DoS and DDoS

The tiniest tasks in today's digitally advanced world are completed through the use of online or
mobile applications. But in order to do that, you must constantly send and receive requests via the
internet. It is at this point when security risks become relevant.

Real users may not be able to access the server due to the attacker's ability to intercept the
transmission and overload it with HTTP requests. Thus, you must be aware of security flaws or
assaults as an ethical hacker.

Keeping that in mind, this chapter will give you an overview of the increasingly prevalent DOS and
DDOS attacks in use today. Let's get things started.

Introduction to DoS/DDoS attack

A denial-of-service attack (DoS attack) is a type of cyberattack in which the attacker attempts to
disrupt a host connected to the Internet either momentarily or permanently in order to render a
machine or network resource unavailable to its intended users. In order to overwhelm systems and
prevent some or all legitimate requests from being fulfilled, denial of service attacks often include
flooding the targeted computer or resource with excessive requests.

Distributed Denial-of-service (DDOS) attacks are more complex and use a botnet, or several sources,
to mount a coordinated attack on a target. The attacker concurrently floods the target with requests
or traffic via a network of compromised machines, often referred to as zombies. since of their
dispersed nature, DDOS assaults are more difficult to defend against since it is more difficult to stop
or filter the malicious traffic that originates from different sites.

DoS/DDoS Categories

 Volume Based Attack: The goal of the attack is to transmit ICMP, UDP, or TCP traffic into the
target networks at a rate of bits per second in order to overload their bandwidth.
 Protocol-Based Attack: In order to destroy the target and render it inoperable for other valid
requests, this type of attack concentrates the real target server resources by delivering
packets like TCP SYN flood, Ping of Death, or Fragmented packets attack per second.
 Application Layer Attack: An attacker will target running programs by making one request per
second rather than trying to destroy the entire server. For instance, they may attack the
WordPress or Joomla web server by sending an unlimited number of requests to Apache,
rendering it unavailable to other valid requests.

1
The OSI model layers and the DDOS attack types to which they are susceptible are shown in the table
below:

OSI Model Layers Attacks

Application Layer HTTP floods, DNS query, floods
Presentation Layer TLS abuse
Session Layer N/A
Transport Layer SYN floods
Network Layer UDP reflection Attacks
Data Link Layer N/A
Physical Layer N/A

How to perform DoS Attack?

There are so many ways through which someone can perform DoS attack. Tools which can be used
are hping3, goldeneye, slowloris etc. Let’s try to perform DoS attack using these tools.

For our testing purposes let’s assume the target's network (192.168.1.16) has port 80 open for
accessing its HTTP services, allowing us to use our browser to enter their website and view the
content within. Essentially, the attacker intends to impede HTTP service for each additional user
attempting to communicate with the target system via port 80. This will prevent the server from
responding to other valid requests, and the assault will be classified as a Protocol DoS attack.

We’ll start our attack on this target.

2
Hping3:

Any tool can be used by an attacker to launch a denial of service (DoS) attack, however we are
utilizing Hping3 to attack in order to flood the target network with traffic and slow down its HTTP
service for other users.

# hping3 -S --flood -p 80 192.168.1.6

The target network's port 80 will receive an infinite number of request packets every second from
the above command. Flag ‘-S’ is for SYN.

If we open wireshark in our target system we see that targte system flooded by SYN Packets.

3
There so many other types dos attack you can do with hping3. Just open help menu of the hping
command using bellow command

# hping3 -h

Goldeneye:
The command line utility Goldeneye is used for security testing; it
should only be used for tutorials. If it is used in the public
sector, it will be viewed as criminal activity and treated as an
unlawful job. Install it from GitHub by running the instructions
below on Kali Linux.

# git clone https://github.com/jseidl/GoldenEye.git

As we can see inside the directory we find a python program named

‘golden.py’ through which we are going to start our DoS attack. Now
just use the below command to start the dos attack on http page.

# python goldeneye.py http://192.168.1.6 -s 1000 -w 100

Note: ‘-w’, ‘--workers’ specifies Number of concurrent workers

‘-s’, ‘--sockets’ specifies Number of concurrent sockets

If we open wireshark in our target system we see that targte system flooded with requsets.

4
Slowloris:
Slowloris is a type of denial-of-service (DoS) attack designed to
overwhelm and exhaust the resources of a web server, making it
temporarily unavailable to users. Run the following command in Kali
Linux to download it from GitHub.

# git clone https://github.com/gkbrk/slowloris.git

As we can see inside the directory we find a python program named

‘slowloris.py’ through which we are going to start our DoS attack.
Now just use the below command to start the dos attack on http page.

# python slowloris.py -s 100 -p 80 192.168.1.6

If we open wireshark in our target system we see that targte system flooded with requsets.

5
How to be safe from DoS/DDoS attack?
 Firewalls: Install firewalls to manage and filter network
traffic, both entering into and leaving the system. Firewalls
can be set up to screen out frequent attack patterns and
prevent communication from known malicious IP addresses.
 Intrusion Prevention Systems (IPS): Enable intrusion
prevention systems (IPS) to keep an eye on system and/or
network activity for indications of recognized attack patterns
or malicious activity. Potential dangers can be automatically
blocked or mitigated by IPS.
 Load Balancers: To split up incoming network traffic among
several servers, use load balancers. This lessens the
likelihood that a single server would become a bottleneck and
helps diversify the load, making it more difficult for
attackers to overload a particular server.
 Content Delivery Networks (CDNs): Use content delivery
networks (CDNs) to cache and distribute material among several
servers situated in various geographical locations. By
dispersing traffic and lightening the pressure on origin
servers, this can assist in absorbing and mitigating the
effects of DDoS attacks.
 Rate Limiting: Use rate limitation on incoming requests to
limit how many queries a user or IP address can submit in a
given amount of time. By doing so, the likelihood of abuse and
the severity of some attacks may be reduced.
 Anomaly Detection Systems: Install anomaly detection tools to
find odd behaviors or patterns in network traffic. To lessen
the effects of prospective attacks, these systems have the
ability to send out notifications or perform automatic
actions.
 Traffic Filtering: Utilize traffic filtering algorithms to
weed out malicious traffic by identifying patterns linked to
known attacks, originating IP addresses, or anomalies in
protocol.

6
 Cloud-Based DDoS Protection Services: Take into consideration
employing cloud-based DDoS defense services from expert
suppliers. Through the use of a distributed network
infrastructure, these services are able to absorb and mitigate
large-scale DDoS attacks.
 Update and Patch Systems: Update and patch operating systems,
network devices, and apps on a regular basis to fix
vulnerabilities that are known to exist. DoS attacks are
frequently launched by attackers using unpatched systems.
 Incident Response Planning: To effectively respond to and
recover from DoS assaults, create and update an incident
response plan on a regular basis. Coordination with service
providers, communication tactics, and procedures to resume
regular operations should all be part of this plan.
 Network Redundancy: Ensure that vital services are backed up
by designing redundancy into your networks. If an assault were
to target particular components, this would help to keep
services available.

7
Cloud Based Attacks

Attacks against the infrastructure, services, and data housed in

cloud computing systems are referred to as cloud-based assaults.
Although cloud computing has many advantages, including cost-
effectiveness, scalability, and flexibility, it also presents new
security risks.
Here are a few typical attack vectors that cybercriminals may use
against cloud-based systems:

 Insecure Interfaces and APIs: Exploiting vulnerabilities

in the interfaces and APIs of cloud services.
 Inadequate Authentication and Access Controls: Weak or
compromised credentials leading to unauthorized access.
Poorly configured access controls allowing unauthorized
users to manipulate resources.
 Data Insecurity: Exploiting weaknesses in data encryption
or storage mechanisms.
 Insecure Configurations: Misconfigurations in cloud
services, platforms, or infrastructure that can be
exploited by attackers.
 Shared Technology Issues: Exploiting vulnerabilities in
shared technology components, such as hypervisors or
virtualization software.
 Malicious Insiders: Employees or individuals with access
to the cloud environment intentionally compromising
security.
 Denial of Service (DoS) and Distributed Denial of Service
(DDoS) Attacks: Overloading cloud resources to disrupt
services or make them unavailable.
 Inadequate Logging and Monitoring: Lack of proper
monitoring and logging, making it difficult to detect and
respond to security incidents.
 Phishing Attacks: Targeting users with phishing emails to
obtain login credentials and gain unauthorized access.
 Supply Chain Attacks: Exploiting vulnerabilities in the
supply chain, such as compromising software updates or
third-party integrations.
 Data Loss: Accidental or intentional deletion,
corruption, or theft of data stored in the cloud.
 Insufficient Security Awareness: Lack of awareness and
training among users regarding security best practices.
 Eavesdropping on Unsecured Networks: Intercepting and
monitoring communication between cloud services and users
on unsecured networks.
 Container Vulnerabilities: Exploiting vulnerabilities in
containerized applications and orchestration platforms.

8
 API Rate Limiting and Abuse: Exploiting weaknesses in API
rate limiting mechanisms to conduct abuse or automated
attacks.
 Cross-Site Scripting (XSS) and Cross-Site Request Forgery
(CSRF): Injecting malicious scripts into cloud-based
applications to compromise user data or session
information.
 Man-in-the-Middle (MitM) Attacks: Intercepting and
manipulating communication between cloud services and
users.