This blog is NOT OFFICIAL website of Kali Linux. We just share Tutorials to learn Cybersecurity.

DOS and DDOS Attacks in Kali Linux

Home
Today we are going to learn DOS and DDOS attack techniques. Denial-of-service (DOS) is an attack crashes a server, or make it extremely slow. DOS is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. In simple words by DOS attack an attacker sends a lots of useless traffic to targeted website or server or network that because the system can't handle this very huge amount of requests, and the system goes down, no one can use the system. As we all know that every server have traffic limits if the requests are more then the traffic limit at once the server becomes very slow or even it can crash. This technique is called DOS (Denial-Of-Service) attack.

DOS and DDOS Attacks in Kali Linux


DDOS is Distributed Denial-of-Service attack. DOS is the attack which performed from one computer to one targeted network, in DOS a single machine sends millions of useless traffic on a network but in the case of DDOS many attacker machine targets one network and every attacker machine is performing DOS.  That means each and every attacker machine sends millions of traffics. DOS becomes useless against high capacity servers because larger servers easily manages millions of traffics. In such cases the attacker needs thousands or more machines from various networks to knee down the target, this is DDOS attack. To do this DDOS attacker need a organized group of hackers or botnets. Hacking group Anonymous is famous for their DDOS attacks.

Black hat hackers uses DDOS to slow down or crashes high profile web servers like banks or payment gateways, for revenges or blackmail and activism.

DOS attack can perform easily using various tools like
  1. Nemesy
  2. RUDY
  3. GolodenEye
  4. UDP flood
  5. PyLoris
  6. HULK
  7. ToR's Hammer
  8. xerxess
  9. LOIC
  10. HOIC
  11. MetaSploit
There are also various types of DOS attack techniques:
  • Distributed volume based DOS attack
  • Degradation of service attacks
  • Application-layer floods
  • DDOS extortion
  • HTTP POST DOS Attack
  • Internet control message protocol (ICPM) flood
  • R U Dead-Yet (RUDY)
  • Nuke
  • Peer-to Peer attacks
  • Permanent denial-of-service attacks
  • Reflected/spoofed attack
  • shrew attack
  • (S)SYN Attack
  • Teardeop attacks
  • Telephony denial-of-service (TDOS)
Now we practically do this on our localhost server using Slowloris. We clone Slowloris from it's GitHub repository by using following command:

git clone https://github.com/gkbrk/slowloris
The screenshot of the command is following:

downloading slowloris

Then we type cd command to navigate in to Slowloris's directory:

cd slowloris
Then we need to run Slowloris Python script. Here we need the IP address of the targeted server or website in our case it is 127.0.0.1 that is our localhost. The command of DOS attack using Slowloris will be as following:

./slowloris.py 127.0.0.1 -s 500
slowloris on attack

This attack is slow down our loaclhost server.
loading....
Look it is loading .....
Localhost servers are called world's fastest server and it is loading....😮😮😮.....

server not responding
Here we need to wait for server's response
We also can use our android smart phones to perform DOS attack by using AnDOSid and LOIC. Search for those applications and try them on own network for learning purpose.

This article is only for educational or informational purpose only. The author is not responsible for any illegal activity. KaliLinux.In does not promote any malicious activities.
author-img
Kali Linux

Comments

10 comments
Post a Comment
  • protik photo
    protikDecember 27, 2019 at 10:52 PM

    how much time it needs?

    Delete Comment
    • Kali Linux photo
      Kali LinuxDecember 28, 2019 at 8:30 AM

      Thanks Protik, For your valuable comment. It doesn't consume much time.. usually some seconds... But if you are testing on a live website that might be illegal. If the website have cloulflair protection then it will block your IP and you can't continue your attack. If the website have high bandwidth capacity then DOS from a a single people will not work. Lots of people at same time attacking DOS on a single site called DDOS.

      Delete Comment
    • Unknown photo
      UnknownMay 10, 2020 at 12:12 PM

      This attack doesn't work. I don't know why

      Delete Comment
      • AnonymousJuly 26, 2020 at 3:02 PM

        yep i know it does not work even i have tried the attack but a common reason is clouldflair protection and a high bandwidth capacity

        Delete Comment
        • Kali Linux photo
          Kali LinuxJuly 26, 2020 at 7:37 PM

          Cloudflair id the protection of DOS, in this case you need to find the real IP behind the the cloudflair.. Against the high bandwidth capacity you need a larger group of DOS attacker that will be effective (This technique used by Anonymous group).

          Delete Comment
        • Unknown photo
          UnknownOctober 23, 2020 at 1:12 PM

          git clone https://github.com/gkbrk/slowloris yazıktan sonra cd slowloris yazıyorum no such file or directoy diyor ne yapayım?

          Delete Comment
          • 001002003 photo
            001002003January 25, 2021 at 6:04 PM

            Hey admin
            thnax for everything but How to find IP address of certain website?

            Delete Comment
            • Kali Linux photo
              Kali LinuxJanuary 26, 2021 at 1:02 PM

              We can simply use ping, check this. This is hard to find the real IP if the website is using cloudflare protection.

              Delete Comment
              • Unknown photo
                UnknownJune 28, 2021 at 10:00 AM

                it does not work all it does is slow down the websites a tiny bit and as i mean tiny i mean that

                Delete Comment
                • Kali Linux photo
                  Kali LinuxJune 28, 2021 at 12:51 PM

                  Modern day websites uses cloudflare security, they can't be DOS. If the target isn't using cloudflare then also we need many computers using DOS on a single target. That is called DDOS, this is much more effective then single attacker (DOS).

                  Delete Comment
                google-playkhamsatmostaqltradent