Simulating SYN Flooding Attack(DOS)

 Basic 3 way TCP Handshake:

tcp 3 way handshakeState during Sync flooding attack

Performing a TCP SYN flood attack 


Example of DDOS attack with hping3  and kali linux:

Note:  In this case both attacker’s system and victim server are in same network .

Step#1: Victim server: 192.168.1.100


Step#2: Attacker’s system: 192.168.1.102

Step#3: Install hping3 in kali using below command

# sudo apt-get install hping3

Step#4: Now, attacker will use hping3 or another tool to spoof IP random addresses, The using below command start and direct the SYN flood attack to our target (192.168.1.100):

# hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.1.100

Now SYN flooding attack has started.

Let’s explain in detail the above command:

-c 150000 : Indicates that we are sending 15000 packets

-d 120 : Indicates each packet is of 120 bytes

-S : Specifying SYN flag should be enabled.

-w 64: Indicates TCP window size of 64

-p 80: Specifying port to attack victims webserver at port 80

--rand-source: Used to generate spoofed IP address to avoid detection and same time stops the victim’s SYN-ACK reply packets from reaching attacker system i.e (192.168.1.102).

 

To verify the attack is successful we run wireshark for analysis.

Step#5: From the below screenshot of wireshark running in attacker system we can conclude that lots SYN packets are sent to 192.168.1.100 in very less time.


Step#6: Similarly, From the below screenshot of wireshark running in victim server we can conclude that lots SYN and ACK packets are sent from 192.168.1.100 (victim server) to different IP distributions in very less time. Which confirms successful SYN Flooding Attack.


Note: In search tab of wireshark enter tcp.flags.syn == 1 and tcp.flags.ack == 1 so that only responses with SYN and ACK are filtered.


Step#7: Results can be better viewed by wireshark IO Graph as below. The I/O graph can be found via the Statistics>I/O Graph menu. 


Comments

Post a Comment

Popular posts from this blog

File Upload Security Testing Checklists

  Security Checklist Are filenames reflected back on the page? If so, are they HTML Entity encoded (XSS via file names)? Does it accept .zip files? Try a  ZipSlip If it processes an image, check for  Image Tragick (CVE-2016-3714) Can you bypass file type restrictions by changing the content-type value? Can you bypass file type restrictions by  forging valid magic bytes ? Can you upload a file with a less-common extension (such as .phtml)? Try playing with the filename in the request, a potential vector for traversal or SQL injection. Check for the acceptance of double extensions on uploaded files. Test for  null-byte injection . Is the server windows? Try adding a  trailing  .  to bypass extension blacklists , this dot will be removed automatically by the OS. Can you upload an  SVG for XSS ? If supported by the webserver, can you  upload .htaccess files ? Does the backend process the image with the  PHP GD library ? Is the app vulnerable to the  infamous ffmpeg exploit ? Can custom pol
Read more

SAML Security Test Cases

Signature Exclusion Attack -Test whether or not the SP accepts an Assertion without a Signature  Signature Spoofing attack -Test whether SP accepts fake signature or using previously generated/invalid signature Signature Wrapping Attack (8 Different Ways)-Test whether or not the SP is susceptible to Signature Wrapping XML Injection -Test if can inject malicious code into the SAML response from IDP, allowing them to execute arbitrary code on the SP server. XML Entity Expansion (XEE)/XXE -Test whether or not the SP is vulnerable to XML External Entities Replay attacks -Test if previously generated SAML response from IDP can be accepted by SP Certificate Faking/Self signed certificate -Test whether or not the SP verifies that the Assertion came from a trusted IDP/Test if SP accepts self-signed certificate XSLT Injection -Test whether or not the SP is vulnerable to XSLT Predictable signature -Test whether IDP generating guessable signature SAML message expiration -Test whether SP accepts
Read more

Drozer - A Framework for Android Application Security Assessment.

Image
1.             Introduction 1.1   This document explains how to get started with Drozer, and how to use it to perform a security assessment of an android application. 1.1.      Drozer Drozer is a python based comprehensive security audit and attack framework for Android. It is an open-source framework, used for android pen-testing. It works like a client-server model and makes use of Android’s Inter-Process Communication (IPC) mechanism to interact with the underlying operating system of the device. IPC is a mechanism by which different components of android like intents and data binders communicate with each other so that the communication is established between the apps present in the android device. Drozer helps to remotely exploit android devices with predefined and custom modules that exploit known vulnerabilities. 1.2.      Conventions used Throughout this document, command-line examples will use one of two prefixes: dz> indicates that the command shou
Read more