Crash A Website

DOS and DDOS attacks have become more common in the past few years. And there is some debate about them. Supporters of the DOS/DDOS attacks claim it is nothing more then a form of protest on the internet. And they will use an example of how people will block an entrance to a store as a form of protest. And the same is true online.

Crash A Website

Just like if you fill a store up with a bunch of people browsing to the point that no one else can enter because it is to crowded. This is pretty much identical to a DOS/DDOS attack. Pretty much with DOS/DDOS attacks the attacker is flooding a server with a bunch of traffic to the point it slows down and no one can use it.

Now obviously anyone can start a legal campaign and get millions of people to visit a website in the attempts to slow the site down so much it becomes unusable. However DOS/DDOS attacks don’t require a lot of people. A DOS(Deniel Of Service) attack is when a single person sends mass amounts of traffic to a server using various computers, servers and programs. A DDOS(Destributed Denial Of Service) attack is the same as a DOS attack but with two or more people.

A basic DOS/DDOS attack can be done with a built in program for Windows, Mac and Linux called PING. I wrote about how to do such an attack awhile back. However as many of my readers have pointed out using just the PING tool alone is not a very good idea. Because your IP address can be detected and traced back to you.

However just as many people have pointed out that you can use a VPN and TOR to do such an attack or even just use a good old fashion Proxy. They fail to also understand that the tutorial was for a basic understanding and for educational purposes.

The amount of packets needed to be sent to any major server using the built in PING tool is way to many. A better method is to send bigger packets and more frequently. Along with spoofing your IP Address while behind a VPN and TOR. This is where HPING comes into play.

HPING gets it’s name from PING. And it’s primary use is doing pings. However it has many more great features that network administrators love as well as pen testers.

There are currently 3 versions of HPING and the latest version can do most of what is needed. Including spoofing the IP address. If we look at my past post how to crash a website. You will notice how basic and short the ping command usage is.

Mac And Linux Ping Command To Crash A Site


Windows Ping Command To Crash A Site

ping -n 100000 -w 1 -l 1024

Now as you can see there isn’t much to the standard PING tool. It is limited in the packet size in the Windows, Mac and Linux versions. The default packet size for ping in Linux is 128 bytes and the defaults for Windows in 32. In the Windows ping command above we increased the size to 1024 which is as high as you can make it go. Your also limited to how fast the packets can be sent. The default time out for Windows is 1000/ms or 1 second. The -w made the timeout to 1/ms but still it is a major limitation.

Now lets look at how HPING 3 does things.

hping3 -c 100000 -p 80 --flood

As you can see a very slight difference with HPING 3. Let me explain it step by step.

  • hping3 (The hping program)
  • -c (We tell the program how many packets to send)
  • -p (We tell it which port to send the packets to, in this example the standard HTTP port which is 80)
  • –flood (We send all the packets all at once without a delay)

As you can see we have a lot more power behind HPING and we can do much more. Like the following.

hping3 -c 100000 -d 120 -S -w 64 -p 80 --flood --rand-source

The above should be understandable now if you have read through the entire post. But just in case I will explain the above.

  • hping3 (The hping program)
  • -c (We tell the program how many packets to send)
  • -d (The data size of the packets)
  • -S (Send SYN packets only)
  • -w (The TCP window size)
  • -p (We tell it which port to send the packets to, in this example the standard HTTP port which is 80)
  • –flood (We send all the packets all at once without a delay)
  • –rand-source (generates random IP addresses the target thinks different computers are coming all at the same time)

The above command alone can cause many problems for network operators and can make them think more carefully.

Preventing The Attack

If someone wants to attack your site, they will do so either way. Just like if someone wants to shoot someone else no law will prevent them from doing it. But educating yourself and putting yourself in a safe position can make a big difference.

You see how the attack is preformed. As a network administrator you should do routine stress test on your servers, using the same tools the attackers use. Doing something like the following is a great and simple stress test.

hping3 -c 100000 -d 120 -S --flood

After using the above command use your clock and time how long it takes for your server to start having problems. If the server starts having problems to fast you know you will need to buy and upgrade your hardware to be faster, and to take a much bigger load. You will also want to purchase more bandwidth.

You also may want to consider running several stress test at the same time with several friends preforming the same test on your one server.

Post by Son Nguyen · in 04-05-2019 · view: 1183