Hello friends, in the hacking class that we held on Sunday, we discussed things like how to find an IP address (which I already explained in detail), and a term called a Ping Sweep. Today I will discuss the details of a Ping Sweep and how it helps in reconnaissance, or the information gathering phase. We will cover all the topics that were discussed in the CME hacking class in detail.
What is Ping Sweep?
First of all, you should know that a Ping is a system’s network-based utility which is used to identify that a host is alive or dead. Technically, you can call it an echo reply. By “alive,” I mean that the host (computer, system, network, website etc.) is active, and by “dead,” I mean that the host is in shutdown mode.
Note: Anything can be a host, like a website, computer system, printer, network or any device.
Now, what is a ping sweep? A Ping Sweep is an information gathering technique which is used to identify live hosts by pinging them. Let’s delve into it more technically; a Ping Sweep can also be called a Ping scan, an ICMP sweep (Internet Control Message Protocol) or two-way handshake protocol. It is two-way handshake protocol because one host sends data (packets) and another host validates the data and returns the acknowledgement (again, packets) that the ping was successful or not.
Ping Sweep can be used for several purposes:
1. Normal Ping Sweep
Once we have the IP address of the host, we can ping that IP address and determine whether the host is alive or not. Once the packets are received correctly, then it confirms that host is alive and we can proceed our attack further on the host (or victim).
For a normal Ping Sweep, there are a plethora of tools available, like fping, gping, and Nmap, or you can do this directly by using looping shell script on both windows and linux platforms.
Below, we demonstrate how it’s done on Windows:
Go to START —> RUN —> CMD —-> then type PING 127.0.0.1 (IP address of host).
Below is a snapshot of PING:
|Sample of Successful ping Sweep|
2. Flood Pinging:
Flood Pinging is a kind of denial of service attack; it occurs when you flood a lot of pings to a website or a host. The result is that a normal or legitimate user will not be able to access that website because every host (website or victim network) has a maximum capacity limit. When Flood Pinging crosses that limit, it jams the network, and the host stops responding. This is done by making automated scripts, or you can do this directly using flood pinging software, like a server attack. Flood Pinging is also sometimes called a “Ping of Death” as it makes the host behave like a dead host which does not respond to anything.
Note: This will only work if the attacker’s bandwidth is more than the host’s. But doing this in groups can do the trick.
Generally, only a few website owners opt for unlimited bandwidth plans, as they are too costly. Instead, they opt for plans like 10Gb bandwidth. Any attempt to Flood Ping from your 2 or 4 Mbps connection will be in vain. But suppose you tackle this with a group of 20 people. Now if you launch the same attack from 20 computers, having a 2 Mbps connection now means you’re hitting the host with 40 Mbps at a time. But now you are thinking bandwidth is 10Gb and we only reached 40mbps, here is the trick: hackers create multiple connections, approximately 1000, from one PC, so 20 means 20000 connections at a time. This will slow down a website’s database and other functionality and the website will stop responding.
To do this to a victim (on an IP address of a PC), you need a faster connection than he has, you don’t need to do that in a group.
Flood Pinging is extremely helpful in Session Hijacking, which will be explained later, so keep reading and keep learning, as learning is the only key to becoming an elite.
I hope you all liked this post, if you have any queries ask me in the form of comments..