[Guide] How to DOS Attack with Packet Crafting using Colasoft

[Guide] How to DOS Attack with Packet Crafting using Colasoft - Printable Version

+- Blackhat Carding Forum | Carding Forum - Credit Cards - Hacking Forum - Cracking Forum | Bhcforums.cc (https://bhcforums.cc)
+-- Forum: Carding Zone (https://bhcforums.cc/Forum-Carding-Zone)
+--- Forum: Carders Home (https://bhcforums.cc/Forum-Carders-Home)
+--- Thread: [Guide] How to DOS Attack with Packet Crafting using Colasoft (/Thread-Guide-How-to-DOS-Attack-with-Packet-Crafting-using-Colasoft)

[Guide] How to DOS Attack with Packet Crafting using Colasoft - NINZA - 05-14-2020

In our previous article we had discussed “

[To see content please register here]

” and today you will DOS attack using colasoft Packet builder. In

[To see content please register here]

we had used Hping3 in Kali Linux for generating TCP, UDP, SYN, FIN and RST traffic Flood for DOS attack on target’s network. Similarly, we are going to use colasoft for all those attacks by making a change in their data size of packets and time elapse between packets.
Let’s start!!!
TCP DOS Attack
You can download it from given

[To see content please register here]

, once it gets downloaded then run the application as an administrator to begin the DOS attack.
Click on ADD given in menu bar.
[Image: 0.png?w=687&ssl=1]

A small window will pop up to select the mode of attack here we are going to choose TCP packet for generating TCP packet flood on the target’s network. Well if you will notice given below image then you will observe that I had set delta time 0.1 sec as time elapses for the flow of traffic for all packets. This is because as much as the time elapsed will be smaller as much as packet will be sent faster on the target’s network.
[Image: 1.png?w=687&ssl=1]

in the window are categories into three phases as Decode Editor, Hex Editor, and packet List. From the given image you can observe the following information which I had edited for TCP packet
Decode Editor: This section contains packet information such as protocol, Time to live and etc. Here you need to add source address responsible for sending a packet and then add destination address which is responsible for receiving incoming packet traffic.

Source address: 192.168.1.102
Destination address: 192.168.1.107

Hex Editor: This section displays the raw information (Hexadecimal) related to the data size of the packet. By typing a random string you can increase the data length of the packet.
Packet size: 112 bytes
[Image: 2.png?w=687&ssl=1]

Packet List: It displays complete information of your packet which contains a source address and destination address, time to live and other information which we had edited.
[Image: 3.png?w=687&ssl=1]

Click on Adapter given in menu bar to select specific adapter for DOS attack. From given below image you can observe it showing adapter status: LAN Operational.
Note: It is only available when you have run the application as administrator.
[Image: 4.png?w=687&ssl=1]

Click on Send option from the menu bar and enable the checkbox for “Burst Mode” and “Loop sending” and adjust its size according to your wish.
Then click on start to launch the TCP packet for DOS attack.
[Image: 5.png?w=687&ssl=1]

Using Wireshark we can capture packet and traffic between source and destination. So here you can perceive that infinite TCP packet is being transferred on target’s network after some time it will demolish the victim’s machine so that victim could not able to reply any legitimate request of other users.
[Image: 7.png?w=687&ssl=1]

TCP SYN DOS Attack
Again repeat the same to choose TCP packet for generating TCP SYN flood on target’s network. Well if you will notice given below image again then you will observe that I had set same delta time 0.1 sec.
[Image: 8.png?w=687&ssl=1]

You, people, must aware of TCP-SYN Flood attack so in order to generate only SYN packet traffic, activate the TCP flag for synchronizing sequence by changing bit form 0 to 1.
Hence this time I had set below information in decoder Editor and Hex editor.

Source address: 192.168.1.102
Destination address: 192.168.1.107
Flag: SYN
Packet size: 115 bytes

And repeat above step of TCP flood to begin the attack.
Click on Send option from the menu bar and enable the checkbox for “Burst Mode” and “Loop sending” and adjust its size according to your wish.
Then click on start to launch the TCP packet for DOS attack.
[Image: 12.png?w=687&ssl=1]

You can clearly observe the flow of traffic of SYN packet from attacker network to targets network after some time it will demolish the victim’s machine so that victim could not able to reply any legitimate request of other users.
[Image: 14.png?w=687&ssl=1]

TCP RST DOS Attack
Again repeat the same to choose TCP packet for generating TCP Reset flood on target’s network. If you will notice given below image then you will observe that again I had set delta time 0.1 sec this is because as much as the time elapsed will be smaller as much as packet will be sent faster on target’s network.
[Image: 15.png?w=687&ssl=1]

You, people, must aware of TCP-RST Flood attack so in order to generate only Reset packet traffic, activate the TCP flag for Reset the connection by changing bit form 0 to 1.
Hence this time I had set below information in decoder Editor and Hex editor.

Source address: 192.168.1.102
Destination address: 192.168.1.107
Flag: Reset
Packet size: 104 bytes

After then repeat the above step to begin the attack.
Click on Send option from the menu bar and enable the checkbox for “Burst Mode” and “Loop sending” and adjust its size according to your wish.
Then click on start to launch the TCP packet for DOS attack.
[Image: 19.png?w=687&ssl=1]

You can clearly observe the flow of traffic of RST packet from attacker network to targets network after some time it will demolish the victim’s machine so that victim could not able to reply any legitimate request of other users.
[Image: 21.png?w=687&ssl=1]

UDP DOS Attack
Again repeat the same to choose UDP packet for generating TCP flood on the target’s network. If you will notice given below image then you will observe that again I had set delta time 0.1 sec as time elapses for the flow of traffic for all packets.
[Image: 22.png?w=687&ssl=1]

This time I had set below information in decoder Editor and Hex editor.

Source address: 192.168.1.102
Destination address: 192.168.1.107
Source port: 80
Packet size: 113bytes

After editing your packet information verifies that changes through packet list are given on the right side of the window before launching an attack.
[Image: 24.png?w=687&ssl=1]

Click on Adapter to select specific adapter for DOS attack. From given below image you can observe it showing adapter status: LAN Operational.
[Image: 25.png?w=687&ssl=1]

Click on Send option from the menu bar and enable the checkbox for “Burst Mode” and “Loop sending” and adjust its size according to your wish.
Then click on start to launch UDP packet for DOS attack.
[Image: 26.png?w=687&ssl=1]

You can clearly observe in given below image the flow of traffic of UDP packets from attacker network to targets network after some time it will demolish the victim’s machine so that victim could not able to reply any legitimate request of other users.
[Image: 30.png?w=687&ssl=1]

In this tutorial, we are going to discuss Packet Crafting by using a great tool Colasoft packet builder which is quite useful in testing the strength of Firewall and IDS and several servers against malicious Flood of network traffic such as TCP and UDP Dos attack. This tool is very easy to use especially for beginners.
Packet crafting is a technique that allows network administrators to probe firewall rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behavior, instead of using existing network traffic. Testing may target the firewall, IDS, TCP/IP stack, router or any other component of the network. Packets are usually created by using a packet generator or packet analyzer which allows for specific options and flags to be set on the created packets. The act of packet crafting can be broken into four stages: Packet Assembly, Packet Editing, Packet Play, and Packet Decoding.
For more detail visit Wikipedia.org
Mode of Operation
Packet Assembly: It is the initial state of packet crafting where tester needs to decide the network that can be compromised easily by creating a packet which can exploit the network by shooting its vulnerability. The packet should be designed in a manner that it maintains its ability to be undetectable in the target’s network.
Famous Tools for Packet Assembly are: Hping3 and Yersinia
Packet Editing: In this stage captured packet is edited or modified which cannot be possible to do in Packet Assembly phase. In this phase, the packet is edited in a manner that it can dump more and more information about the target’s network by making a small amount of change in it. For example, change data length (payload) of packets.
Famous Tool of packet Editing: Colasoft and Scapy
Packet Playing: In this phase when the packet is ready to launch then it sends to target’s network for exploiting its network and collect the information. This is the actual arena where above both actions is tested and if the packet is failed to complete its goal of retrieving victim’s information or exploit its vulnerability then again the packet send back to Packet Editing phase for modification.
Packet Analysis: This is the last stage where the packet is analysis when it received on the targeted network. The captured packet is decoded for further investigating for retrieving its internal details which can speak up its goal for establishing a connection on the target’s network.
Famous Tool of Packet Analysis: Wireshark and Tcpdump
Colasoft Packet Builder enables creating custom network packets; users can use this tool to check their network protection against attacks and intruders. Colasoft Packet Builder includes a very powerful editing feature. Besides common HEX editing raw data, it features a Decoding Editor allowing users to edit specific protocol field values much easier.
Users are also able to edit decoding information in two editors – Decode Editor and Hex Editor. Users can select one from the provided templates Ethernet Packet, ARP Packet, IP Packet, TCP Packet, and UDP Packet, and change the parameters in the decoder editor, hexadecimal editor or ASCII editor to create packets. Any changes will be immediately displayed in the other two windows. In addition to building packets, Colasoft Packet Builder also supports saving packets to packet files and sending packets to the network.
From:

[To see content please register here]

Let’s start!!!
TCP Packet Crafting
You can download it from the above-given link, once it gets downloaded then run the application as an administrator, to begin with crafting various Packets. As I had an example above a packet crafting involves 4 phases, let’s start it by adding the packet which we will craft for testing our network.
Click on ADD given in menu bar.
[Image: 0.png?w=687&ssl=1]

A small window will pop up to select the mode of IP packet to be crafted. Here we are going to choose TCP packet for crafting for example by increasing the size of the packet or by sending the individual flag of the Tcp Protocol to the destination IP address. Well if you will notice given below image then you will observe that I had set delta time 0.1 sec as time elapses for the flow of traffic for all crafted packets. The delta time is the time gap between each packet.
[Image: 1.png?w=687&ssl=1]

Window is categories into three phases as Decode Editor, Hex Editor, and packet List. From the given image you can observe the following information which I had edited for TCP packet
Decode Editor: This section contains packet information such as protocol, Time to live and etc. Here you need to add source address responsible for sending a packet and then add destination address which is responsible for receiving incoming packet traffic.

Source address: 192.168.1.102
Destination address: 192.168.1.107

Hex Editor: This section displays the raw information (Hexadecimal) related to the data size of the packet. By typing a random string you can increase the size of the packet.
Packet size: 77 bytes
This phase is also known as Packet Editing mode where we can modify our packet.
[Image: 2.png?w=687&ssl=1]

Packet List: It displays complete information of your packet which contains a source address, destination address, time to live and other information which we had edited.
[Image: 3.png?w=687&ssl=1]

Click on Adapter given in the menu bar to select a specific adapter from which packets will be sent. From given below image you can observe it, it showing adapter status: LAN Operational.
Note: It is only available when you have run the application as administrator.
[Image: 4.png?w=687&ssl=1]

Click on Send option from the menu bar and enable the checkbox for “Burst Mode” and “Loop sending” and adjust the number of packets to be sent to the Destination Network and the delay time gap between each packet.
Then click on start to send the TCP packets. This phase is known as Packet playing mode where are ready to the sent packet on the target network.
[Image: 5.png?w=687&ssl=1]

Using Wireshark we can capture packet and traffic between source and destination. So here you can perceive that infinite TCP packet is being transferred to target’s network. This phase is known as packet analysis mode where the sent packet is sniff or analysis for identifying sender objectives behind sending the packet.
[Image: 6.png?w=687&ssl=1]

ARP Packet Crafting
Again repeat the same to choose ARP packet for crafting Packet for ARP protocol on the target’s network. Well if you will notice given below image again then you will observe that I had set same delta time 0.1 sec.
[Image: 7.png?w=687&ssl=1]

Apart from editing source and destination IP here we need to add source and destination physical address also.
Hence this time I had set below information in decoder Editor and Hex editor.

Source MAC: AA:AA:AA:AA:AA:AA
Source address: 192.168.1.102
Destination MAC: BB:BB:BB:BB:BB:BB
Destination address: 192.168.1.107
Packet size: 78 bytes

You can use any method to find the destination MAC address.
[Image: 11.png?w=687&ssl=1]

After editing your packet information verifies that changes through packet list are given on the right side of the window before sending the packet. If you notice given image below then you can read the summary where it is show broadcasting ARP message who is 192.168.1.107?
[Image: 12.png?w=687&ssl=1]

Click on Adapter given in menu bar to select specific adapter for network selection. From given below image you can observe it showing adapter status: LAN Operational.
[Image: 13.png?w=687&ssl=1]

Click on Send option from the menu bar and enable the checkbox for “Burst Mode” and “Loop sending” and adjust the number of packets to be sent to the Destination network according to your wish.
Then click on start to launch the sending process of ARP packet. This action is known as Packet playing.
[Image: 14.png?w=687&ssl=1]

From the given image below you can observe the continue ARP packet making a request for who is 192.168.1.107, which meaning our packet playing is given a positive result. From Wireshark target is able to analysis the goal of the packet received from the sender’s network.
[Image: 16.png?w=687&ssl=1]

IPv4 Packet Crafting
Again repeat the same process to choose IP packet for crafting Packet for IPv4 protocol on the target’s network. Again if you will notice given below image again then you will observe that I had set same delta time 0.1 sec.
[Image: 17.png?w=687&ssl=1]

This time I had set below information in decoder Editor and Hex editor for Editing Packet.

Source address: 192.168.1.102
Destination address: 192.168.1.107
Packet size: 71 bytes

After editing your packet information verifies that changes through packet list are given on the right side of the window before sending the packet.
[Image: 19.png?w=687&ssl=1]

Click on Adapter given in menu bar to select specific adapter for sending the packet. From given below image you can observe it showing adapter status: LAN Operational.
[Image: 20.png?w=687&ssl=1]

You can clearly observe in given below image the flow of traffic of IPv4 packets from senders network to Receivers network in packet analyzing mode.
[Image: 23.png?w=687&ssl=1]

UDP Packet Crafting
Again repeat the same to choose UDP packet for crafting UDP Packet. If you will notice given below image then you will observe that again I had set delta time 0.1 sec as time elapses for the flow of traffic for all packets.
[Image: 24.png?w=687&ssl=1]

This time I had Edited below information in decoder Editor and Hex editor for designing my packet.
Source address: 192.168.1.102
Destination address: 192.168.1.107
Packet size: 72 bytes
[Image: 25.png?w=687&ssl=1]

After editing your packet information verifies that changes through packet list are given on the right side of the window.
[Image: 26.png?w=687&ssl=1]

Click on Adapter to select specific adapter for sending the packets. From given below image you can observe it is showing adapter status: LAN Operational.
[Image: 27.png?w=687&ssl=1]

Click on Send option from the menu bar and enable the checkbox for “Burst Mode” and “Loop sending” and adjust the number of packets to be sent to the Destination network according to your wish.
Then click on the start button to sending the crafted UDP packet.
[Image: 28.png?w=687&ssl=1]

You can clearly observe in given below image the flow of traffic of UDP packets from senders network to the Receivers network.
Hence in this tutorial, we tried to explain all for the mode of operation of crafting a packet for testing a network using colasoft and Wireshark.
[Image: 30.png?w=687&ssl=1]

DHCP stands for Dynamic Host Configuration Protocol and a DHCP server dynamically assigns an IP address to enable hosts (DHCP Clients). Basically, the DHCP server reduces the manual effort of the administrator of configuring the IP address in client machine by assigning a valid IP automatically to each network devices. A DHCP is available for distributing IP address of any Class among A B C D E basis on their netmask description which means it is applicable even for a small network or a huge network.
DHCP uses UDP as its transport protocol. The client sends messages to the server on port 67 and the server sends messages to the client on port 68.
There are three mechanisms used to assign an IP address to the client. They are:

Automatic allocation – DHCP assigns a permanent IP address to a client
Manual allocation – Client’s IP address is assigned by the administrator, DHCP conveys the address to the client.
Dynamic allocation– DHCP assigns an IP address to the client for a limited period of time (lease).

Mode of Operation DHCP server and DHCP Client

DHCP Discover: DHCP client broadcast a DHCP discover message to DHCP server for an IP address lease request through subnet mask for e.g. 255.255.255.255.
DHCP Offer: DHCP server receives DHCP Discover message for an IP address lease from DHCP client and reserve IP for it and sends DHCP OFFER message to DHCP Client for IP lease.
DHCP Request: DHCP client broadcast a message to DHCP server for acceptance of IP by receiving Offered IP packets and make DHCP request for IP parameter configuration.
DHCP Acknowledgment: DHCP server receives DHCP client request for IP configuration process and as responds DHCPACK message sent to the client with committed IP address and its configuration and with some additional information such lease time of offered IP.
DHCP Release: DHCP client sends a DHCP Release packet to the DHCP server to release the IP address.

DHCP Starvation Attack
A DHCP starvation attack may also categories as DHCP DOS attack where the attacker broadcasting fake DHCP requests with spoofed MAC addresses. If official replies to this fake request then it can exhaust the address space available to the DHCP servers for a period of time. This can be performed by using attacking tools such as “Yersinia”.
Now the attacker may place the rouge server in the network and respond to new DHCP requests from clients.
in given below image you can observe that by executing given command we discovered bind hardware with our official router. Here we had used CISCO router for DHCP penetration testing.
ip dhcp binding
1
ip dhcp binding
[Image: 2.png?w=687&ssl=1]

Launch DHCP Starvation Attack using Yersinia
Yersinia is a network tool designed to take advantage of some weakness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.
Currently, yersinia supports:

Spanning Tree Protocol (STP)
Cisco Discovery Protocol (CDP)
Dynamic Trunking Protocol (DTP)
Dynamic Host Configuration Protocol (DHCP)
Hot Standby Router Protocol (HSRP)
IEEE 802.1Q
IEEE 802.1X
Inter-Switch Link Protocol (ISL)
VLAN Trunking Protocol (VTP)

From

[To see content please register here]

By default in Kali Linux installed yersinia is available for DHCP penetration testing, open the terminal and execute given command which will open yersinia in GUI mode as shown in given below image.
yersinia -G
1
yersinia -G
[Image: 3.png?w=687&ssl=1]

You will observe few tabs in the menu bar click on launch attack; a small window will pop up for choosing the protocol for attack here we had select DHCP, now enable the option for sending DISCOVER packet.
[Image: 4.png?w=687&ssl=1]

Now it will start sending a Discover packet to the router for release IP for each of its fake Discover messages as shown in the given image.
[Image: 5.png?w=687&ssl=1]

From given below image you can observe Wireshark has captured the DHCP packet where the attacker machine as source 0.0.0.0 is broadcasting DISCOVER message to Destination on 255.255.255.255. This is DHCP starvation attack which also considered as DHCP Dos attack because its send Discover message infinitely in the network to block the responded server for another genuine request from another DHCP client.
[Image: 6.png?w=687&ssl=1]

Now when again you will check our router IP table then you will observe that all IP is allocated on some different-different Hardware address as shown in given below image.
[Image: 7.png?w=687&ssl=1]

Rogue DHCP Server
A rough DHCP server is a forged server of attacker which is placed in a local network for stealing information that is being shared among several clients. After DHCP starvation attack, the official DHCP server is unable to Offer IP to DHCP client. Therefore when a client releases its old IP and requests new IP by broadcasting DHCP Discover message than rough server offers an IP as the response to the DHCP client and hence Client request for IP configuration from the fake server and get trap into the fake network. Now if the client is transferring any information over the fake network that can easily sniff by the rough server.
[Image: 8.1.png?w=687&ssl=1]

in below image, you check attacker’s machine IP is 192.168.1.104 which will reflect as DNS address in victim’s machine (Windows’s).
[Image: 8.png?w=687&ssl=1]

Now open the terminal and type “msfconsole” for Metasploit framework and execute given below commands which will create your Rouge server in the network.
use auxiliary/server/dhcp
msf auxiliary(dhcp) >set srvhost 192.168.1.104
msf auxiliary(dhcp) >set netmask 255.255.255.0
msf auxiliary(dhcp) >set DHCPIPSTART 192.168.1.200
msf auxiliary(dhcp) >set DHCPIPEND 192.168.1.205
msf auxiliary(dhcp) >exploit
1
2
3
4
5
6
use auxiliary/server/dhcp
msf auxiliary(dhcp) >set srvhost 192.168.1.104
msf auxiliary(dhcp) >set netmask 255.255.255.0
msf auxiliary(dhcp) >set DHCPIPSTART 192.168.1.200
msf auxiliary(dhcp) >set DHCPIPEND 192.168.1.205
msf auxiliary(dhcp) >exploit
If you perceive above command then you will find that it will Start DHCP service and behave like a DHCP server which will offer Class C IP to official DHCP client from specified pool between 192.168.1.200 to 192.168.1.205.
Now turn on any another system in the network and check its IP configuration.
[Image: 9.png?w=687&ssl=1]

Let’s study the given image where the attack is broadcasting Offer packet in the network and then in the 2nd packet we saw DHCP ACK which means some DHCP client ask for offered IP configuration then we can see DNS query send from an IP 192.168.1.202 to 192.168.1.104.
[Image: 10.png?w=687&ssl=1]

in given below image you can observe that 192.168.1.202 IP is allocated to Ubuntu which is an official DHCP client. Now if the client is transferring any information over the fake network that can easily sniff by the rough server. For detail read our previous article “

[To see content please register here]

”

In our previous “DOS Attack Penetration testing” we had described several scenarios of DOS attack and receive alert for Dos attack through snort. DOS can be performed in many ways either using a command line tool such as Hping3 or GUI based tool. So today you will learn how to Perform Dos attack using GUI tools as well as a command line tool and get an alert through snort.
Let start!!
TCP Flood Attack using LOIC
As we have described in our both article Part 1 and part 2 that in target system Snort is working as NIDS for analyzing network traffic packets. Therefore first we had built a rule for in snort to analysis random TCP packets coming in our network rapidity.
Execute given below command in ubuntu’s terminal to open snort local rule file in text editor.
sudo gedit /etc/snort/rules/local.rules
alert TCP any any -> 192.168.1.10 any (msg: "TCP Flood"; sid:1000001 Wink

1
2
sudo gedit /etc/snort/rules/local.rules
alert TCP any any -> 192.168.1.10 any (msg: "TCP Flood"; sid:1000001 Wink

The above rule will monitor incoming TCP packets on 192.168.1.10 by generating alert for it as “TCP Flood”. Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
[Image: 1.png?w=687&ssl=1]

LOIC: It stands for low Orbit iron cannon which is a GUI tool developed by Praetox Technologies which is a network stress testing tool. We had used it only for educational purpose in our local network, using it over public sector will consider as crime and take an illegal job. Download it from Google.
We had downloaded LOIC in our Windows system run the setup file for installation. Start the tool follow the given below step:

Select your target: Here we will go with IP option and enter the victims IP: 192.168.1.10 then click on Lock on the tab.
Attack Option: Enter port no. and select method such as TCP and enter no. of threads. If you want to wait for a reply packet from the victim’s network then enable the checkbox else to disable it.
Adjust the scale: Drawn the cursor left or right for setting the speed of your TCP packet either faster or slower mode.
Attack status: describe the attack state such as connecting or request or etc.
Ready: Now click on IMMA CHARGIN MAH LAZER to launch the DOS attack and click on stop flood In order to stop DOS attack.

We are involving Wireshark in this tutorial so that you can clearly see the packet sends from an attacker network to targets network. Hence in given below image, you can notice endless TCP packet has been sent on target’s network. It is considered as Volume Based DOS Attack which floods the target network by sending infinite packets to demolish its network for other legitimate users.
[Image: 3.png?w=687&ssl=1]

Return to over your target machine where you will notice that snort is exactly in same way capturing all incoming traffic, here you will observe that it is generating alerts for “TCP Flood”. Hence you can block the attacker’s IP (192.168.1.16) to protect your network from discard all further coming packets toward your network.
[Image: 4.png?w=687&ssl=1]

UDP Flood Attack using LOIC
I think now everything is clear to you how you can build rule in snort get alert for the suspicious network again repeat the same and execute given below command in ubuntu’s terminal to open snort local rule file in text editor and add a rule for UDP flood.
sudo gedit /etc/snort/rules/local.rules
alert UDP any any -> 192.168.1.10 any (msg: "UDP Flood"; sid:1000003 Wink

1
alert UDP any any -> 192.168.1.10 any (msg: "UDP Flood"; sid:1000003 Wink

The above rule will monitor incoming UDP packets on 192.168.1.10 by generating alert for it as “UDP Flood”. Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
1
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
[Image: 5.png?w=687&ssl=1]

Repeat the whole steps as done above only change the method attack option to choose UDP method and launch the DOS attack on target IP. You can set any set number of threads for attack since it is tutorial, therefore, I had set 20 for UDP. It is considered as Volume Based DOS Attack which floods the target network by sending infinite packets to demolish its network for other legitimate users.
[Image: 6.png?w=687&ssl=1]

Return to over your target machine where you will observe that snort is precisely capturing all incoming traffic in the same way, here you will observe that it is generating alerts for “UDP Flood”. Hence again you can block the attacker’s IP (192.168.1.16) to protect your network from discard all further coming packets toward your network on port 80.
[Image: 7.png?w=687&ssl=1]

TCP Flood Attack using HOIC
Next, we are using HOIC which is also a GUI tool for tcp attack and if you remember we had already configured TCP flood rule in our local rule file. Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
1
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
HOIC: It stands for higher orbit ion cannon developed by Praetox Technologies which is a network stress testing tool. We had used it only for educational purpose in our local network, using it over public sector will consider as crime and take an illegal job. Download it from Google.
We had downloaded HOIC in our Windows system run the setup file for installation. Start the tool follow the given below step:
Add the target by making Click on plus symbol “+”
[Image: 9.png?w=687&ssl=1]

A list of attack option will get pop up as shown in the given below image and follow the given below step:
URL: Enter your target network address as

[To see content please register here]

Power: Low/medium/high to decide the speed of packet to bent to the target machine.
At last click on Add.
[Image: 10.png?w=687&ssl=1]

From give below image you can check the status of attack “ready”, now set number of threads and then click on FIRE THE LAZER tab to lunch the dos attack.
[Image: 11.png?w=687&ssl=1]

You can clearly observe the TCP packet is sending from the attacker network to targets network. In given below image you can notice the endless TCP packet has been sent on target’s network using TCP Flags such as SYN/RST/ACK. It is considered as Volume Based DOS Attack which floods the target network by sending infinite packets to demolish its network for other legitimate users.
[Image: 12.png?w=687&ssl=1]

Return to over your target machine where you will notice that snort is capturing all incoming traffic exactly in same way as above, here you will observe that it is generating alerts for “TCP Flood”. Hence you can block the attacker’s IP (192.168.1.11) to protect your network from discard all further coming packets toward your network on port 80.
[Image: 13.png?w=687&ssl=1]

GoldenEye
Goldeneye is a command line tool used for security testing purpose we had used only for tutorial don’t use it over public sector it will consider as crime and take an as an illegal job. Execute given below in your Kali Linux to download it from GitHub.
git clone

[To see content please register here]

1
git clone

[To see content please register here]

Now give all permission to the python script and execute given below command for Launching a DOS attack on the target network. Basically, Goldeneye is used for HTTP dos testing for testing any web-server network security.
./goldeneye.py

[To see content please register here]

1
./goldeneye.py

[To see content please register here]

Using Wireshark you can observe the flow of traffic between victim and attacker network. So if notices were given below image then you will find that first attacker (192.168.1.103) sends TCP syn packet for establishing a connection with victim’s network then the attacker is sending http packet over victim’s network.
[Image: 22.png?w=687&ssl=1]

Here you will observe that it is generating alerts for “TCP Flood” since the port is 80 follow TCP protocol, therefore, snort captured the traffic generated by goldeneye. Hence you can block the attacker’s IP (192.168.1.103) to protect your network from discard all further coming packets toward your network on port 80.
[Image: 23.png?w=687&ssl=1]

Slowloris
Slowloris is a command line tool used for security testing purpose we had used only for tutorial don’t use it over public sector it will consider as crime and take an illegal job. Execute given below in your Kali Linux to download it from GitHub.
git clone

[To see content please register here]

1
git clone

[To see content please register here]

Now give all permission to the Perl script and execute given below command for Launching the DOS attack on the target network.
perl slowloris.pl -dns 192.1681.10
1
perl slowloris.pl -dns 192.1681.10
[Image: 25.png?w=687&ssl=1]

Using Wireshark you can observe the flow of traffic between victim and attacker network. So if notices were given below image then you will find that first attacker (192.168.1.103) sends TCP syn packet for establishing a connection with victim’s network then victim’s is sending SYN, ACK packet over attacker’s network and then attacker sends ACK packet and this will keep on looping.
[Image: 26.png?w=687&ssl=1]

Xerxes
Xerxes is a command line tool used for security testing purpose we had used only for tutorial don’t use it over public sector it will consider as crime and take an as the illegal job. Execute given below in your Kali Linux to download it from GitHub.
git clone

[To see content please register here]

1
git clone

[To see content please register here]

Since it is written in c language there we need to compile it using gcc as shown in given below command and run then run the script in order to launch DOS attack.
gcc xerxes.c -o xerxes
./xerxes 192.168.1.10 80
1
2
gcc xerxes.c -o xerxes
./xerxes 192.168.1.10 80
[Image: 29.png?w=687&ssl=1]

You can clearly observe the TCP packet is sending from the attacker network to targets network. In given below image you can notice the endless TCP packet has been sent on target’s network using TCP Flags such as SYN/ACK/PSH. These packets are sent in a loop between the attacker can target network.
[Image: 30.png?w=687&ssl=1]