Exercise 10: Simulating a DDoS Attack Using LOIC

Objective

Simulate a Distributed Denial of Service (DDoS) attack using LOIC (Low Orbit Ion Cannon) and analyze its impact on a target server. Implement mitigation strategies like rate limiting and load balancing to defend against such attacks.

Scenario

You are a cybersecurity analyst tasked with testing the resilience of a company’s web server against DDoS attacks. In this exercise, you will simulate a DDoS attack using multiple systems running LOIC to flood the target server with requests. You’ll monitor how the server handles the load and apply defensive strategies to mitigate the attack.

⚠️ Important: This exercise must be conducted in a legal, isolated lab environment. Unauthorized DDoS attacks are illegal and unethical.

Lab Instructions

Step 1: Set Up the Lab Environment

• Target Server: A Linux machine running a web server (e.g., Apache or Nginx).
• Attacker Machines: Two or more machines to simulate multiple attack sources.

Step 2: Install LOIC on Attacker Machines

For Windows: Download LOIC from a trusted source.

For Linux (via Wine):

sudo apt update 
sudo apt install wine -y 
wget https://sourceforge.net/projects/loic/files/latest/download -O loic.exe wine loic.exe

Step 3: Configure the Target Server

Install and start a web server on the Target Server:

sudo apt update 
sudo apt install apache2 -y 
sudo systemctl start apache2

Verify the server is running:

curl http://<target-ip>

Step 4: Launch the DDoS Attack

• On each Attacker Machine, open LOIC.
• Enter the Target Server’s IP address.
• Select the HTTP method.
• Set the attack mode to TCP/UDP/HTTP (start with HTTP).
• Click IMMA CHARGIN MAH LAZER to begin the attack.

Step 5: Monitor the Server’s Performance

On the Target Server, monitor CPU and memory usage:

top

Check web server response time:

curl -I http://<target-ip>

Review network traffic:

sudo netstat -ant | grep ':80'

Step 6: Implement Mitigation Strategies

a. Rate Limiting with iptables

Limit the number of connections per IP:

sudo iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 20 -j REJECT

b. Rate Limiting with Nginx (if used)

Edit Nginx configuration:

sudo nano /etc/nginx/nginx.conf

Add the following under http {}:

limit_conn_zone $binary_remote_addr zone=addr:10m; 
limit_conn addr 10; 
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=1r/s; 
limit_req zone=req_limit_per_ip burst=5;

Restart Nginx:

sudo systemctl restart nginx

c. Enable Load Balancing (Optional)

• Deploy a load balancer (e.g., HAProxy) to distribute incoming traffic.

Step 7: Verify Mitigation Effectiveness

Re-launch the attack using LOIC.

Observe if the server remains responsive.

Monitor logs for dropped or rejected requests:

sudo tail -f /var/log/apache2/access.log

Solution & Explanation

How LOIC Executes a DDoS Attack

• Flooding: LOIC sends a high volume of HTTP, TCP, or UDP requests to exhaust the server’s resources.
• Multiple Sources: Using several machines increases the intensity, mimicking a distributed attack.

Impact on the Server

• Without Mitigation:
  • High CPU and memory usage.
  • Slow or failed responses.
  • Service unavailability.
• With Mitigation:
  • Connection limits block excessive requests.
  • Load balancing distributes traffic evenly.

Testing & Verification

• Confirm that the server remains stable under attack.
• Ensure legitimate traffic is unaffected.
• Verify that mitigation logs show blocked or limited requests.

Security Considerations

• Rate Limiting: Prevents single IPs from overwhelming the server.
• Load Balancing: Distributes load across multiple servers.
• WAF (Web Application Firewall): Adds protection against application-layer attacks.
• Cloud DDoS Protection: Services like Cloudflare or AWS Shield offer scalable defenses.

Additional Script (Optional)

Automate basic rate limiting with iptables:

#!/bin/bash
# Enable basic rate limiting
sudo iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 20 -j REJECT
sudo iptables -A INPUT -p tcp --syn --dport 80 -m conntrack --ctstate NEW -m limit --limit 10/second -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j DROP

Run the script:

chmod +x ddos_mitigation.sh
sudo ./ddos_mitigation.sh

Conclusion

In this exercise, you simulated a DDoS attack using LOIC and observed its impact on a web server. You implemented mitigation strategies such as rate limiting and load balancing to defend against the attack. Understanding how to recognize and mitigate DDoS attacks is essential for protecting online services and maintaining availability.