# Guide on DoS & DDoS
Complete Guide on DoS & DDoS Attacks (For Educational & Defensive Purposes Only)
{% hint style="danger" %}
Disclaimer: This guide is meant for educational purposes only to understand how attacks work and how to defend against them. Unauthorized attacks on real systems are illegal.
{% endhint %}
## 1. Understanding DoS & DDoS
**1.1 What is a DoS Attack?**
A Denial-of-Service (DoS) attack is when an attacker floods a target system (server, website, or network) with too much traffic or resource requests, making it slow or completely unavailable.
**1.2 What is a DDoS Attack?**
A Distributed Denial-of-Service (DDoS) attack is a more powerful version of DoS because it uses multiple machines (botnets or compromised systems) to flood the target.
## 2. Requirements for DoS/DDoS Attacks
To simulate or test DoS/DDoS (on legal test environments), youโll need:
**A. Tools for DoS:**
* hping3 (TCP/UDP flood)
* LOIC (Low Orbit Ion Cannon)
* HOIC (High Orbit Ion Cannon)
* Slowloris (HTTP exhaustion attack)
* GoldenEye (HTTP DoS attack)
* Xerxes (Layer 7 attack used by Anonymous)
**B. Tools for DDoS:**
* Metasploit Auxiliary Modules
* Mirai Botnet (for IoT-based attacks, research purpose only)
* Botnets (controlled through C2 servers, not recommended for ethical use)
* Stresser/Booter Services (many are illegal but exist on the dark web)
**C. System Setup:**
* A Linux system (Kali, Parrot, or Ubuntu)
* A test server (self-hosted or legal target like a CTF challenge)
* VPN or proxy chains (for anonymity if testing in a closed environment)
## 3. How DoS/DDoS Attacks Are Done (A to Z Guide)
**Step 1:** Selecting a Target Targets can be web servers, APIs, networks, or applications. In real-world scenarios, attackers often scan websites using reconnaissance tools (Nmap, Shodan, etc.) to find weak targets.
**Step 2:** Choosing the Right Attack.
## 3. Types of DoS/DDoS attacks:
๐น **Layer 3 (Network Layer Attacks):**
* **SYN Flood:** Overloads a serverโs connection requests.
* **UDP Flood:** Sends a large number of UDP packets to exhaust server resources.
* **ICMP Flood (Ping Flood)**: Overwhelms a target with ping requests.
๐น **Layer 4 (Transport Layer Attacks)**
* **hping3 UDP/TCP flood:** Sends thousands of packets per second.
* **ACK Flood**: Disrupts firewalls by flooding acknowledgment packets.
๐น **Layer 7 (Application Layer Attacks)**
* **Slowloris Attack:** Opens multiple HTTP connections and never closes them.
* **HTTP POST/GET Flood:** Sends thousands of fake HTTP requests to overwhelm a web server.
## 4. Practical Attack Demonstration:
**4.1 DoS Attack Using hping3:** `hping3 -S --flood -V -p 80 `
**๐ Explanation:**
1. **-S** โ Sends SYN packets.
2. **--flood** โ Sends packets as fast as possible.
3. **-V** โ Verbose mode (shows output).
4. **-p 80** โ Targets port 80 (HTTP).
**๐ฅ Impact:**
* This attack overwhelms the targetโs web server, making it slow or unresponsive.
**4.2 DDoS Attack Using LOIC (Windows/Linux)**
1. Download LOIC (Low Orbit Ion Cannon).
2. Enter the Target IP or website URL.
3. Select Attack Mode (TCP, UDP, or HTTP flood).
4. Set Thread Count (Higher = More powerful attack).
5. Start Attack.
**๐ฅ Impact:**
* If multiple users launch LOIC on the same target, it acts as a DDoS attack (easier to track, though).
**4.3 Slowloris Attack (Layer 7 DoS):**
`git clone https://github.com/gkbrk/slowloris.git`
`cd slowloris`
`python3 slowloris.py --sockets 500`
**๐ Explanation:**
This script opens many half-connections to the target and never closes them. The server crashes because it runs out of connections.
**๐ฅ Impact:**
* Works best against Apache, Nginx, and IIS servers.
**4.4 DDoS Using a Botnet (Mirai Example)**
1. Compromise IoT devices (Cameras, Routers, etc.).
2. Inject malware to turn them into bots.
3. Send commands from a C2 Server to launch DDoS floods.
4. Target gets hit from thousands of infected machines.
**๐ฅ Impact:**
* This is the most powerful form of DDoS, often used in real-world cyberattacks.
## 5. Defending Against DoS/DDoS
If you're hosting a website or server, you can prevent DoS/DDoS attacks using:
๐น Firewall Rules: Block unusual traffic patterns.
๐น Rate Limiting: Limits the number of requests per second from a single IP.
๐น Cloudflare or AWS Shield: Protects against Layer 7 attacks.
๐น Intrusion Detection Systems (IDS): Detects attack patterns.
๐น Blackhole Routing: Drops traffic when a DDoS is detected.
๐น Using CDN Services: Like Cloudflare, Akamai, or Fastly to absorb DDoS.
## 6. Ethical Usage & Legal Considerations
**โ When DoS/DDoS is Legal:**
* Testing your own server.
* Testing inside a controlled lab environment.
* With written permission from an organization.
**โ When DoS/DDoS is Illegal:**
* Attacking someone else's server without consent.
* Disrupting government, banking, or public services.
* Using botnets to attack websites.
{% hint style="info" %}
๐ก **Consequences:** Unauthorized DoS/DDoS attacks can lead to prison time (5-20 years), huge fines, and lifetime bans from using the internet in some countries.
{% endhint %}
## 7. Conclusions
1. DoS = Single machine attack.
2. DDoS = Multiple machines (botnets).
3. Attacks can be done using SYN Floods, UDP Floods, HTTP Floods, Slowloris, etc.
4. Defenses include firewalls, rate limiting, CDNs, and DDoS protection services.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://bst04s.gitbook.io/hack-by-steps/pentesting/network/guide-on-dos-and-ddos.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.