What is Denial of Service Attack? Performing DoS Attack!
In this tutorial, we’ll discuss denial of service attack. We’ll also perform DoS attack on our target using LOIC (Low Orbit Ion Cannon) and Hping3 (pre-installed in Kali).
Table of Contents [Quick Links]
- Preparation for the DoS Attack!
- Performing DOS Attack using Windows & Linux
- Countermeasures | How to Fight Against DoS Attack?
- External Resources
What is Dos Attack?
It’s an attempt to make a machine or network resource unavailable to its intended users. Let me explain denial of service attack (DoS attack) to you in 5 easy points:
- All machines and devices that form Internet and our LAN have certain limitations in sense of bandwidth and power.
- These machines (web servers) and networking devices (switches and routers) can serve only limited number of requests/user.
- When number of users (actually requests made by them) grows, load on these devices and machine grows.
- If appropriate measures aren’t taken, ultimately these machines are so heavily loaded that they either crash or deny all further requests that are made to them.
- This state or condition is called Denial of Service (DoS) and these devices/machines are said to be undergoing DoS attack.
Group of Hackers and Protesters take advantage of these limitations and perform DoS attack to make target’s network and website to come to the knees.
Purpose and Motivation:
Denial of Service Attack is performed for the following reasons:
- By an Ethical Hackers to check the strength of their own or clients system. Sometimes also referred to as stress test.
- Cybercriminals use DoS attacks to extort money from companies that rely on their websites being accessible.
- To cripple rival websites/network/business.
- Hacktivist uses DoS attacks as a means to express their criticism of everything from governments and politicians, including “big business” and current events. If they disagree with you, your site is going to go down (a.k.a., “tango down”).
- Cracker uses a DoS attack to take down the bank’s website and then send out phishing emails to direct customers to a fake emergency site instead.
Types of DoS Attack
Technically, there are more than a dozen types of DoS attack that are witnessed by the IT people so far. Some of them are as follows (copied from Wikipedia):
DDos (Distributed DoS)
Let me break down DDoS process as well:
- A Distributed Denial of Service (DDoS) attack is a DoS attack that comes from more than one source at the same time.
- A DDoS attack is typically generated using thousands (potentially hundreds of thousands) of unsuspecting zombie machines (a machine controlled by a Hacker).
- The machines used in such attacks are collectively known as “botnets” and will have previously been infected with malicious software, so they can be remotely controlled by the attacker.
- According to research, tens of millions of computers are likely to be infected with botnet programs worldwide.
Advanced Persistent DoS (APDoS)
It’s more likely to be perpetrated by an advanced persistent threat (APT): actors who are well resourced, exceptionally skilled and have access to substantial commercial grade computer resources and capacity
HTTP POST DoS Attack
The HTTP POST attack sends a complete, legitimate HTTP POST header, which includes a ‘Content-Length’ field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/110 seconds). The target server will attempt to obey the ‘Content-Length’ field in the header, and wait for the entire body of the message to be transmitted, which can take a very long time. The attacker establishes hundreds or even thousands of such connections, until all resources for incoming connections on the server (the victim) are used up.
Permanent denial-of-service Attacks:
Permanent denial-of-service (PDoS), also known loosely as phlashing, is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. The attacker uses these vulnerabilities to replace a device’s firmware with a modified, corrupt, or defective firmware image—a process which when done legitimately is known as flashing.
Reflected / spoofed attack
A distributed denial-of-service attack may involve sending forged requests of some type to a very large number of computers that will reply to the requests. Using IP address spoofing, the source address is set to that of the targeted victim, which means all the replies will go to (and flood) the target.
Slow Read Attack
Slow Read attack sends legitimate application layer requests but reads responses very slowly, thus trying to exhaust the server’s connection pool.
For the complete list, refer the Wikipedia, link given in reference and further readings section.
Preparation for the DoS Attack!
You can only perform a Denial of Service attack on devices that you own. The benefit is that you can see the whole phenomenon closely from both sides (attacker’s side as well a target). Moreover, you don’t have to go to Jail or pay any penalty!
We need at least a target to perform a DoS attack. As already mentioned several times on this website, we can’t target anyone (except ourselves). So, let’s set up a target web server machine.
Our Target: Windows Machine running XAMP server!
Follow the Steps to Create a XAMP server on windows:
- Download XAMP for Windows (Size~100-125MB).
- Install it on your Windows machine.
- Run it and start Apache server.
For simplicity, watch the following video:
Our Target 2: If you decided to use Linux as a Target server, you can do so by starting the pre-installed apache server with the following command:
There are several network strength and stress auditing tools available that can be used for performing DoS attack. Some of them are as follows:
For Windows: LOIC
For Linux: hping3 (comes pre-installed in KALI Linux)
LOIC is also available for Android, download it from Google Play.
Performing DOS Attack using Windows & Linux
There are two general forms of DoS attacks: those that crash services and those that flood services. We’ll perform DoS attack that will crash the services as the as the whole system!
Hping3: A Linux Tool!
If you wish to flood the IP x.x.x.x on port 80 with SYN requests from fake IP y.y.y.y, type
This will send multiple SYN requests to port 80(http) and the victim will reply with SYN+ACK. Now, since the IP y.y.y.y is fake, hence the connection will never establish thus exhausting the victim’s bandwidth and resources.
We’ll learn about hping3 tool in details in our later tutorials.
LOIC: Windows Tool!
The steps for LOIC is pretty straightforward:
- Download LOIC and execute it.
- Enter the URL or IP address which u wanna attack and click on Lock On.
- The ip address of that very site will get displayed in the “Selected target” caption.
- Select the method and number of threads. (http is more effective than udp)
- Click on IMMA CHARGIN MAH LAZER… Attack will begin now!
Impact on Target (DoS Attack)
As expected, initially when DoS attack begins the server usage and performance degrades. And surprisingly, after a couple of minute, web server suddenly crashed!
TASKMANAGER PERFORMANCE #### 100% CPU USAGE ###
Enjoy the 50+ minute of DEFCON talk on Denial of Service.
Countermeasures | How to Fight Against DoS Attack?
Denial of Service is a type of attack that nobody wishes to face. Following are some countermeasures (shamelessly stolen from Wikipedia) against DoS attack:
- Blackholing: All the traffic to the attacked DNS or IP address is sent to a “black hole” (null interface or a non-existent server).
- Intrusion prevention systems(IPS) are effective if the attacks have signatures associated with them. However, the trend among the attacks is to have legitimate content but bad intent.
- DDS Based Defense: More focused on the problem than IPS, a DDS can block connection-based DoS attacks and those with legitimate content but bad intent.
- Firewall: In the case of a simple attack, a firewall could have a simple rule added to deny all incoming traffic from the attackers, based on protocols, ports or the originating IP addresses.
- Routers and Switches can also be configured to lower the impact of Denial of Service attacks.
- Upstream filtering: All traffic is passed through a “cleaning center” or a “scrubbing center” via various methods such as proxies, tunnels or even direct circuits, which separates “bad” traffic (DDoS and also other common internet attacks) and only sends good traffic beyond to the server. g. Cloudflare
This was way too technical, and as a normal internet user you’ll hardly be under DoS attack. But if you are a webmaster or blogger, then use a good Web hosting and CDN (Content Delivery Network) like Cloudflare, MaxCDN etc.
Books on DoS Attack
No book is recommendation right now. But If you have any suggestion regarding a good book on DoS attack- Let me know .
References and Further Readings
Here are few interesting articles, tutorials and Wikis on Denial of Service (DoS attack). Hope they are helpful!