DDoS Attack Explained | How to Perform DOS Attack | Ethical Hacking and Penetration Testing
Summary
TLDRIn this educational video, the presenter demonstrates a Distributed Denial of Service (DDoS) attack using a Windows Server 2019 configured as a web server with an IP address of 10.10.10.8. They begin by showing the server's stable performance metrics, then proceed to illustrate the attack's impact by sending continuous ping commands with increased packet sizes. The video explains how attackers can coordinate from multiple devices or use botnets to overwhelm targets. It also touches on the difficulty of identifying the source of such attacks and mentions alternative attack vectors like SYN flooding, using tools like hping3 to simulate the attack and demonstrate its potential to disrupt server performance.
Takeaways
- 💻 The video demonstrates a DDoS attack on a Windows Server 2019 configured as a web server with IIS.
- 🌐 The server's IP address is 10.10.10.8, and it shows stable performance with low CPU and memory utilization before the attack.
- 📈 A simple ping command can be used to launch a DDoS attack by sending continuous pings with large packet sizes.
- 🔍 The ping command uses ICMP protocol, which might be blocked by firewalls, prompting attackers to find alternative methods.
- 🤖 Botnets can be used to amplify DDoS attacks by coordinating multiple devices to target a single IP address.
- 🔎 Identifying the perpetrator of a DDoS attack can be challenging, especially when botnets are involved.
- 🚀 SYN flooding is a type of DDoS attack that overwhelms a server by sending numerous SYN packets to establish connections.
- 🛠️ hping3 is a tool used to perform SYN flooding attacks, which can be executed from the Kali Linux operating system.
- 📊 The video shows how SYN flooding can cause a significant spike in network and CPU utilization, potentially taking down a server.
- 👥 DDoS attacks are often carried out by groups of attackers targeting a single IP to maximize the impact and overwhelm the target's resources.
Q & A
What is the main topic of the video?
-The main topic of the video is a demonstration of a Distributed Denial of Service (DDoS) attack.
What server is used for the demonstration?
-A Windows Server 2019 configured as a web server running with IIS is used for the demonstration.
What is the IP address of the machine used in the demonstration?
-The IP address of the machine used in the demonstration is 10.10.10.8.
What was the initial CPU utilization percentage of the server before the attack?
-The initial CPU utilization percentage of the server was between 5% and 7%.
What was the initial network utilization before the attack?
-The initial network utilization was very low, as indicated by the script.
How is a simple ping command used to demonstrate an attack?
-A simple ping command is used to demonstrate an attack by producing continuous pings with the -t option and increasing the packet size to the maximum supported by the ping command.
What is the purpose of using a large packet size in the ping command?
-Using a large packet size in the ping command is intended to increase the network traffic and potentially overwhelm the target's network resources.
What is the significance of the attackers using multiple devices to launch an attack?
-Using multiple devices to launch an attack amplifies the impact and makes it more difficult for the target to mitigate the attack, as it simulates a larger number of legitimate users or systems.
What is a botnet and how is it related to DDoS attacks?
-A botnet is a network of compromised devices that can be remotely controlled to perform actions, such as launching DDoS attacks, by sending commands to all devices in the network simultaneously.
Why is it challenging to find the real perpetrator of a botnet-based DDoS attack?
-It is challenging to find the real perpetrator of a botnet-based DDoS attack because the attack is distributed across many devices, often without the knowledge of their owners, making it difficult to trace back to the original attacker.
What is a SYN flood attack and how does it work?
-A SYN flood attack is a type of DDoS attack where an attacker sends a large number of SYN packets to the target, causing the target to exhaust its resources in attempting to establish connections, thereby denying service to legitimate users.
What tool is mentioned in the script for performing a SYN flood attack?
-The tool mentioned for performing a SYN flood attack is hping3, which is commonly used in Kali Linux operating system.
How does increasing the packet size in a SYN flood attack affect the target?
-Increasing the packet size in a SYN flood attack can consume more resources on the target, potentially causing a greater impact on the network and system performance.
Outlines
🌐 Demonstration of a DDoS Attack
This paragraph introduces a video demonstration on DDoS (Distributed Denial of Service) attacks. The presenter has set up a Windows Server 2019 with IIS to act as a web server, with an IP address of 10.10.10.8. The server's performance is stable, with CPU and memory utilization at 5-7% and 65% respectively, and minimal network utilization. The demonstration proceeds with a simple ping command to show how even a basic command can be used to launch an attack. The presenter increases the packet size to the maximum supported by ping, which is 65500 bytes, to simulate a high volume of traffic. The video explains that while a single computer's attack might not be significant, attackers often use multiple devices or botnets to overwhelm the target, making it difficult for forensic investigators to trace the real attacker. The paragraph concludes by mentioning that while ICMP (Internet Control Message Protocol) packets used by ping might be blocked by firewalls, attackers can still use other methods to launch attacks, such as targeting specific ports like 80 or 443.
🛡 Exploring SYN Flooding in DDoS Attacks
The second paragraph delves into a specific type of DDoS attack known as SYN flooding. SYN packets are part of the TCP handshake process used to establish a connection. The video demonstrates how an attacker can flood a target with SYN packets, causing the target's resources to be consumed as it tries to manage the half-open connections. The tool used for this demonstration is hping3, a popular tool in Kali Linux, which allows the specification of packet size, number of packets, and the type of attack (in this case, SYN flooding). The presenter targets port 80, which is commonly used for web traffic, and shows how the network traffic and CPU utilization spike significantly during the attack. The video concludes by emphasizing that successful DDoS attacks often require a substantial amount of resources, which is why attackers often collaborate in groups to target a single IP. The paragraph ends with a teaser for upcoming videos that will cover more topics related to DDoS attacks.
Mindmap
Keywords
💡DDoS Attack
💡Windows Server 2019
💡IIS
💡IP Address
💡CPU Utilization
💡Memory Utilization
💡Network Utilization
💡Ping Command
💡ICMP Protocol
💡Botnet
💡SYN Flooding
💡hping3
Highlights
Introduction to a practical demonstration of a DDoS attack.
Use of Windows Server 2019 configured as a web server with IIS.
IP address of the web server is 10.10.10.8.
Performance metrics of the web server show stable CPU and memory utilization.
Demonstration of how a simple ping command can be used to launch an attack.
Explanation of the impact of continuous ping commands on network traffic.
The concept of attackers launching attacks from multiple devices simultaneously.
Discussion on the difficulty of attributing blame in botnet-based DDoS attacks.
Mention of the 'Ping of Death' attack and its limitations due to firewalls blocking ICMP.
Introduction to SYN flooding as a method of DDoS attack.
Explanation of the role of the SYN flag in TCP connection establishment.
Use of hping3 tool for performing SYN flooding attacks.
Command structure for hping3 to target a specific port with SYN packets.
Observation of resource consumption on the target during SYN flooding.
Impact of increasing packet size on the effectiveness of the attack.
Conclusion on the necessity of substantial resources for successful DDoS attacks.
Overview of how attackers coordinate group efforts to bring down targets.
Closing remarks and预告 of upcoming videos on related topics.
Transcripts
welcome back so in this video we will
discuss on the ddos attack
so we'll see the practical demonstration
on the ddos attack
so here for this demonstration i have a
web server or have configured this
windows server 2019 as a web server it
is running with iis
and
i'll also
note down the ip errors of this machine
so this machine's ips for 10.10.10.8
and also i'd like to check the
performance of this machine so the
performance is quite stable
and cpu utilization is just five percent
seven percent and memory utilization is
just sixty-five percent and the network
utilization also is a
very big uh very little
and now
we'll uh
proceed with the attack and this attacks
can be even launched with a simple ping
command also
i can just use the simple
ping commands
so let me increase the font size so it
should be visible
better visible for you
okay so
so usually we used to uh
ping the
uh
destination to know whether you are
getting the response
so you can see the response it is using
only 32 bytes
so which will not create any big impact
in your
network traffic but still
the
using the simple ping command itself we
can use we can
uh attack the target
by
producing continuous ping by using
hyphen t
and also we can define the length of the
packet so usually it is taking 32 bytes
here i am going to
give
something around 50 65
500 bytes so this is the maximum
number of byte which supports in the
ping so usually when uh when you use the
ping command it is going to use the icmp
protocol so let me try this
and again
with a single
ping operation will not get much
difference so let me repeat the command
multiple times
we'll verify here and here you can see
the traffic utilization goes up
so it goes up beyond uh
uh i think
it is it is going beyond
4 mbps
so
from a single computer if you are
targeting uh this attack obviously you
cannot bring down the target
so where uh usually the attackers what
they will do is they will plan this
attack uh
to be launched from
multiple devices
so maybe a group of
attackers will
will start attacking this at the same
time
or you can even they can also
do by spreading a botnet into the public
internet and uh
at a particular time when they want to
launch the attack so they will
send the instructions to the botnet to
launch the attack so immediately all the
botnets uh maybe the botnets will be uh
installed in any of the internet users
computers so from there even lacks of
your devices or
multiple lacks of devices may get
compromised with this kind of botnets so
through which they can launch this
attack so obviously with this uh
this kind of ping attack itself the
target can be brought down
uh again and this kind of for
botnet-based dos attacks uh even finding
the a real perpetrator that is the real
attacker is going to be a hard
hard thing for the in forensic
investigators but still
it will take long time but finally we
can
find the
person who initiated this attack
and even
we can also launch attack through some
other options so the there
since uh when you are using the ping
command it is using the icmp packet so
most of the organizations they might
have blocked the icmp in the firewall
itself so by uh by
pig of death attack so whatever we have
done here is the peak of death attack so
by performing the ping ping of
death attack is not going to be possible
in these cases
so even attackers may find some other
solutions if your any web server is
hosted obviously port 80 or 443 is going
to be open
so through that port the attackers may
flood the packets so they may flood the
ac
packets or they may flood the syn
packets or more
so here i'll show you how to perform the
uh syn attack
so that is syn flooding
so syn flooding uh i believe you know in
the previous videos we have discussed
about the uh tcp flags where the syn syn
flag is used for establishing the
connection
so where attacker may send many uh
syn packets to the tag and so through
which the
target can be brought down
and now uh
for for using this uh syn flooding we
can also use a tool called hping3 which
is a famous tool in uh
kali linux operating system so we can
use this hping3 command
hp3 is basically the command and hyphen
v is to
get the web browse output and hyphen
c is to define the
size of the packet
and hyphen d is to define the uh no i'm
sorry hyphen
d is to
define the
size of the packet and hyphen c is to
define the number of packets that has to
be sent
and hyphen s is to define the
syn flooding that is to define the syn
packet
and hyphen p is to define the port and
here i want to target the port h0
and again hyphen iphone flood and
finally the target ip
so by giving this command we can
consume more resource of the target let
me see what
happens and here we can see we are not
able to access the virtual machine
itself
so let me stop this command
by pressing ctrl c we can stop the
proceeding of the command and here you
can see the network traffic was
utilizing up to 11 mbps
and even you can also see the cpu
utilization went high
now let us try to
increase the
packet size
so
let me add one zero
so we'll just wait for few seconds
then let me stop
let me go to the virtual machine again
you can see so there is a huge spike
and even in the network utilization also
you can see there is a huge spike
so by doing this continuously obviously
to uh
get a success in this kind of attacks
you need to have a huge amount of
resource so basically the results should
be higher than the target
so in that cases most of them attackers
so they'll be
doing this as a group a group of
attackers will be targeting one
particular ip so through which they can
bring down the target so this is how
they uh launch the ddos attacks
and that's all for this demonstration so
we'll discuss the rest of the topics in
the upcoming videos until then bye
Ver Más Videos Relacionados
DDoS Attack | DDoS Attack Explained | What Is A DDoS Attack? | Cyber Attacks Explained | Simplilearn
How to configure DHCP server | DHCP server configuration step by step
Unir un cliente Windows 10 a un dominio en Windows Server 2019
How To Make Your Own Minecraft Server With Eaglercraft!
Advanced Wireshark Network Forensics - Part 3/3
Deauthentication - N10-008 CompTIA Network+ : 4.2
5.0 / 5 (0 votes)