Hackers have a multitude of tools and techniques to achieve their goals, and as old tools and techniques become obsolete, new ones are created. Three questions regarding hacker tools and techniques are addressed here. What are the common tools used to conduct a Denial of Service (DoS) attack? What is a buffer overflow attack and how does a SQL injection attack happen? Tools for a DoS Attack Unlike many other types of attacks used by hackers, DoS attacks do not attempt to steal information, penetrate systems, or escalate privileges. A DoS attack is used to deny services to a network resource, such as a web server. According to Vangie Beal, “This type of attack is essentially designed to bring a network to its knees by flooding it with useless traffic” (2010). Various tools can be used to perpetrate a DoS attack, including Internet Control Message Protocol (ICMP) echo requests, RU-Dead-Yet (RUDY), Dirt Jumpers, and virus/worm programs that automate an attack. A simplistic form of DoS is practiced using the ping command with certain options set for the purpose of flooding an IP address with echo requests. According to Chuck Easttom (2012), the echo request is configured such that it is set close to the maximum packet size, the response waiting time is set to zero, and -t is added to continue pinging until explicitly asked to stop it (p.73 ). Sending echo requests in this way will not flood a network resource, but if many computers simultaneously send these types of echo requests to the same system, eventually the system will run out of resources to respond to legitimate requests. RUDY is a program that uses HTML POST requests, such as a login, to simulate multiple requests for slow bandwidth, effectively creating a DoS attack...... middle of paper ......cesBeal, V. (2012). Denial of Service (DoS) attacks. Retrieved December 28, 2013, from http://www.webopedia.com/DidYouKnow/Internet/2005/DoS_attack.aspEasttom, C. (2012). Fundamentals of computer security. Indianapolis. Pearson.Hunt, T. (2013). Everything you wanted to know about SQL injection (but were afraid to ask). Retrieved December 28, 2013, from http://www.troyhunt.com/2013/07/everything-you-wanted-to-know-about-sql.htmlHybrid Security. (n.d.). RU-still-dead. Retrieved December 28, 2013, from http://code.google.com/p/ru-dead-yet/Imperva. (2012). Hacker Intelligence Initiative Monthly Trends Report No. 12. Retrieved December 28, 2012, from https://www.imperva.com/docs/HII_Denial_of_Service_Attacks-Trends_Techniques_and_Technologies.pdfRouse, M. (2007). Buffer overflow. Retrieved December 28, 2013, from http://searchsecurity.techtarget.com/definition/buffer-overflow