Home / Business & Management / Cyber Security / Advanced Cyber Security Training: Network Security / DOS and DDOS Attacks: Demonstration and Mitigation
DOS and DDOS Attacks: Demonstration and Mitigation
In this video, you will see a demonstration of how to conduct a DDOS attack.
So let’s take a look at an example of Low Orbit Ion Cannon. Now, before I start this demonstration, I do want to reiterate that DDoS attacks are very illegal. You do not want to launch this on any network that you don’t own. Now, this attack is actually launched on my own virtual network. So I have a little lab environment set up here that we’re going to run. So let’s take a look. So this is a Low Orbit Ion Cannon. It’s a Windows program, pretty easy to use. On the background here, we have Kali Linux. This is my virtual machine that I’m running here. And in the back, I have Wireshark running, as you can see here.
Now, I’m running Wireshark so you can see what’s actually going on. And I’m taking a look at UDP traffic, because that’s what I’m going to be launching the attack as. Now, Low Orbit Ion Cannon is a pretty common one. The way it works is, the first section, if you have a URL, you can type a URL in or IP address. In this case, I used the IP address, because this is a virtual machine I’m attacking. Now, once you have it, have your target set, you’ll see this change. Click Lock On, and we can see our target here. Now, down in here is the TCP/UDP message. Now, what’s happening is, this is the message that’s being flooded at this target.
“A cat is fine too.” So this message is being sent over and over and over again and in quick succession where it’s eventually going to flood out that computer. Now, down in here, we can select a port address. We can set the method - TCP, UDP, HTTP. We can select a number of threads. And we can set this for faster or slower. Now, once all this is set, we click the button up here. And then in the background, we could see down in here how many requests are being sent. And in here, you can see all the UDP requests that it’s getting.
Now, if we click on one of these UDP requests, you can see down in here, that’s the message that’s being sent. So these attacks in general are pretty devastating, especially if you get several computers. Now, to take down a gigabyte server bandwidth wise, a large network like Xbox, PlayStation, Sony, and what not, it’s going to take more than a single computer. This is going to take hundreds, thousands, tens of thousands of computers on launching this type of attack to effectively take it down.
But that’s really not that unusual when we start looking at the news and you consider how many computers are out there infected with a botnet and people don’t even know - so again, very, very devastating, as you saw, really easy to perpetrate these type of attacks. So mitigation, what type of ways can we help prevent or at least deal with these type of attacks? Well, a big one is called Cloudflare. And they’re a business, San Francisco-based company found in 2009. And their primary business is denial - to distribute Denial of Service protection. And they’re one of the largest anti-DDoS companies around.
Now, the way they work is, they basically sit between you and whatever, your server or your websites and what not. And as traffic comes in that’s malicious, they scan that traffic. They recognise it’s malicious. And they offset that traffic. Now, for the most part, Cloudflare works very well. They have a lot of bandwidth. They have a lot of really smart people working for them. And they’re able to mitigate that traffic. There has been cases where the traffic was so unusually large that it did fail. But again, it’s overall, it’s a really good option if you’re running a large network.
You might want to take a look at Cloudflare as a solution for DDoS attacks if that’s something that you’re concerned about. Other mitigation options are, deny the traffic to the specific IP addresses flooding you. So if you know that IP address that’s hitting you, you could try blocking it from your firewall, for example. The problem with this is, if you have a lot of requests - you get hundreds, thousands, tens of thousands, hundreds of thousands of these IP addresses - that’s not going to be too feasible to actually go through and blacklist every one of these. Also if you have that many flooding you, you’re probably going to overwhelm your firewall anyways.
Other option is, have your DNS provider sinkhole the bad traffic. What that means is, that as the traffic comes in the DNS server, the DNS server recognises IP addresses. And it forwards it off somewhere else away from your actual servers. Now, DNS sinkholing is typically going to be done by your ISP. They generally handle your DNS traffic. Most likely if you’re getting hit with a DDoS attack, they’re probably going to recognise it anyways. But if you don’t see any action being taken, you probably want to call them and say, hey, we’re getting hit with a DDoS attack. Could you sinkhole that traffic off? Other option is to switch your core service with secondary internet connection.
So if you’re lucky enough to have more than one internet connection - say, one connection’s with Comcast, one’s with AT&T, your main one’s Comcast - what you could do is you could switch your critical servers off to the other connection if you’re able to. That way your core servers are still running while you’re still trying to deal with the flood that’s happening to you and your network. Now, to recap, DDoS attacks can be costly. A DDoS attack can not only take down a site or server, but also intends to be very costly, because it takes these services offline. DDoS attacks are pretty simple overall.
They’re pretty easy to launch and oftentimes with larger ones are going to be done by botnets or even as a service. Services such as Cloudflare can really help you with protect your company from DDoS attacks. Blocked by your firewall - you could try blocking the offending IP addresses from your firewall in an attempt to mitigate the attacks. But again, if you’re getting a lot of different attacks from different locations, probably not going to be a really viable option. DNS sinkholing, again, you could try sinkholing the traffic from your DNS provider, which is most likely going to be your ISP.
And secondary connection - if you’re fortunate enough to have a secondary internet connection, you could try failing over your critical servers to the non-flooded line while you try dealing with the DDoS attack or waiting for it to go away. So this was about DDoS attacks and Denial of Service attacks. In the next video, we’re going to be taking a look at how a malicious hackers - or rather, a malicious hacker’s methodology. Thank you for watching. I’ll see you in the next video.
In this video, you will see a demonstration of how to conduct a DDOS attack.
We have used Low Orbit Ion Cannon to demonstrate how to conduct a DDOS attack. Remember that this is illegal, so do not try this!
You should now be familiar with how to conduct an attack, you should also understand how to mitigate such an attack. While we went through the demonstration, hopefully you were considering your own network and possible vulnerabilities it may have.
Investigate and share: Take a moment to search the news for recent or particularly large DDOS attacks, and share the details of the attacks here. Try to see if the news article includes why the attack was able to happen. Share your comments in the section below.
This article is from the online course:
Advanced Cyber Security Training: Network Security
Created by
This article is from the free online
Advanced Cyber Security Training: Network Security
Reach your personal and professional goals
Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.
Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.
