In this post walkthrough, I set up an analysis environment composed of security onion with Wireshark actively listening on incoming traffic and kali machine with python script used that launches a Denial of Service or DDOS to test the capability of a web server. You can use the illustration to test multiple kinds of servers in your environment. The whole process is called Servers Stress Testing
Skills Learned
- Python
- Wireshark
- Denial of Service Attack
- Security Onion
- Security Analysis
My Setup
To get started, I have a couple of things running. On my Security Onion machine, I’m running Wireshark to capture network traffic. This will allow me to see the incoming packets from the attack. I’ve also configured the firewall on Security Onion to allow incoming traffic on a few specific ports for this test.
On my Kali Linux machine, I have a Python script that I’ve written to carry out the DoS attack. The script uses the scapy
module, a powerful tool for crafting and sending network packets.
The Attack Script
The Python script is pretty straightforward. It prompts the user for a few pieces of information:
- The source IP address (my Kali Linux machine)
- The target IP address (my web server on Security Onion)
- The source port (I’m using port 443 for this demonstration)
Once it has this information, the script enters a while
loop and starts sending a continuous stream of packets to the web server on the specified port.
The Attack in Action
With everything set up, I run the script. At first, the attack causes a slight delay on the web server, but it’s still accessible. I decide to increase the intensity of the attack by modifying the script to send larger packets.
Even with the larger packet size, a single IP address isn’t enough to take down the web server. The attack only causes minimal delays. This demonstrates that to effectively overload a web server, you would need to launch the attack from multiple IP addresses simultaneously.
Customizing the Script
The great thing about this script is that it can be easily customized for different scenarios. For example, if you wanted to test other services like SSH or FTP, you could simply change the destination port in the script.
You could also modify the script to run from multiple IP addresses by using a for
loop to iterate over a list of IP addresses. This would eliminate the need to manually enter the target IP each time. Similarly, you could use a for
loop to test a range of ports, from 1 to 65535.
Technical Commands Used
Here are the key commands I used in this demonstration:
- Allowing Incoming Traffic (on Security Onion):
sudo ufw allow from any to any port 443 proto tcp
sudo ufw allow from any to any port 222 proto tcp
sudo ufw allow from any to any port 7734 proto tcp
- Running the Python Script (on Kali Linux):
sudo python3 ddos.py