of service, which means "denial-of-service". From the various methods of network attacks and the damage caused by the situation, DOS is a very simple but very effective way of attack. The goal is to deny access to your services, disrupt the normal operation of your organization, and eventually disable some of your Internet connections and network systems. There are many ways to attack DOS, the most basic Dos attack is to use a reasonable service request to occupy too much service resources, so that legitimate users can not be serviced.
We can see the basic process of Dos attack: first, the attacker sent a large number of requests to the server with a false address, the server sent a reply message waiting for the return of information, because the address is forged, so the server has not been able to return the message, the resources allocated to this request has not been released When the server waits for a certain amount of time, the connection is cut off due to a timeout, and the attacker sends a new batch of requests that, in the case of the repeated sending of pseudo address requests, the server resources will eventually be exhausted.
DDoS (Distributed denial of service), its English is all called the distributed denial of service, it is a kind of DOS based special form of Denial-of-service attack, is a distributed, collaborative large-scale attack, mainly aimed at larger sites, like commercial companies, Search engines and Government department sites. From Figure 1 we can see that Dos attacks as long as a single machine and a modem can be implemented, unlike the DDoS attack is the use of a group of controlled machines to attack a machine, so the rapid attack is difficult to guard against, and therefore has a greater destructive.

That night opened the attack on the Web site, there is a period of time to visit CNN, Ping also ping impassability, want to use Tracert to see where the disconnect, ^_^ by the way in the study AH tracert related knowledge.
The following article from: http://hi.baidu.com/mayer1008/blog/item/fe5f38d8c381283432fa1c72.html
Tracert=trace Route

The Tracert (trace route) is the routing trace utility that determines the path taken by IP datagram access targets. The Tracert command uses the IP lifetime (TTL) field and ICMP error messages to determine routes from one host to another host on the network.

Tracert Working principle

The Tracert diagnostics determine the route to the destination by sending an Internet Control Message Protocol (ICMP) response packet to the destination with different IP time to live (TTL) values. Requires that each router on the path decrements at least 1 of the TTL on the packet before forwarding the packet. The TTL on the packet is reduced to 0 o'clock, and the router should send the "ICMP timed out" message back to the source system.

Tracert sends a response packet with a TTL of 1 and increments the TTL by 1 in each subsequent send process until the target response or TTL reaches its maximum value to determine the route. Route is determined by examining the "ICMP timed out" message sent back by the intermediary router. Some routers discard the TTL-expired packets without asking, which is not visible in the Tracert utility.

The Tracert command prints a list of the near-end router interfaces in the path that returns the ICMP timeout message in order. If you use the-D option, the Tracert utility does not query DNS on each IP address.

In the following example, the packet must pass through two routers (10.0.0.1 and 192.168.0.1) to reach the host 172.16.0.99. The default gateway for the host is the IP address of the router on the 10.0.0.1,192.168.0.0 network is 192.168.0.1.

C:/>tracert 172.16.0.99-d

Tracing route to 172.16.0.99 over a maximum of hops

1 2s 3s 2s 10,0.0,1

2 ms Ms 192.168.0.1

3 ms-Mobile MS 172.16.0.99

Trace complete.

Solve problems with Tracert

You can use the TRACERT command to determine where the packet will stop on the network. In the following example, the default gateway determines that the 192.168.10.99 host does not have a valid path. This may be a problem with the router configuration, or the 192.168.10.0 network does not exist (the wrong IP address).

C:/>tracert 192.168.10.99

Tracing route to 192.168.10.99 over a maximum of hops

1 10.0.0.1 reports:destination net unreachable.

Trace complete.

The Tracert utility is useful for solving large network problems and can take several paths to the same point.

Tracert Command line Options

The Tracert command supports a variety of options, as shown in the following table.

tracert [-d] [h maximum_hops] [-j host-list] [-w timeout] target_name option description

-d specifies that the IP address is not resolved to the host name.

-h maximum_hops Specifies the metric to track the route to a host called Target_name.

-j host-list Specifies the list of router interfaces in the path used by the Tracert utility packet.

-W Timeout Wait timeout the number of milliseconds specified for each reply.

Target_name the name or IP address of the target host.

After reading the ICMP agreement is not very understand, and then searched again, ICMP detailed explanation is as follows:
The following article from: http://blog.chinaunix.net/u/20828/showart_343367.html

ICMP full name Internet Control message Protocol (Internet Controls Information Protocol). To mention ICMP, some people may feel unfamiliar, in fact, ICMP is closely related to us. At all levels of the network architecture, all need to control, and different levels have different division of labor and control content, the IP layer control function is the most complex, mainly responsible for error control, congestion control, and any control is based on information, in the network system based on IP datagram, The gateway must handle the transmission of the datagram itself, and the IP protocol has no intrinsic mechanism to get the error information and deal with it. To handle these errors, TCP/IP design ICMP protocol, when a gateway found transmission error, immediately send ICMP message to source host, report error information, let source host to take corresponding measures, it is a kind of error and Control Message protocol, not only for transmission error message, but also transmission control message.

Second, ICMP message format

ICMP message contained in the IP datagram, a user of IP, IP head in front of the ICMP message, so an ICMP message includes IP Head, ICMP head and ICMP message (see chart, ICMP message structure and several common ICMP message format), IP The protocol value of the head is 1 to indicate that this is an ICMP message, the Type field in the ICMP header is used to illustrate the role and format of the ICMP message, and a code field is used to specify the type of ICMP message, all data is behind the ICMP header. The RFC defines 13 ICMP message formats, as follows:

Type code type description

0 Response Answer (echo-reply)
3 Not reachable
4 Source suppression
5 redirect
8 Response Request (Echo-request)
11 timeout
12 parameter failure
13 Time Stamp Request
14 Time Stamp response
15 Information Request (* has been voided)
16 Information Response (* has been voided)
17 Address Mask Request
18 Address Mask Answer

Information messages with code 15 and 16 have been invalidated.

The following are some of the common ICMP messages:

1. Responding to requests

Our daily use of the most ping is the response request (TYPE=8) and Response (type=0), a host to a node to send a type=8 ICMP message, if there is no exception (such as by the router discarded, the target does not respond to ICMP or transmission failed), then the target return Type =0 ICMP message, indicating the existence of this host, more detailed tracert to determine the network distance between the host and the target by computing the nodes through the ICMP message.

2. Target unreachable, source suppression and hyper-times

The format of these three messages is the same, the Destination Unreachable message (type=3) in the router or host can not be used to pass the data, such as we want to connect each other a non-existent system port (port number is less than 1024), will return type=3, code=3 ICMP message, it tells us: "Hey, don't connect, I'm not at home." ", the common unreachable types are network unreachable (code=0), host unreachable (code=1), Protocol unreachable (code=2), etc. Source suppression acts as a control of traffic, it notifies the host to reduce datagram traffic, because the ICMP does not restore the transmission of the message, so long as the message stopped, the host will gradually restore the transmission rate. Finally, the problem of connectionless network is that the datagram will be lost, or long time wandering in the network can not find the target, or congestion caused the host in a specified period of time can not reorganize the datagram fragment, then will trigger the generation of ICMP super times text. There are two kinds of values for the Code field in the Code=0: The code=1 represents a transfer timeout, and the reorganization fragment timeout.

3. Time stamp

The timestamp request message (TYPE=13) and the timestamp response message (TYPE=14) are used to test the transmission time of the datagram between the two hosts. When transmitting, the host fills the original timestamp, the receiver receives the request and fills in the TYPE=14 message format, and the sender calculates the time difference. Some systems do not respond to this message.