Attackers overload a web server and shut down access to a web property through DoS and DDoS attacks. DDoS attacks are more prevalent and damaging in the modern Internet for two reasons. First, modern security tools have evolved to stop some ordinary DoS attacks. Second, DDoS attack tools have become relatively cheap and easy to operate.
How are DoS/DDoS attack tools categorized?
Some tools exist that can be adapted to launch DoS/DDoS attacks, or are explicitly designed for that purpose. The former category is often “stressors” — tools with the stated purpose of helping security researchers and network engineers perform stress tests against their networks, but which can also be used to perform genuine attacks.
What are commonly used DoS/DDoS attack tools?
Some commonly used tools include:
- Low Orbit Ion Cannon (LOIC)
The LOIC is an open-source stress testing application. It allows for both TCP and UDP protocol layer attacks to be carried out using a user-friendly WYSIWYG interface. Due to the popularity of the original tool, derivatives have been created that allow attacks to be launched using a web browser.
Example: OpIsrael (2013) – Attacks coordinated by Anonymous to protest Israel’s Gaza policies, targeting finance and government sites.
- High Orbit Ion Cannon (HOIC)
This attack tool was created to replace the LOIC by expanding its capabilities and adding customizations. Using the HTTP protocol, the HOIC can launch targeted attacks that are difficult to mitigate. The software is designed to have a minimum of 50 people working together in a coordinated attack effort.
- Slowloris
Slowloris is an application designed to instigate a low and slow attack on a targeted server. It needs a relatively limited amount of resources to create a damaging effect.
Example: The attacker starts sending partial HTTP requests to `ExampleWebServer`, but keeps the speed slow enough to maintain an open connection
- R.U.D.Y (R-U-Dead-Yet)
R.U.D.Y. is another low and slow attack tool designed to allow the user to easily launch attacks using a simple point-and-click interface. By opening multiple HTTP POST requests and then keeping those connections open as long as possible, the attack aims to slowly overwhelm the targeted server. This eventually consumes all available connections and resources on the server, making it inaccessible to legitimate users.
- GoldenEye Python
Goldeneye is a free, open-source .NET Core framework that allows denial of service attacks. It uses legitimate HTTP traffic and requires only a few hundred requests at regular intervals, making it a useful tool for daily work. Goldeneye sends multiple requests to the target as a result generates heavy traffic botnets
You can check this article on how it works: https://prod.nucleiotechnologies.com/how-to-test-a-website-server-security-using-goldeneye-python/
How can I defend against DoS/DDoS tools?
Since DoS and DDoS attacks take a variety of forms, mitigating them requires a variety of tactics. Common tactics for stopping DDoS attacks include:
- Rate limiting: Limiting the number of requests a server will accept over a certain time window
- Web application firewalls: Tools that filter web traffic based on a series of rules
- Anycast network diffusion: Placing a large, distributed cloud network between a server and incoming traffic, providing additional computing resources with which to respond to requests.
As we conclude this blog, understanding DDoS attack tools is crucial for defending against malicious tactics, but it’s equally important to use this knowledge ethically and legally.