Pages

Banner 468 x 60px

 

Wednesday, March 23

Motivational Lines

0 comments
Koshish Karne Walon Ki Har Nahin Hoti
Lahron Se Dar Kar Nauka Par Nahin Hoti

Koshish Karne Walon Ki Har Nahin Hoti
Nanhi Chiti Jab Dana Lekar Chalti Hai

Chadhti Deewaron Par Sau Bar Phislati Hain
Man Ka Viswas Ragon Mein Sahas Bharta Hain

Chadhkar Girna Girkar Chadhna Na Akharta Hain
Akhir Uski Mehnat Bekar Nahin Hoti

Koshis Karne Walon Ki Har Nahin Hoti
Dubkiyan Sindhu Mein Gotakhor Lagata Hain

Ja Jakar Khali Haath Laut Aata Hain
Milte Nahin Sahaj Hi Moti Gahre Pani Mein

Badhta Dugna Utsah Isi Hairani Mein
Muthi Uski Khali Har Bar Nahi Hoti

Koshis Karne Walon Ki Har Nahin Hoti
Asaflta Ek Chunauti Hain Swavikar Karo

Kya Kami Rah Gayi Dekho Aur Sudhar Karo
Jab Tak Na Safal Ho Nind Chain Ko Tyago Tum

Sangharshon Ka Maidan Chod Mat Bhago Tum
Kuch Kiye Bina Hi Jayjaykar Nahin Hoti
Koshis Karne Walon Ki Har Nahin Hoti

Harivansh Rai Bachchan
Read more...

Monday, March 21

HTTP Status Codes and what they mean

0 comments
HTTP, Hypertext Transfer Protocol, is the method by which clients (i.e. you) and servers communicate. When someone clicks a link, types in a URL or submits out a form, their browser sends a request to a server for information. It might be asking for a page, or sending data, but either way, that is called an HTTP Request. When a server receives that request, it sends back an HTTP Response, with information for the client. Usually, this is invisible, though I'm sure you've seen one of the very common Response codes - 404, indicating a page was not found. There are a fair few more status codes sent by servers, and the following is a list of the current ones in HTTP 1.1, along with an explanation of their meanings.

-------------------------------------------------------------------------------------------------------------
Error Code Range     Type of Error Code

100 - 199            Informational Status Codes, rarely used and generally only written to server logs.

200 - 299            Successful, only 200 frequently used - and generally only written to server logs.

300 - 399            Warning , But the request may still be satisfiable.

400 - 499            Client Error, the request is invalid in someway.

500 - 599            Server Error , The server could not fulfil the request.

------------------------------------------------------------------------------------------------------------

HTTP Error 101

        Continue, This status code is not really an error. This means the request has been completed and rest of the process can continue.

HTTP Error 102

        Switching Protocols, This is also not an error. It means When requesting a page, a browser might receive a status code of 101, followed by an "Upgrade" header showing that the server is changing to a different version of HTTP.

HTTP Error 200

        OK, This status code means Standard response for HTTP successful requests.

HTTP Error 201

        Created, When new pages are created by posted form data or by a CGI process, this is confirmation that it worked.

HTTP Error 202

        Accepted, The client request was accepted, through yet not processed.

HTTP Error 203

        Non-Authorative Information, Request probably completed successfully but can't tell from original server.

HTTP Error 204

        No Content, Request Completed Successfully but the resource requested is empty.

HTTP Error 205

        Reset Content, This allows the server to reset content returned.

HTTP Error 206

        Partial Content, The requested file wasn't downloaded entirely. This is returned when the user presses the stop button before a page is loaded, for example.

HTTP Error 300

        Multiple Choices, The requested address refers to more than one file. Depending on how the server is configured, you get an error or a choice of which page you want.

HTTP Error 301

        Moved Permanently, The resource is permanently moved to some other place and the response indicates where it is gone.

HTTP Error 302

        Moved Temporarily, The resource is temporarily moved to somewhere else and the response indicates where it is present.

HTTP Error 303

        See Other / Redirect, An alternative source where should be used at present.

HTTP Error 304

        Not Modified, The server has identified from the request information that the client's copy of information is up-to-date and the requested information does not need to sent again.

HTTP Error 305

        Use Proxy, The request must be sent through the indicated proxy server.

Client Error

HTTP Error 400

        Bad Request, The status code of 400 indicates that the server did not understand the request due to bad syntax.

HTTP Error 401

        Unauthorized, the status code of 401 indicates that before a resource can be accessed, the client must be authorized by the server.

HTTP Error 402

        Payment Required, The 402 status code is not currently in use, being listed as "reserved for future use".

HTTP Error 403

        Forbidden, A 403 status code indicates that the client cannot access the requested resource. That might mean that the wrong username and password were sent in the request, or that the permissions on the server do not allow what was being asked.

HTTP Error 404

        Not Found, The requested file was not found on the server. Possibly because it was deleted, or never existed before. Often caused by misspellings of URLs.

HTTP Error 405

        Method Not Allowed, The method you are using to access the file is not allowed.

HTTP Error 406

        Not Acceptable, The requested file exists but cannot be used as the client system doesn't understand the format the file is configured for.

HTTP Error 407

        Proxy Authentication Required, The 407 status code is very similar to the 401 status code, and means that the client must be authorized by the proxy before the request can proceed.

HTTP Error 408

        Request Timeout, The server took longer than its allowed time to process the request. Often caused by heavy net traffic.

HTTP Error 409

        Conflicting, Too many concurrent requests for a single file.

HTTP Error 410

        Gone, The file is used to be in this position, but is there no longer.

HTTP Error 411

        Content Length Required, The 411 status code occurs when a server refuses to process a request because a content length was not specified.

HTTP Error 412

        Precondition Failed, A certain configuration is required for process this request, but the client has not set this up.

HTTP Error 413

        Request Entity Too Long, The 413 status code indicates that the requested file was too big to process.

HTTP Error 414

        Request URI Too Long, The 414 status code indicates that the URL requested by the client was longer than it can process.
HTTP Error 415

        Unsupported Media Type, The server does not support the resource type requested. Frequently found when attempting to serve up content which may require a plug-in.

HTTP Error 500

        Internal Server Error, A 500 status code indicates that the server encountered something it didn't expect and was unable to complete the request.

HTTP Error 501

        Not Implemented, The 501 status code indicates that the server does not support all that is needed for the request to be completed.

HTTP Error 502

        Bad Gateway, The server you're trying to reach is sending back errors.

HTTP Error 503

        Service Unavailable, This status code oftenseen on extremely busy servers, and it indicates that the server was unable to complete the request due to a server overload.

HTTP Error 504

        Gateway Timeout, The website you are attempting to access is currently unreachable. This may be due to network outage or the website might be experiencing technical difficulties.

HTTP Error 505

        HTTP Version Not Supported, The HTTP protocol you are asking for is not supported.


Read more...

Sunday, March 20

Denial of Service Attacks - 2

2 comments

As in my last post of Understanding Denial of Service Attacks I am continuing about DOS(Denial of Service Attacks)

The denial of service attack is statistically the most used malicious attack out of them all. This stems from the ease of use of the attack, as well as the alarming lethality. Literally anyone can bring down a website with a simple command prompt. The question is how to protect against an attack that can cripple your network or website in a matter of minutes?

Types of Denial of Service Attacks

If you are going to protect against an attack, you first have to know how it works. You must familiarize yourself with the different variations, methods, and plans of attacks that hackers use.

We are having 7 different classifications of denial of service attacks.

Ping Flood

The most basic of attacks is the ping flood attack. It relies on the ICMP echo command, more popularly known as ping . In legitimate situations the ping command is used by network administrators to test connectivity between two computers. In the ping flood attack, it is used to flood large amounts of data packets to the victim’s computer in an attempt to overload it. You can see an example of the ping flood attack below.



This type of attack is generally useless on larger networks or websites. This is because only one computer is being used to flood the victim’s resources. If we were to use a group of computers, then the attack would become a distributed denial of service attack, or DDoS.

The most common cure to the ping flood attack is to simply ban the IP address from accessing your network. A distributed denial of service attack is a bit more complex, but we will take a look at them later on.

Ping of Death

The Ping of Death attack involved sending IP packets of a size greater than 65,535 bytes to the target computer. IP packets of this size are illegal, but the attacker can be built that are capable of creating them. An ICMP echo request with more than 65,507(65,535-20-8) bytes of data could cause a remote system to crash while reassembling the packet fragments.



Luckily, most devices created after 1998 are immune to this kind of attack. If you are running a network with outdated devices this will indeed be a possible threat to your network. In this case, upgrade your devices if possible.

Smurf/Smurfing

The Smurf attack is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages.

Most firewalls protect against smurf attacks, but if you do notice one, there are several things you can do. If you have access to the router your network or website is on, simply tell it to not forward packets to broadcast addresses. In a Cisco router, simply use the command: no ip directed-broadcast.

This won’t necessarily nullify the smurf attack, but it will greatly reduce the impact and also prevent your network or website from attacking others by passing on the attack. Optionally, you could upgrade your router to newer Cisco routers, which automatically filter out the spoofed IP addresses that smurf attacks rely on.

Fraggle 

A Fraggle attack is exactly the same as a smurf attack, except that it uses the user datagram protocol, or UDP, rather than the more common transmission control protocol, or TCP. Fraggle attacks, like smurf attacks, are starting to become outdated and are commonly stopped by most firewalls or routers.

This attack is generally less powerful than the smurf attack, since the TCP protocol is much more widely used than the UDP protocol.

SYN Flood 


The SYN flood attack takes advantage of the TCP three-way handshake. This method operates two separate ways. Both methods attempt to start a three-way handshake, but not complete it. You can view the proper three-way handshake below.

The first attack method can be achieved when the attacker sends a synchronize request, or SYN, with a spoofed IP address. When the server tries to send back a SYN-ACK request, or synchronize-acknowledge request, it will obviously not get a response. This means that the server never obtains the client’s ACK request, and resources are left half-open.

Alternatively, the attacker can just choose to not send the acknowledgement request. Both of these methods stall the server, who is patiently waiting for the ACK request. Thankfully, this hole in the three-way handshake has been patched for years, just like the ping of death attack. Should you suspect that your older devices are the subject of this attack, upgrade them immediately.

Teardrop


In the teardrop attack, packet fragments are sent in a jumbled and confused order. When the receiving device attempts to reassemble them, it obviously won’t know how to handle the request. Older versions of operating systems will simply just crash when this occurs.

Operating systems such as Windows NT, Windows 95, and even Linux versions prior to version 2.1.63 are vulnerable to the teardrop attack. As stated earlier, upgrading your network hardware and software is the best way to stay secure from these types of attacks.

Distributed Denial of Service

A distributed denial of service attack, or DDoS, is much like the ping flood method, only multiple computers are being used. In this instance, the computers that are being used may or may not be aware of the fact that they are attacking a website or network. Trojans and viruses commonly give the hacker control of a computer, and thus, the ability to use them for attack. In this case the victim computers are called zombies.


A DDoS attack is very tough to overcome. The first thing to do is to contact your hosting provider or internet service provider, depending on what is under attack. They will usually be able to filter out the bulk of the traffic based on where it’s coming from. For more large-scale attacks, you’ll have to become more creative.

Prevent / Defend ourselves from this Attacks 

Conduct regular  audits on each host on the network to find installation of DDOS Tools/Vulnerable Applications
Audit network on regular basis to see your network is vulnerable to attacks 
Read more...