What is a DoS attack?
A DoS (Denial of Service) is an attempt to make a computer’s resources unavailable to its user. A DoS attack comes in many shapes and forms, and it can also have sub motifs. A DoS attack can disable a computer and its networks if carefully planned and executed. It can be mounted from anywhere to anywhere, at anytime, anyhow. There are so many variables one can put on DoS attacks.
Usually an attacker does not use his/her own computer. They would create what’s called a Botnet (A hive of computers) in which he controls (Remotely through use of trojans) and would direct them towards one machine. To explain this efficiently, it’s sort of like taking a magnifying glass (1 computer) and trying to light a wet piece of tinder, it’s not going to burn, but when a whole lot of them (Botnet) are focused on it, it will burn. In this way, the hacker can anonymously control multiple computers to attack one target to bring it down. The attacker would also use Tunneling and IP Spoofing to camouflage his identity.
A common variant of DOS attack known as DDoS (Distributed Denial of Service) attack has become quite popular in the recent days as it is more powerful and hard to detect. A typical DoS attack has a single place of origin while a DDoS attack originates from multiple IP addresses distributed across two or more different network. The working of a DDoS attack is shown in the following diagram:
Unlike a DoS attack where the attacker uses one single computer or a network to attack the target, a DDoS the attack originates from different pre-compromised computers belonging to different networks. As the attacker uses a number of computer systems from different networks each residing in different geographical locations, the incoming traffic looks natural and therefore becomes hard to detect.
What is a Ping Flood?
Ping flooding is the most primitive form of DoS attacks because anyone can do it extremely easily. When a targeted computer is under a ping flood attack, what happens is the computer’s network becomes backed up, trying to keep up with ping requests. Each time the server receives a ping request it has to compute it then send a reply with the same amount of data, ping flooding is when the attacker floods the server with ping requests and the server has to compute tons of requests every split second, which takes up a lot of resources.
In this tutorial I will be teaching you these types of DoS attacks:
- Targeted local disclosed ping flood (Known IP Addy)
- Router disclosed ping flood
- Blind ping flood (Unknown IP Addy)
Targeted local disclosed ping flood
A targeted local disclosed attack is when you know the IP Address of the target connected to the network and you attack it directly.
Alright, so you want to ping flood a single computer. First off we need to make sure we are indeed connected to it, start up command prompt (Start->All programs->Accessories->Command Prompt) and type in:
ipconfig
The dos screen will run a few numbers down the screen and will stop. What we are looking for is a local IP address we can attack. Look for an entry called IPv4 Address.
Results for ipconfig, highlighted text is what you need
If you do not get something like this then you are not connected to any network. If you are in fact connected then note this number down because this is the IP Address we will be needing to attack from the other computer. No we are going to directly attack your target (The computer you are on) so go to the other PC and open command prompt and type this in:
ping *ip address here* -t -l 65500
Use the IP address you noted from the other PC and replace the *ip address here* with that IP address. You will see the prompt start Pinging the computer you specified. Now you are actually ping flooding the target. Hurray! Your very first ever DoS attack! Give yourself a pat on the back. As you can see, this was not difficult at all.
Attacking an IP Address
To understand the command properly here’s the argument breakdown: The -t specifies that it keeps pinging the host until it times out (Disconnects or until you stop it). -l specifies the load you want to send, so we are sending 65500 bytes to the host every ping. That’s quite a lot of data to handle, the usual default ping size is 32 bytes.
Router disclosed ping flood
A router disclosed ping flood has the same fundamentals as a targeted one, except you target routers and not a computer. When you ping flood a router you compromise the network that it’s hosting. If there are about 20 computers connected to one router and the router is DoS attacked, the 20 computers will not be able to communicate with each other or to the router.
It has the same procedure as the targeted flood, except you need to know the internal IP Address for the router. To get the IP Address of your local router, you use the same procedure as a targeted flood. Open Command Prompt and type:
ipconfig
We need the Default Gateway, this is the local IP Address for the router.
Now use the same process you used to flood the targeted computer, use it on the router, like this:
ping 192.168.1.1 -t -l 65500
Replace the IP Address I got with the IP you got. Generally the IP Addy from your router will be 192.168.1.1 as most routers ship with it set as the default internal IP Address. When you hit return, you will see the command screen now pinging the router with 65500 bytes each ping. This is the most basic attack anyone can do to any target, whether it be a router or direct computer attack. When targeting a computer on a network through a switch or router, generally the router/switch will take the brunt of the attack and could cause it to crash, resulting in a hard reset.
Blind ping flood
A blind attack of any kind is when the attacker does not know the IP Address of his target, so he uses technique to uncover them through external programs. We will be using Cain and Abel to retrieve an attackable list of IP Addresses. I will be covering how to use Cain and Abel to find IP Addresses connected to your network.