What is Denial Of Service Attack (DOS) Technique And Tools
Denial of service attack is basically a simple attack that keeps the target system from operating as it should. In its simplest form, it uses up all of the system resources so that others can’t connect. More sophisticated attacks will cause the system to crash or create a infinite loop that uses all of the system’s CPU cycles.
In other Word denial of service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many Denial of service attack attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols
I want to lay some groundwork on the techniques for DoSing and provide you with some of the tools to do so
You can categorize denial of service attacks into at least three different types, which include:
These are the simplest attacks. The attacker simply sends a large volume of packets to the target thereby using up all the resources. The resources used might simply be bandwidth. These attacks include ICMP and UDP floods.
These attacks often use the server’s resources rather than bandwidth going to and from of the server. They can also use the resources of the network equipment on the periphery of the server (such a firewalls, intrusion detection systems, and switches). Examples include Smurf attacks (ICMP to a broadcast IP with a spoofed IP), Fraggle attacks (same as the Smurf, only using UDP), SYN floods, ping of deaths (oversized ICMP with the same destination and source IP and port), and many others.
- Application Layer Attacks
These attacks are comprised of what appear to be legitimate application layer (layer 7) requests to the server that are intended to crash it. These include attacks on Apache HTTP Server and Microsoft IIS, and includes tools such as Slowloris.
Denial Of Service Attack & DDoS Tools
The Low Orbit Ion Cannon (LOIC) may be the most popular DoS tool and has made its way into hacker lore. It is capable of sending mass amounts of ICMP or UDP packets to the target, thereby saturating the bandwidth, and has been used in some of the most effective and notorious DoS attacks.
LOIC attacks can be largely mitigated by limiting UDP and ICMP packets and limiting how many packets can be sent and delivered to any one client. You can download LOIC on SourceForge. This tool is Windows-based and almost as easy as pointing and clicking.
The HOIC was developed during Operation Payback by Praetox—the same folks who developed LOIC. The key difference is that HOIC uses a HTTP flood using booster files that enable a small number of users to effectively DoS a website by sending a flood of randomized HTTP GET and POST requests. It is capable of simultaneously DoSing up to 256 domains. You can download it from SourceForge.
XOIC is another easy-to-use DoS tool. The user simply needs to set the IP address and port of the target, select a protocol (HTTP, UDP, ICMP, or TCP), then begin to fire away! You can download it on SourceForge
UDP Flooder does just as you would expect—it sends a flood of UDP packets to the target. It has been effectively used to knock gamers off their networks (online games primarily use UDP). You can download it at SourceForge.
ToR’s Hammer was designed to be run through the ToR network to anonymize the attack and limit mitigation. The problem with this strategy is that the ToR network tends to be very slow, thereby limiting the rate at which the packets can be sent and thereby limiting the effectiveness of this tool. You can download it from Packet Storm or SourceForge.
This DDoS tool (built right into Kali) is different from most DoS tools in that it doesn’t require huge amounts of bandwidth and can be conducted with a single system. It attacks vulnerabilities in SSL to bring down the server. You can download it from THC, but if you are using Kali, you already have it.
The Open Web Application Security Project (OWASP) and ProactiveRISK developed the Switchblade DoS tool to be used to test the resiliency of a web app to DoS attempts. It has three modes, 1. SSL Half-Open, 2. HTTP Post, and 3. Slowloris. You can download it from OWASP.