Guide on DoS & DDoS

Last updated 3 months ago

Guide on DoS & DDoS

Complete Guide on DoS & DDoS Attacks (For Educational & Defensive Purposes Only)

Disclaimer: This guide is meant for educational purposes only to understand how attacks work and how to defend against them. Unauthorized attacks on real systems are illegal.

1. Understanding DoS & DDoS

1.1 What is a DoS Attack?

A Denial-of-Service (DoS) attack is when an attacker floods a target system (server, website, or network) with too much traffic or resource requests, making it slow or completely unavailable.

1.2 What is a DDoS Attack?

A Distributed Denial-of-Service (DDoS) attack is a more powerful version of DoS because it uses multiple machines (botnets or compromised systems) to flood the target.

2. Requirements for DoS/DDoS Attacks

To simulate or test DoS/DDoS (on legal test environments), you’ll need:

A. Tools for DoS:

hping3 (TCP/UDP flood)
LOIC (Low Orbit Ion Cannon)
HOIC (High Orbit Ion Cannon)
Slowloris (HTTP exhaustion attack)
GoldenEye (HTTP DoS attack)
Xerxes (Layer 7 attack used by Anonymous)

B. Tools for DDoS:

Metasploit Auxiliary Modules
Mirai Botnet (for IoT-based attacks, research purpose only)
Botnets (controlled through C2 servers, not recommended for ethical use)
Stresser/Booter Services (many are illegal but exist on the dark web)

C. System Setup:

A Linux system (Kali, Parrot, or Ubuntu)
A test server (self-hosted or legal target like a CTF challenge)
VPN or proxy chains (for anonymity if testing in a closed environment)

3. How DoS/DDoS Attacks Are Done (A to Z Guide)

Step 1: Selecting a Target Targets can be web servers, APIs, networks, or applications. In real-world scenarios, attackers often scan websites using reconnaissance tools (Nmap, Shodan, etc.) to find weak targets.

Step 2: Choosing the Right Attack.

3. Types of DoS/DDoS attacks:

🔹 Layer 3 (Network Layer Attacks):

SYN Flood: Overloads a server’s connection requests.
UDP Flood: Sends a large number of UDP packets to exhaust server resources.
ICMP Flood (Ping Flood): Overwhelms a target with ping requests.

🔹 Layer 4 (Transport Layer Attacks)

hping3 UDP/TCP flood: Sends thousands of packets per second.
ACK Flood: Disrupts firewalls by flooding acknowledgment packets.

🔹 Layer 7 (Application Layer Attacks)

Slowloris Attack: Opens multiple HTTP connections and never closes them.
HTTP POST/GET Flood: Sends thousands of fake HTTP requests to overwhelm a web server.

4. Practical Attack Demonstration:

4.1 DoS Attack Using hping3: hping3 -S --flood -V -p 80 <target_ip>

📌 Explanation:

-S → Sends SYN packets.
--flood → Sends packets as fast as possible.
-V → Verbose mode (shows output).
-p 80 → Targets port 80 (HTTP).

🔥 Impact:

This attack overwhelms the target’s web server, making it slow or unresponsive.

4.2 DDoS Attack Using LOIC (Windows/Linux)

Download LOIC (Low Orbit Ion Cannon).
Enter the Target IP or website URL.
Select Attack Mode (TCP, UDP, or HTTP flood).
Set Thread Count (Higher = More powerful attack).
Start Attack.

🔥 Impact:

If multiple users launch LOIC on the same target, it acts as a DDoS attack (easier to track, though).

4.3 Slowloris Attack (Layer 7 DoS):

git clone https://github.com/gkbrk/slowloris.git

cd slowloris

python3 slowloris.py --sockets 500

📌 Explanation:

This script opens many half-connections to the target and never closes them. The server crashes because it runs out of connections.

🔥 Impact:

Works best against Apache, Nginx, and IIS servers.

4.4 DDoS Using a Botnet (Mirai Example)

Compromise IoT devices (Cameras, Routers, etc.).
Inject malware to turn them into bots.
Send commands from a C2 Server to launch DDoS floods.
Target gets hit from thousands of infected machines.

🔥 Impact:

This is the most powerful form of DDoS, often used in real-world cyberattacks.

5. Defending Against DoS/DDoS

If you're hosting a website or server, you can prevent DoS/DDoS attacks using:

🔹 Firewall Rules: Block unusual traffic patterns.

🔹 Rate Limiting: Limits the number of requests per second from a single IP.

🔹 Cloudflare or AWS Shield: Protects against Layer 7 attacks.

🔹 Intrusion Detection Systems (IDS): Detects attack patterns.

🔹 Blackhole Routing: Drops traffic when a DDoS is detected.

🔹 Using CDN Services: Like Cloudflare, Akamai, or Fastly to absorb DDoS.

6. Ethical Usage & Legal Considerations

✅ When DoS/DDoS is Legal:

Testing your own server.
Testing inside a controlled lab environment.
With written permission from an organization.

❌ When DoS/DDoS is Illegal:

Attacking someone else's server without consent.
Disrupting government, banking, or public services.
Using botnets to attack websites.

💡 Consequences: Unauthorized DoS/DDoS attacks can lead to prison time (5-20 years), huge fines, and lifetime bans from using the internet in some countries.

7. Conclusions

DoS = Single machine attack.
DDoS = Multiple machines (botnets).
Attacks can be done using SYN Floods, UDP Floods, HTTP Floods, Slowloris, etc.
Defenses include firewalls, rate limiting, CDNs, and DDoS protection services.

Last updated 3 months ago

Complete Guide on DoS & DDoS Attacks (For Educational & Defensive Purposes Only)

Disclaimer: This guide is meant for educational purposes only to understand how attacks work and how to defend against them. Unauthorized attacks on real systems are illegal.

1. Understanding DoS & DDoS

1.1 What is a DoS Attack?

A Denial-of-Service (DoS) attack is when an attacker floods a target system (server, website, or network) with too much traffic or resource requests, making it slow or completely unavailable.

1.2 What is a DDoS Attack?

A Distributed Denial-of-Service (DDoS) attack is a more powerful version of DoS because it uses multiple machines (botnets or compromised systems) to flood the target.

2. Requirements for DoS/DDoS Attacks

To simulate or test DoS/DDoS (on legal test environments), you’ll need:

A. Tools for DoS:

hping3 (TCP/UDP flood)
LOIC (Low Orbit Ion Cannon)
HOIC (High Orbit Ion Cannon)
Slowloris (HTTP exhaustion attack)
GoldenEye (HTTP DoS attack)
Xerxes (Layer 7 attack used by Anonymous)

B. Tools for DDoS:

Metasploit Auxiliary Modules
Mirai Botnet (for IoT-based attacks, research purpose only)
Botnets (controlled through C2 servers, not recommended for ethical use)
Stresser/Booter Services (many are illegal but exist on the dark web)

C. System Setup:

A Linux system (Kali, Parrot, or Ubuntu)
A test server (self-hosted or legal target like a CTF challenge)
VPN or proxy chains (for anonymity if testing in a closed environment)

3. How DoS/DDoS Attacks Are Done (A to Z Guide)

Step 2: Choosing the Right Attack.

3. Types of DoS/DDoS attacks:

🔹 Layer 3 (Network Layer Attacks):

SYN Flood: Overloads a server’s connection requests.
UDP Flood: Sends a large number of UDP packets to exhaust server resources.
ICMP Flood (Ping Flood): Overwhelms a target with ping requests.

🔹 Layer 4 (Transport Layer Attacks)

hping3 UDP/TCP flood: Sends thousands of packets per second.
ACK Flood: Disrupts firewalls by flooding acknowledgment packets.

🔹 Layer 7 (Application Layer Attacks)

Slowloris Attack: Opens multiple HTTP connections and never closes them.
HTTP POST/GET Flood: Sends thousands of fake HTTP requests to overwhelm a web server.

4. Practical Attack Demonstration:

4.1 DoS Attack Using hping3: hping3 -S --flood -V -p 80 <target_ip>

📌 Explanation:

-S → Sends SYN packets.
--flood → Sends packets as fast as possible.
-V → Verbose mode (shows output).
-p 80 → Targets port 80 (HTTP).

🔥 Impact:

This attack overwhelms the target’s web server, making it slow or unresponsive.

4.2 DDoS Attack Using LOIC (Windows/Linux)

Download LOIC (Low Orbit Ion Cannon).
Enter the Target IP or website URL.
Select Attack Mode (TCP, UDP, or HTTP flood).
Set Thread Count (Higher = More powerful attack).
Start Attack.

🔥 Impact:

If multiple users launch LOIC on the same target, it acts as a DDoS attack (easier to track, though).

4.3 Slowloris Attack (Layer 7 DoS):

git clone https://github.com/gkbrk/slowloris.git

cd slowloris

python3 slowloris.py --sockets 500

📌 Explanation:

This script opens many half-connections to the target and never closes them. The server crashes because it runs out of connections.

🔥 Impact:

Works best against Apache, Nginx, and IIS servers.

4.4 DDoS Using a Botnet (Mirai Example)

Compromise IoT devices (Cameras, Routers, etc.).
Inject malware to turn them into bots.
Send commands from a C2 Server to launch DDoS floods.
Target gets hit from thousands of infected machines.

🔥 Impact:

This is the most powerful form of DDoS, often used in real-world cyberattacks.

5. Defending Against DoS/DDoS

If you're hosting a website or server, you can prevent DoS/DDoS attacks using:

🔹 Firewall Rules: Block unusual traffic patterns.

🔹 Rate Limiting: Limits the number of requests per second from a single IP.

🔹 Cloudflare or AWS Shield: Protects against Layer 7 attacks.

🔹 Intrusion Detection Systems (IDS): Detects attack patterns.

🔹 Blackhole Routing: Drops traffic when a DDoS is detected.

🔹 Using CDN Services: Like Cloudflare, Akamai, or Fastly to absorb DDoS.

6. Ethical Usage & Legal Considerations

✅ When DoS/DDoS is Legal:

Testing your own server.
Testing inside a controlled lab environment.
With written permission from an organization.

❌ When DoS/DDoS is Illegal:

Attacking someone else's server without consent.
Disrupting government, banking, or public services.
Using botnets to attack websites.

💡 Consequences: Unauthorized DoS/DDoS attacks can lead to prison time (5-20 years), huge fines, and lifetime bans from using the internet in some countries.

7. Conclusions

DoS = Single machine attack.
DDoS = Multiple machines (botnets).
Attacks can be done using SYN Floods, UDP Floods, HTTP Floods, Slowloris, etc.
Defenses include firewalls, rate limiting, CDNs, and DDoS protection services.