DDOSIM – Application layer DDoS Simulator

DDOSIM – Application layer DDoS Simulator

ddosim is a tool that can be used in a laboratory environment to simulate a distributed denial of service (DDOS) attack against a target server. The test will show the capacity of the server to handle application specific DDOS attacks. ddosim simulates several zombie hosts (having random IP addresses) which create full TCP connections to the target server. After completing the connection, ddosim starts the conversation with the listening application (e.g. HTTP server).

ddosim is written in C++ and runs on Linux. Its current functionalities include:

* HTTP DDoS with valid requests
* HTTP DDoS with invalid requests (similar to a DC++ attack)
* SMTP DDoS
* TCP connection flood on random port

Connection Setup DDOS - Simulator

There are a lot of options that make the tool quite flexible:

Usage: ./ddosim
-d IP Target IP address
-p PORT Target port
[-k NET] Source IP from class C network (ex. 10.4.4.0)
[-i IFNAME] Output interface name
[-c COUNT] Number of connections to establish
[-w DELAY] Delay (in milliseconds) between SYN packets
[-r TYPE] Request to send after TCP 3-way handshake. TYPE can be HTTP_VALID or HTTP_INVALID or SMTP_EHLO
[-t NRTHREADS] Number of threads to use when sending packets (default 1)
[-n] Do not spoof source address (use local address)
[-v] Verbose mode (slower)
[-h] Print this help message

Examples:

1. Establish 10 TCP connections from random IP addresses to www server and send invalid HTTP requests (similar to a DC++ based attack):

./ddosim -d 192.168.1.2 -p 80 -c 10 -r HTTP_INVALID -i eth0

2. Establish infinite connections from source network 10.4.4.0 to SMTP server and send EHLO requests:

./ddosim -d 192.168.1.2 -p 25 -k 10.4.4.0 -c 0 -r SMTP_EHLO -i eth0

3. Establish infinite connections at higher speed to www server and make HTTP valid requests:

./ddosim -d 192.168.1.2 -p 80 -c 0 -w 0 -t 10 -r HTTP_VALID -i eth0

4. Establish infinite TCP connections (without sending a Layer 7 request) from local address to a POP3 server:

./ddosim -d 192.168.1.2 -p 110 -c 0 -i eth0



More background info:

Some of the hardest to mitigate distributed denial of service attacks are the ones targeting the application layer (in TCP/IP stack). They are difficult to stop because they look legitimate to classic firewalls which let them pass freely (for an example look here). The only way to stop this kind of attacks is deep packet inspection (layer 7 inspection) which means a lot of money/resources.

In general, a DDoS attack is performed by an armie of bots (zombies) that simultaneously send attack packets to a victim server. If we talk about UDP packets (ex. targeting a DNS server), the attack is easier to implement because a zombie needs to send a single UDP packet (multiple times) to contribute to the attack. But in case of a TCP based attack, the zombie needs first to establish the full TCP 3-way handshake and then send the data packets (e.g. HTTP GET request). ddosim successfully simulates this attack scenario.

If you have any questions regarding ddosim, please let me know.

OS s n process ...................

Secured
Virus Free
Linux Kernel

Compatability
Reliable

HACKING & INTERNET SECURITY

New blog mainly focusing on ETHICAL HACKING & INTERNET SECURITY Will be released soon......


Welcome to the unique confluence of hackers , crackers and security professionals
on the world wide web.

This is your complete resource for internet security and ethical hacking.


visit:www.sibichakkaravarthy.blogspot.com for more information

why a System/domain needs a firewall?????????????

why a System/domain needs a firewall?????????????

A firewall protects your computer by blocking unauthorized information. If a firewall blocked all the incoming and outgoing data, the computer would be unable to access the Internet. When you want some data to go through your firewall, and you want it sent to a specific location, you can set up port forwarding. Port forwarding gives the firewall instructions about which types of data are allowed and how they should be directed.

PORT FORWARDING

Port forwarding is the process that your router or firewall uses to sort the right kind of network data to the right port. Computers and routers use ports as a way to organize network data. Different types of data, such as web sites, file downloads, and online games, are each assigned a port number. By using port forwarding, the router or firewall sends the correct data to the correct place.

Port forwarding, also known as tunneling, is basically forwarding a network port from one node to the other. This forwarding technique allows an outside user to access a certain port (in a LAN) through a NAT (network address translation) enabled router.

Advantages of Port Forwarding

Port forwarding basically allows an outside computer to connect to a computer in a private local area network. Some commonly done port forwarding includes forwarding port 21 for FTP access, and forwarding port 80 for web servers. To achieve such results, operating systems like the Mac OS X and the BSD (Berkeley Software Distribution) will use the pre-installed in the kernel, ipfirewall (ipfw), to conduct port forwarding. Linux on the other hand would add iptables to do port forwarding.

Downsides of Port Forwarding

There are a few downsides or precautions to take with port forwarding.

* Only one port can be used at a time by one machine.
* Port forwarding also allows any machine in the world to connect to the forwarded port at will, and thus making the network slightly insecure.
* The port forwarding technology itself is built in a way so that the destination machine will see the incoming packets as coming from the router rather than the original machine sending out the packets.