DoS attack

Jontebullen · Post by **Jontebullen** » 10 Apr 2007, 00:56

ok, so i have finally got my server up at home and now i want to try and perform DoS attack on it, so you guys have any tips/software i could use?
also what is the difference between a DoS and a DDoS attack? i know that DDoS means Dedicated DoS attack but not exactly what that means..

also i will do it from another computer inh my LAN, cause i heard you get in troubly with your ISP?

Post by **CommonStray** » 10 Apr 2007, 03:46

http://en.wikipedia.org/wiki/Denial-of-service_attack

Post by **bad_brain** » 10 Apr 2007, 04:16

DDoS means distributed denial of service...

this means the attack is coming from multiple sources. while a DoS attack is based on sending "malicious" traffic to the server a DDoS attack can bring a server down by simply sending such a huge amount of (normal) requests that the bandwidth is exceeded and the service become non-responsive (flooding).

what you do inside your LAN isn't the business of your ISP and because there is no traffic to the outside (which would go to the network of your ISP) the ISP will not even notice it.

software for a DoS attack are depending on the service you want to attack, so simply look for exploits on the usual sites like packetstormsecurity or milw0rm.
tools for DDoS attacks are Stacheldraht or Trinoo for example, but actually these tools are just for controlling the botnet....without a botnet no DDoS.

Jontebullen · Post by **Jontebullen** » 10 Apr 2007, 05:11

so if i have got this right, i have to choose a program to attack, i mean i can't just attack any program that runs on a certatin port (80 in this case)?
i'm a bit confused...

oh, and to perform a DDoS attack i actually have to hack other computer right?

Post by **ayu** » 10 Apr 2007, 07:26

Jontebullen wrote:so if i have got this right, i have to choose a program to attack, i mean i can't just attack any program that runs on a certatin port (80 in this case)?
i'm a bit confused...

oh, and to perform a DDoS attack i actually have to hack other computer right?

Putting it up simple.

1: The target computer/server has a webserver (let's say apache) on port 80
2: You have infected 100 computers with a program that requests info from the site really fast a lot of times (let's say 10 requests every second).
3: You activate all the programs on all of the infected computers at the same time.
4: The target server can only handle 500 connections at a time
5: The infected computers request 10x100 all together filling the server up and causing a "Denial of service"

Well, that is only one example, there are other ways to do it.

Jontebullen · Post by **Jontebullen** » 10 Apr 2007, 09:17

ok, so i'm not interested in a DDoS attack i guess. But when i perform a DoS attack, do you need to find exploits for different servers or ports or what? i thought i only needed one program and i would be able to DoS anything?

Post by **ayu** » 10 Apr 2007, 09:34

Jontebullen wrote:ok, so i'm not interested in a DDoS attack i guess. But when i perform a DoS attack, do you need to find exploits for different servers or ports or what? i thought i only needed one program and i would be able to DoS anything?

naaah a vulnerability isn't needed, in some cases it is, but in most cases not. Some smaller servers can be DoSed from your own computer alone, but it would be like a freaking attention seeker "hey look at me wooooOoOOoOO". So in my opinion an attack using "Zombie computers" (the infected ones) would be the wisest.

Jontebullen · Post by **Jontebullen** » 10 Apr 2007, 09:43

ok. Can you link me to any specific software that you can DoS with?
btw, congrats on 500 posts ^^

Post by **bad_brain** » 10 Apr 2007, 09:46

http://httpd.apache.org/docs/2.0/programs/ab.html

can be found on almost any Linux distro, can be used remotely too...

Post by **ayu** » 10 Apr 2007, 10:03

Jontebullen wrote:ok. Can you link me to any specific software that you can DoS with?
btw, congrats on 500 posts ^^

lol thanks ^^

Well i can't link you to any Ddos program (don't remember where to find any ready to use, and i am not interested in searching atm =P ). Taking down a site effectively would be to add a "ddos able" code into a site with A LOT of users, like a code that downloads an image from the target site all the time (hidden of course), so that all the users visiting the site would dos the target. If you get enough people to use the site (thereby ddosing your target) you might succeed in taking it down although just for a while. Ddosed targets doesn't (often) stay down very long. So taking a large site down would demand a lot of resources and even if you succeed you might get caught.

So my tip on a large scale Ddosing is

1: Getting a worm that spreads fast and can't be tracked from your computer (like setting it of at a library computer or something more anonymous) that ddoses a target at a specific time.

2: Using a really good proxy and inject a hidden ddosing script in a large site with many users that isn't yours.

But hey...thats just me ^^

Lyecdevf · Post by **Lyecdevf** » 18 Apr 2007, 08:08

Jontebullen wrote:ok. Can you link me to any specific software that you can DoS with?

Some thing similar has been posted on this forum. You may want to take a look at it!
http://www.suck-o.com/modules.php?name= ... dos+attack
Try using google as well. Here is the link!
http://www.google.com/search?hl=en&q=DOS&btnG