Introduction
Recent events that have gone on in my favorite website(darksunlight.com) have inspired me to inform people of the dangers of DDoS.
Like the art of hacking by "Social Engineering", their is no anti-virus for DDoS. The only cure is knowledge. Informing the people is the only way to keep it from happening to them. Or a nice firewall^^
I know their are a lot more ways to DoS than are shown here, but i'll let you figure them out yourself. If you find any mistake in this tutorial please tell me^^
What is "DDoS"?
Denial of Service attacks(or Distributed Denial of Service attacks[DDoS]) are a form of organized attacks with the goal of taking down a server by overloading it. Often by sending useless information(packets) to a server in massive amounts.
In-fact about a year ago I found one of my websites was accidentally DoS-ing darksunlight.com(I use darksunlight as my webhost) because my PHP script made an infinite loop that sent the same information over and over and over into darksunlight's SQL databases. This one page took this EXTREMELY powerful server down twice in less than a minute. That site has since been deleted.
That story demonstrates that it does not take more than a simple "error" in your code to overload a server.
Keep in mind that altough spreading knowledge is my main goal, performing DDoS attacks is indeed a federal crime in the US.
It is also an international offence and will be punished according to the local laws of the individual's country.
But enough talk. I will now show you a quick example of a DoS attack of sorts you can do on your local computer.
Sample
Keep in mind that this is NOT a real DoS attack, but rather an example to visualize how a DoS attack works.
We will take down YOUR computer.
What did you learn from this?
Observe how the file rapidly replicates itself, opening a new CMD right after it opens another.
An infinite loop has been created that has filled the RAM with useless and massive amounts of CMDs(or Terminals for you Unix folk)
DDoS attacks work much the same way, except instead of replicating an infinite number of CMDs, they send information(packets) to the server over and over and over again until the server crashes.
What information you may ask?
Anything. Your login name, your 'online' status, a new comment, the number of views on a video, your new high score. Absolutely any information that could be resent a massive amount of times to the same server.
Next we will be discussing the simplest form of DDoS.
DDoS by Ping Flood
Please note that I will be pinging my Localhost. You should too.
Perhaps one of the simplest ways to DoS is by using the 'ping' command built into most operating systems, including all windows and Linux distributions.
Since most modern servers can take the stress of the ping flood, you will need to get all your friends to help you ping to bring your server down. Or even slow it down.
Command Explained
ping - tells the computer to ping a server
-t - It will continue to ping the server until the command is closed, or stopped.
-a - Resolves the adress to host names.
-l - Size.
By default the ping will send 32bytes of data to the server, so you must change this to a bigger number. The maximum is 65,500bytes, so that is what we used.
If you send a server any number higher than 65,500bytes it will instantly crash. This is called "Ping of Death".
Like any other thing with the suffix "of Death" it is very rare, and hard to accomplish indeed.
DDoS by Reloading
Something as simple as reloading a page can take down a server if done enough times.
Their are many addons and tools that allow you to autoreload a page. It is a matter of googleing for them. They are widely available and free.
I have just created a program that allows you to Auto-refresh a page using IE. If you are interested please download from:
Host: Filehost.ws | Size: 9kb | Format: .zip ultra compressed | Platform: Windows
This method is very primitive as you can see, but it is probably the best way to DDoS.
Low-Orbit Ion Cannon
LOIC (Low Orbit Ion Cannon) is an app, written in C# and developed by praetox, that was used by Anonymous during Project Chanology. It attempts to DoS the target site by using all its bandwidth, sending TCP, UDP, or HTTP requests to the server until it crashes.
Download:
LOIC | Host: SourceForge | Size: 130kb
Warning: This tool might not seem like much, but many people of all ages have been arrested and convicted for knowingly using this tool. Remember DoS and DDoS are federal crimes, however insignificant it may seem. Use at your own discretion.
Conclusion
Now you know what a DDoS attack is and you can work to better protect your self.
Their are still many other ways to attack a server, but these are the basics of DoS.
Protect your servers xD
Like any web developer I hope you will use this information for the good.
Sadly i know that their are those amongst us that are, even now as we read this, plotting how to do harm with this information.
To those, I flip the bird.
You may use this tutorial, in part or as a whole, for whatever purpouse.
-Druidtton of Darksunlight.
Recent events that have gone on in my favorite website(darksunlight.com) have inspired me to inform people of the dangers of DDoS.
Like the art of hacking by "Social Engineering", their is no anti-virus for DDoS. The only cure is knowledge. Informing the people is the only way to keep it from happening to them. Or a nice firewall^^
I know their are a lot more ways to DoS than are shown here, but i'll let you figure them out yourself. If you find any mistake in this tutorial please tell me^^
What is "DDoS"?
Denial of Service attacks(or Distributed Denial of Service attacks[DDoS]) are a form of organized attacks with the goal of taking down a server by overloading it. Often by sending useless information(packets) to a server in massive amounts.
In-fact about a year ago I found one of my websites was accidentally DoS-ing darksunlight.com(I use darksunlight as my webhost) because my PHP script made an infinite loop that sent the same information over and over and over into darksunlight's SQL databases. This one page took this EXTREMELY powerful server down twice in less than a minute. That site has since been deleted.
That story demonstrates that it does not take more than a simple "error" in your code to overload a server.
Keep in mind that altough spreading knowledge is my main goal, performing DDoS attacks is indeed a federal crime in the US.
It is also an international offence and will be punished according to the local laws of the individual's country.
But enough talk. I will now show you a quick example of a DoS attack of sorts you can do on your local computer.
Sample
Keep in mind that this is NOT a real DoS attack, but rather an example to visualize how a DoS attack works.
We will take down YOUR computer.
- Step 1
Open up notepad, mousepad, or your favored equivalent. - Step 2
Type in this simple batch command
Code:
:a
start
goto a - Step 3
Save as "dossample.bat" making sure you select "All files" from the "File Type" dialog. - Step 4
Run that sucker, but save your work first, as this will crash even the best computers in a matter of minutes.
What did you learn from this?
Observe how the file rapidly replicates itself, opening a new CMD right after it opens another.
An infinite loop has been created that has filled the RAM with useless and massive amounts of CMDs(or Terminals for you Unix folk)
DDoS attacks work much the same way, except instead of replicating an infinite number of CMDs, they send information(packets) to the server over and over and over again until the server crashes.
What information you may ask?
Anything. Your login name, your 'online' status, a new comment, the number of views on a video, your new high score. Absolutely any information that could be resent a massive amount of times to the same server.
Next we will be discussing the simplest form of DDoS.
DDoS by Ping Flood
Please note that I will be pinging my Localhost. You should too.
Perhaps one of the simplest ways to DoS is by using the 'ping' command built into most operating systems, including all windows and Linux distributions.
- Step 1
Start up your server. Mine is apache, but that is beside the point, the server type does not matter. If it has an IP address, it can be pinged. - Step 2
Type in the ping command
Code:
ping -t -a -l 65500 localhost
- Step 3
Press enter and watch it ping the localhost over and over until[/b]
your server crashes, or you get tired of waiting for it to crash.
Since most modern servers can take the stress of the ping flood, you will need to get all your friends to help you ping to bring your server down. Or even slow it down.
Command Explained
ping - tells the computer to ping a server
-t - It will continue to ping the server until the command is closed, or stopped.
-a - Resolves the adress to host names.
-l - Size.
By default the ping will send 32bytes of data to the server, so you must change this to a bigger number. The maximum is 65,500bytes, so that is what we used.
If you send a server any number higher than 65,500bytes it will instantly crash. This is called "Ping of Death".
Like any other thing with the suffix "of Death" it is very rare, and hard to accomplish indeed.
DDoS by Reloading
Something as simple as reloading a page can take down a server if done enough times.
- Step 1
Make a page that lets you submit forms. Method='GET' is better than method='POST' for this, but both will work.
(If you do not understand step 1, just find a page that lets you submit information, like a new comment or upload a picture) - Step 2
Fill out the forms and submit - Step 3
Reload the page
If the page uses the POST method your browser will display a dialog asking if you are sure you want to resend the information, or something to that effect. Simply click "Continue" or "OK".(see now why GET is better?) - Step 4
Keep reloading until server is down.
Their are many addons and tools that allow you to autoreload a page. It is a matter of googleing for them. They are widely available and free.
I have just created a program that allows you to Auto-refresh a page using IE. If you are interested please download from:
Host: Filehost.ws | Size: 9kb | Format: .zip ultra compressed | Platform: Windows
This method is very primitive as you can see, but it is probably the best way to DDoS.
Low-Orbit Ion Cannon
LOIC (Low Orbit Ion Cannon) is an app, written in C# and developed by praetox, that was used by Anonymous during Project Chanology. It attempts to DoS the target site by using all its bandwidth, sending TCP, UDP, or HTTP requests to the server until it crashes.
Download:
LOIC | Host: SourceForge | Size: 130kb
- Step 1
Download and extract LOIC - Step 2
Open LOIC.exe and fill out the required information.
Instructions for filling out:- IP or URL = IP or URL that you wish to DoS
- TCP / UDP message = information being sent, just write something random. Or leave it as default.
- Port = Server's port
- Method = Server's Method, leave as TCP if unknown
If you are gonna try to take down a website then use HTTP - Speed = set to "<= faster"
- Threads = How many users it should simulate, the higher the number the faster it will crash. Set to 10,000. Note that this might make your computer lag, if so, set to a lower amount.
- Step 3
Click on "IMMA CHARGIN MAH LAZER"
This starts your the program.
Warning: This tool might not seem like much, but many people of all ages have been arrested and convicted for knowingly using this tool. Remember DoS and DDoS are federal crimes, however insignificant it may seem. Use at your own discretion.
Conclusion
Now you know what a DDoS attack is and you can work to better protect your self.
Their are still many other ways to attack a server, but these are the basics of DoS.
Protect your servers xD
Like any web developer I hope you will use this information for the good.
Sadly i know that their are those amongst us that are, even now as we read this, plotting how to do harm with this information.
To those, I flip the bird.
You may use this tutorial, in part or as a whole, for whatever purpouse.
-Druidtton of Darksunlight.
3 Comments
Don proudly rejoin, Wang Bao concern will come Coushang Road, the other two concerns have cast eyes, Don proudly in saber offensive, whether there all right all right, and so will have to wait Don proudly faint smiles, Cheap Ugg Boots Online temporarily able injury reduction, forced to play the competition would not have affected much but it is unclear for some time, after things calm, but also whether the normal saber competition coming next several special forces.
ReplyDeleteAce secret military team members inside out just enough to let them have a look up, let alone challenge, Don proudly in history, should be the first challenge saber, so many special forces had enough of the eye addiction Cheap Ugg Boots Sale Don proudly injury concerns three members of another sigh of relief attention and placed immediately above the ring, Don proudly challenge appetizer, then the leaf River map is playing went straight to the question of a few.
Warm-up last night after looking around and asked Leaf River map, no one answered him, VIP gallery of several old man Cheap Ugg Boots Uk grimace, Buda Leaf River map, then leaving the scene are a bunch of Leaf River map mess, who Xianxin Dali leaf River map has been sent to hospital for treatment of JIA old man would not pay him any heed on the sidelines of the special forces who would not easily provoke leaf River map, the same is increasingly unbridled afraid.
ReplyDelete15.07.25fangyanting
louboutin
mcm bags
hollister outlet
coach factory outlet
longchamp pas cher
ed hardy outlet
toms outlet store
gucci handbags
oakley outlet
air max uk
polo outlet
air max 2015
nike blazer pas cher
chaussure louboutin pas cher
true religion jeans
sac louis vuitton pas cher
mont blanc pens
michael kors outlet
christian louboutin shoes
toms shoes for women
coach factory outlet
kate spade handbags
chanel bags
oakley store
coach outlet
cheap oakleys
tory burch outlet online
burberry sale
ralph lauren polo shirts
polo ralph lauren
cheap jordans free shipping
oakley sunglasses sale
cheap ray bans
beats headphones
ray ban wayfarer
michael kors outlet
ReplyDeletecoach outlet store
louis vuitton handbags
snow boots outlet
coach outlet
longchamp outlet
true religion jeans
nfl jerseys wholesale
hollister clothing
ugg outlet
burberry outlet
swarovski outlet
ferragamo outlet
michael kors online outlet
fitflops sale clearance
ferragamo shoes