Denial of Service (DOS) Attack  - Demo using Hping3

            
 

            

        

          

          
          

          

              

                  
              

          










  
Denial of Service (DoS) Attack

  

  
A Denial of Service (DoS) attack is a cyberattack aimed at disrupting the normal functioning of a network or system by overwhelming it with excessive traffic or requests. This overload prevents legitimate users from accessing the targeted service or resource.


  
How a DoS Attack Works

  

  
    
    
  • Overwhelming Resources: The attacker floods the target with a massive volume of traffic, consuming its bandwidth, processing power, or other resources.
    • 
    
  • Resource Exhaustion: The target's resources become depleted, leading to slow performance, system crashes, or complete unavailability.
    • 
    
  • Service Disruption: Legitimate users are unable to access the service or experience significant delays.
    • 
  


  
Types of DoS Attacks

  

  
    
    
  • Volume-based attacks: Overwhelm the target with excessive data packets.
    • 
    
  • Protocol-based attacks: Exploit vulnerabilities in network protocols to disrupt service.
    • 
    
  • Application-layer attacks: Target specific application vulnerabilities to overload resources.
    • 
  



 ICMP Flood (Ping Flood) -  Volume-Based DoS Attack


An ICMP ping flood attack,
  also known as a ping flood, is a type of Denial of Service (DoS) attack that aims to overwhelm a target system with a massive volume of Internet Control Message Protocol (ICMP) echo request packets (pings).


  How it works:
  

  
    
    
  • Initiation: The attacker sends a large number of ICMP echo request packets to the target system. These packets are typically spoofed to mask the attacker's identity.
    • 
    
  • Resource Consumption: The target system attempts to process and respond to each incoming ICMP echo request with an ICMP echo reply packet. This consumes significant CPU and network resources.
    • 
    
  • Overload: As the number of incoming ICMP echo requests increases, the target system becomes overwhelmed and unable to handle legitimate traffic.
    • 
    
  • Service Disruption: The target system becomes slow, unresponsive, or completely inaccessible to legitimate users.
    • 
  


  

    icmp ping flood attack image
    
ICMP Ping flood attack

  


  Mitigation:
  

  
    
    
  • Firewall Rules: Blocking ICMP echo requests can prevent ping flood attacks.
    • 
    
  • Rate Limiting: Limiting the number of ICMP packets from a single source.
    • 
    
  • Intrusion Detection Systems (IDS): Detecting and blocking ping flood attacks.
    • 
  


  
SYN Flood Attack - Volume-Based DoS Attack

  

  
A SYN flood is a type of denial-of-service (DoS) attack that aims to overwhelm a server with a large number of TCP connection requests. It exploits the three-way handshake process used to establish TCP connections.


   How it Works?


   
    
    
  • Initiation: The attacker sends a large number of SYN (synchronize) packets to the target server, initiating the first step of the TCP handshake.
    • 
    
  • Resource Consumption: The server allocates resources for each incoming SYN packet, expecting a subsequent ACK (acknowledge) packet to complete the connection.
    • 
    
  • Overload: The attacker intentionally omits sending the ACK packets, causing the server to maintain half-open connections in a waiting state. Over time, the server runs out of resources to handle new connection requests.
    • 
    
  • Service Disruption: Legitimate users are unable to establish connections to the server, resulting in a denial of service.
    • 
  


  

    syn flood dos attack
    
Syn Flood DoS Attack

  


  Mitigation:
  

  
    
    
  • SYN Cookies: A technique where the server sends a cookie in the SYN-ACK packet instead of allocating resources immediately.
    • 
    
  • Rate Limiting: Limiting the number of SYN packets from a single source.
    • 
    
  • Firewall and Intrusion Prevention Systems (IPS): Detecting and blocking SYN flood attacks.
    • 
  


  
Disclaimer

  
The content provided on this page is for educational purposes only. It is intended to demonstrate the vulnerabilities of computer systems and networks and to promote ethical hacking practices. Any unauthorized use of the information or tools presented here is strictly prohibited and may violate applicable laws.


  
By accessing and using this information, you agree to the following:

  
    
    
  • No Malicious Use: You will not use the information or tools to harm others, damage property, or violate any laws.
    • 
    
  • Ethical Use: You will use the information and tools responsibly and ethically, respecting the privacy and security of others.
    • 
    
  • Legal Compliance: You will comply with all applicable laws and regulations regarding hacking and cybersecurity.
    • 
  


  
It is important to note that hacking systems without proper authorization is illegal and unethical. If you have concerns about the security of your own systems, please consult with a qualified security professional.