DoS Attack (Ping Flooding)

DoS Attack (Ping flooding)

Introduction

I got all excited when I learned to ping flood (Denial of Service) someone for the first time. The thought of having the power to slow someone’s network speed down is thrilling. I got D@rkGh0st to come over to my place so we could do the attack together. So he set himself up on one PC while I set my Laptop and my other PC up for a DoS attack. He started playing an online game and I told him I’d be ping flooding him. So I set my commands up and pressed enter. As I turned around to see the results, I could see his ping shoot up to 3500 from a comfortable 200.

The night after I decided to ping flood my actual router. This produced some scary results; I could not connect to any site what so ever, all it took was three simultaneous ping floods from one computer.

Now I know DoS attacks are illegal, so that’s the reason I experimented on my own PCs. Going from having 200 ping to 3500 ping in a game that hardly consumes much bandwidth is quite a significant response considering I only used a Botnet of 2 computers. If you think about it, one could potentially grind a network to a halt with a Botnet of about 20 PCs. It’s scary to think what someone could do with very little knowledge.

Moving along. When someone is armed with knowledge and the knowledge of C++ and Sockets, they become very, very, very dangerous people, they also become very sloppy people. Someone who just learns this information will most likely go out and create a bot and get themselves caught immediately. So I do advise that you (The reader) do not attempt this on any computer that you don’t have permission to DoS attack.

What is a DoS attack?

A DoS (Denial of Service) is an attempt to make a computer’s resources unavailable to its user. A DoS attack comes in many shapes and forms, and it can also have sub motifs. A DoS attack can disable a computer and its networks if carefully planned and executed. It can be mounted from anywhere to anywhere, at anytime, anyhow. There are so many variables one can put on DoS attacks.

Usually an attacker does not use his/her own computer. They would create what’s called a Botnet (A hive of computers) in which he controls (Remotely through use of trojans) and would direct them towards one machine. To explain this efficiently,  it’s sort of like taking a magnifying glass (1 computer) and trying to light a wet piece of tinder, it’s not going to burn, but when a whole lot of them (Botnet) are focused on it, it will burn. In this way, the hacker can anonymously control multiple computers to attack one target to bring it down. The attacker would also use Tunneling and IP Spoofing to camouflage his identity.

What is a Ping Flood?

In this tutorial we will be focusing on a type of attack called a Ping flood. Ping flooding is the most primitive form of DoS attacks because anyone can do it extremely easily. When a targeted computer is under a ping flood attack, what happens is the computer’s network  becomes backed up, trying to keep up with ping requests. Each time the server receives a ping request it has to compute it then send a reply with the same amount of data, ping flooding is when the attacker floods the server with ping requests and the server has to compute tons of requests every split second, which takes up a lot of resources.

Typical botnet hierarchy of a hacker

Why am I doing this tutorial?

First let me start by explaining something; When ping flooding from your own computer, you’re basically attacking yourself too unless you use IP Spoofing. The reason I’m doing a tutorial on this is because I think people should know how someone could easily attack a system and take its network offline. There is another reason; One computer will not be sufficient enough to bring a system to a halt, so there is no harm in sharing this information.

There is an upside and a downside to knowing how to ping flood. The upside is, you know what it is and how to do it, the downside is that it’s completely useless unless you know how to make a Botnet. Yet you CAN use this to attack a local network I suppose, but just remember to only attack computers you have permission to attack.

Ping flooding 101

In this tutorial I will be teaching you these types of DoS attacks:

1.     Targeted local disclosed ping flood (Known IP Addy)

2.     Router disclosed ping flood

3.     Blind ping flood (Unknown IP Addy)

1.   Targeted local disclosed ping flood

A targeted local disclosed attack is when you know the IP Address of the target connected to the network and you attack it directly.

Alright, so you want to ping flood a single computer. First off we need to make sure we are indeed connected to it, start up command prompt (Start->All programs->Accessories->Command Prompt) and type in:

ipconfig

The dos screen will run a few numbers down the screen and will stop. What we are looking for is a local IP address we can attack. Look for an entry called IPv4 Address.

Results for ipconfig, highlighted text is what you need

If you do not get something like this then you are not connected to any network. If you are in fact connected then note this number down because this is the IP Address we will be needing to attack from the other computer. No we are going to directly attack your target (The computer you are on) so go to the other PC and open command prompt and type this in:

ping *ip address here* -t -l 65500

Use the IP address you noted from the other PC and replace the *ip address here* with that IP address. You will see the prompt start Pinging the computer you specified. Now you are actually ping flooding the target. Hurray! Your very first ever DoS attack! Give yourself a pat on the back. As you can see, this was not difficult at all.

Attacking an IP Address

To understand the command properly here’s the argument breakdown: The -t specifies that it keeps pinging the host until it times out (Disconnects or until you stop it). -l specifies the load you want to send, so we are sending 65500 bytes to the host every ping. That’s quite a lot of data to handle, the usual default ping size is 32 bytes.

If you take a look at the PC that’s being attacked, you will notice a rather significant increase in activity and decrease in speed. If you check the task manager, you will see your network activity will have increased.

The effects of a ping flood in action

You must also remember that what ever load you are wanting to put on the target computer, you will also be putting on your computer, so attacking a stronger computer will only end up in a fail. Also another thing to note that if attacking over Wireless, it’s less likely to have a strong effect compared to LAN.

2.   Router disclosed ping flood

A router disclosed ping flood has the same fundamentals as a  targeted one, except you target routers and not a computer. When you ping flood a router you compromise the network that it’s hosting. If there are about 20 computers connected to one router and the router is DoS attacked, the 20 computers will not be able to communicate with each other or to the router.

It has the same procedure as the targeted flood, except you need to know the internal IP Address for the router. To get the IP Address of your local router, you use the same procedure as a targeted flood. Open Command Prompt and type:

ipconfig

We need the Default Gateway, this is the local IP Address for the router.

Now use the same process you used to flood the targeted computer, use it on the router, like this:

ping 192.168.1.1 -t -l 65500

Replace the IP Address I got with the IP you got. Generally the IP Addy from your router will be 192.168.1.1 as most routers ship with it set as the default internal IP Address. When you hit return, you will see the command screen now pinging the router with 65500 bytes each ping. This is the most basic attack anyone can do to any target, whether it be a router or direct computer attack. When targeting a computer on a network through a switch or router, generally the router/switch will take the brunt of the attack and could cause it to crash, resulting in a hard reset.

3.   Blind ping flood

A blind attack of any kind is when the attacker does not know the IP Address of his target, so he uses technique to uncover them through external programs. We will be using Cain and Abel to retrieve an attackable list of IP Addresses. I will be covering how to use Cain and Abel to find IP Addresses connected to your network.