Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

Both attacks consume the resources of the victim and affect the availability. The main difference between DoS and DDoS is the number of IPs or systems involved in an attack.

In a DoS attack, the whole attack originates from a single IP. But in a DDoS attack, an attacker may use different systems with different IPs to attack the victim with useless or fake traffic. An attacker may exploit system weaknesses such as known vulnerabilities to identify systems, compromise them, control them and use them to attack the victim. Compromised systems called botnets are the collection of internet-connected “bots” and all “bots” are controlled by an attacker.

Mirai IoT botnet

One of the famous DDoS attacks is the Mirai IoT botnet (2017). Mirai is malware that infects internet-connected IoT cameras and other similar devices. This malware brute force the company’s default username and password to access and control the IoT devices.  Mainly this malware can be divided into two parts: the malicious code or virus and the command and control center (CnC). The virus is used to infect the system and CnC is used to control all the infected systems to attack the victim. Currently, the source code of this malware is available on the internet for analysis and research purposes.

Types of DoS Attacks

The DDoS attack mainly categorizes into three types:

Volumetric attack: In this type of attack, the attacker flood the victim server with a high volume of fake network packets which is of no use. It exhausts resources of website-hosted infrastructure and makes it unavailable for the legitimate user.

Application layer attack: Low-and-slow attacks and GET/POST floods are examples of application layer attacks. The main purpose of this type of attack is to exhaust the connection limits of the web server.

Protocol attack: SYN floods, fragmented packet attacks, Ping of Death, and Smurf DDoS are some well-known attacks of this type. Here, an attacker sends traffic from a spoof victim’s IP. As a result, the attacker succeeded to flood the victim’s infrastructure by giving a response from an unknown third party.

Tools Used

Many open-source tools are available for DDoS attacks. Refer to this link for the complete list of tools with their download link: Top 15 DDoS Attack Tools

Conclusion

As DDoS attacks increase day by day, the complexity and difficulty of identification of attack also increase. Manufacturers of different DDoS mitigation platforms used artificial intelligence and machine learning to detect and mitigate an attack. Although, no organization is able to claim 100% mitigation of DDoS attacks.

In this article, we have covered what is a DDoS attack, are the major difference between DoS and DDoS, the famous DoS attack Mirai IoT botnet, and a brief of the types of DoS attacks.

The post Denial of Service Attack: Brief Tutorial first appeared on All About Testing.

Note: Never use these tools against public websites without permission.

1. HULK

HULK is a Denial of Service (DoS) tool used to attack web servers by generating unique and obfuscated traffic volumes.
HULK’s generated traffic also bypasses caching engines and hits the server’s direct resource pool.
Download: https://github.com/grafov/hulk

Click Here to know Top 5 Commands to Test DNS Zone Transfer in 2 minutes

2. LOIC

LOIC stands for Low Orbit Ion Cannon. It is one of the most popular DoS attack tools available for Windows, Mac, and Linux.
This tool was used by the hacker group Anonymous against many big companies and requested users to participate in the IRC attack.
This tool generates traffic of UDP, HTTP, and TCP against the victim server. It is UI based tool, which makes it easy to use even for beginners.
Just need to enter the IP or URL and select attack type: HTTP, UDP, or TCP; simply click “IMMA CHARGIN MAH LAZER” and it will start attacking the victim server.
Download: https://sourceforge.net/projects/loic/

3. XOIC

XOIC is another DOS attack tool with an IP address, a user-selected port, and a user-selected protocol. It is a GUI-based tool that makes it easy to use for beginners. Developers of this tool claim that XOIC is more powerful than LOIC.
Three attacks mode are possible. The first one is basic. The second is the normal DOS attack mode. The third one is a DOS attack mode that comes with a TCP/HTTP/UDP/ICMP Message.

Click here to Examples of Kali Linux Hydra Tool

4. DDOSIM—Layer 7 DDOS Simulator

DDOSIM is another tool for a DDOS attack. It is written in C++ and runs on Linux. It simulates several compromised hosts (spoof IP addresses) and creates full TCP connections to the victim server.
Its current functionalities include HTTP DDoS with valid requests, HTTP DDoS with invalid requests, SMTP DDoS, and TCP connection flooding on the random port.
download: https://sourceforge.net/projects/ddosim/

5. R-U-Dead-Yet

RUDY (R-U-Dead-Yet?) is a DoS tool used to execute slow-rate attacks (like Slowloris), which is implemented via long-form field submissions.
Slow rate, Layer-7 DDoS attacks, also called “low and slow” attacks, generate a slow rate and low volume of traffic. DDoS mitigation tools are difficult to detect as a tool sends continuous HTTP small packets to the victim server that looks legitimate, keeps using the resources over a period, and exhausts it.
Download: https://sourceforge.net/projects/r-u-dead-yet/

6. Tor’s Hammer

Tor’s Hammer is a slow-rate HTTP POST (Layer 7) DoS tool. Tor’s Hammer sends a classic slow POST attack, where HTML POST fields are transmitted at slow rates under the same session.
This attack is also difficult to identify as a tool that sends continuous HTTP small packets to the victim server, which looks legitimate and keeps using the resources over a period and exhausts it.
Tor’s Hammer is also able to spoof and generate traffic from random source IP. This makes it difficult for DDoS mitigation tools to detect an attack.
Download: https://sourceforge.net/projects/torshammer/

Click Here to know about SSH Protocol in 2 minutes

7. PyLoris

PyLoris is a scriptable tool for testing a server’s vulnerability to connection exhaustion denial of service (DoS) attacks.
PyLoris can utilize SOCKS proxies and SSL connections and target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.
Features of Pyloris include Tkinter GUI, Scripting API, Anonymity, TOR Proxying, and SOCKS Proxying.
Download: https://sourceforge.net/projects/pyloris/

8. Slowloris

Slowloris is a tool used for DDoS attacks. It is different from other tools, as it sends legitimate HTTP traffic.
This tool will not flood the victim server. It just makes a full TCP connection and requires only a few hundred requests at long-term and regular intervals.
This tool tries to exhaust all connections, and in this way, hackers can down the victim’s server.
Download: https://github.com/llaera/slowloris.pl

9. OWASP DOS HTTP POST

This tool is used to test your web applications’ stability against HTTP Post, Slowloris, and SSL renegotiation attacks.
Download: https://github.com/proactiveRISK/ddos-toolbox

10. DAVOSET

DDoS attacks via other sites execution tool (DAVOSET) – it is the command-line tool for conducting DDoS attacks on the sites via Abuse of Functionality and XML External Entities vulnerabilities at other sites.
Download: https://github.com/MustLive/DAVOSET

11. GoldenEye

GoldenEye is one of the popular HTTP Denial Of Service Tools. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets HTTP/S server.
Download: https://github.com/jseidl/GoldenEye

12. Hyenae

This tool allows you to reproduce several MITM, DoS, and DDoS attack scenarios that come with a clusterable remote daemon and an interactive attack assistant.
Hyenae’s Features include ARP-Request flooding, ARP-Cache poisoning, ICMP-Echo flooding, etc.
Download: https://sourceforge.net/projects/hyenae/

Click Here to know Tools of Active Reconnaissance for Penetration Testing

13. Hping3

Hping3 is one of the best tools for DDoS attacks. It is used to send TCP/IP, UDP, ICMP, SYN/ACK packets, and display target replies like the ping program does with ICMP replies. This tool can be used for Test firewall rules, Advanced port scanning, Test net performance using different protocols, packet size, TOS (the type of service) and fragmentation, etc.
Download: http://www.hping.org/download.php

14. Apache Benchmark Tool

The ApacheBench tool (ab) is generally used to test a load of servers by sending an arbitrary number of concurrent requests, but it can also use for DDoS attacks. Although ab was designed for testing Apache installations, it can be used to benchmark any HTTP server.
Download: https://github.com/aliostad/SuperBenchmarker

15. Thc-ssl-dos

The THC-SSL-DoS tool attacks the server by using the concept of SSL exhaustion, in which it renegotiates the keys again and again. This tool exhaust all SSL connection and down the victim’s server.
Download: https://github.com/azet/thc-tls-dos

The post Top 15 DDoS Attack Tools [For Educational Purpose Only] first appeared on All About Testing.