What is a DOS attack?
It’s an Attack used to make the victim’s system or network unavailable for its legitimate users by sending Multiple requests until it crashes to respond with other original Users. Most of the Black Hat hackers Target this kind of attack to Deface and Get down an organization to its ground.
HOW?
We can Perform Denial of service Attack in many ways, but today we are going to learn how we can do it by sending Flood of SYN packets to consume enough server(i.e Victim) resources to make the system Crash or unresponsive to the Legitimate user(s).
Why an Ethical Hacker Should Learn DOS attack?
Being an Ethical Hacker or security Personnel of an Organization, they should have sound knowledge about DOS and DDOS attack, so that they can tackle how to detect, stop and mitigate the situation when it arise in their network, here you can how to perform DOS attack and testing of networks for DoS flaws.
Ok, Lets Dive in,
LAB ENVIRONMENT: KALI LINUX as Attacker Machine, WINDOWS 7 as Victim Machine.
STEP 1:- Install Wireshark in Windows machine so that we can take a look at the packets, It will prompt you for installing pcap, usbcap click yes and install it too, so that we can capture packets from the machine to inspect it.
STEP 2:- Now open your KALI machine then open terminal to perform DOS attack then use this command, hping3 -S [Victim’s IP] -a [Attackers IP] -p 3306 –flood then hit Enter.
STEP 3:- You can use another command also “hping3 S [Victim’s IP] -a [Attackers IP] -p 3306 -c 999999999 -d 100000000 -flood“. why am i using this?, Because the packet flow will be very slow with the previous command. so use this command so that we can see the abrupt packets one after another.
Here, what is what?
hping3 – It is a tool We can use for DOS attack, and we can use it for scanning also like Nmap. c– It is the packet count that we want to send to the victim. d– Data Size that we want to Send to the Victim -p – Victims Port that we want to attack. –flood – This will flood the packets Repeatedly -S – It wil set the SYN packet Flag with the IP -a – This will spoof the IP of the attacker, here i didn’t spoofed my IP.
STEP 4:- Switch to Windows Machine and open Wireshark to look for the packets, choose the interface to capture the packets.
STEP 5:- Here we can see that packets are flowing from my Kali Machine to Windows Mahine, You can find that with the IP and the packets count below. even My windows started crashing LOL, so I stopped it from my Kali machine.
In DOS attack, we should be very careful in taking this out in our Virtual Environment, by taking SnapShots(Saving Machine Status) of your Operating System before Doing this because sometimes you will end up with BLUE SCREEN of DEATH.
Why we are seeing it through today, We need to know what are the Flaws are in our network or in our system which is open for DOS attack, so that we can Prevent and mitigate the attack.
There are many DOS attacks were happened all over the World, Go through those to get more information on how it happened.
What Happened Here? We sent a lot of SYN packets in huge amount of data so that it will not respond for the Legitimate user.
COUNTERMEASURES :
- We can Use additional Resources to Withstand the attack.
- We can Use rule sets in IDS and IPS to prevent packet flows
- We can Stop the services to stop the attack
- We can deflect the attacks by using Honeypots and defense in depth approach with IPs
- We have to find out the critical services.
So that’s it for today, A basic DOS attack in virtual Environment.
We will try DDOS tutorial some other day, Hope you gained some knowledge regarding this.
See you soon, Bye Bye!!
