Logo Light

Network

Web Apps

System

Cloud

Cryptography

IoT

Exercise 41: Performing a DDoS Attack Simulation

by | Apr 15, 2025 | 0 comments

Objective

Simulate a Distributed Denial of Service (DDoS) attack to understand its impact on network services and explore mitigation strategies to defend against such attacks.

Scenario

As a cybersecurity professional, understanding how DDoS attacks impact systems is crucial for developing defense strategies. In this exercise, you’ll simulate a DDoS attack on a target server using tools like hping3 or LOIC, monitor the server’s performance under attack, and implement mitigation techniques to reduce the impact.

⚠️ Important: Perform this simulation in a legal and controlled lab environment. Unauthorized DDoS attacks are illegal and unethical.

Lab Instructions

Step 1: Set Up the Target Server

a. Install a Basic Web Server (Apache)

sudo apt update
sudo apt install apache2 -y

b. Verify the Web Server is Running

sudo systemctl status apache2
  • Open a browser and navigate to http://<server-ip> to confirm the server is accessible.

Step 2: Prepare the Attack Tools

a. Install hping3 (on Attacker Machines)

sudo apt install hping3 -y

b. Install LOIC (Optional)

  • Download LOIC from its official repository (for controlled environments only).

Step 3: Simulate the DDoS Attack

a. Using hping3 (TCP Flood Example)

sudo hping3 -S -p 80 --flood <target-ip>
  • Explanation:
    • -S: Sends TCP SYN packets.
    • -p 80: Targets port 80 (HTTP service).
    • --flood: Sends packets as fast as possible.

b. Using LOIC (Optional)

  1. Open LOIC and enter the Target IP.
  2. Select HTTP or TCP/UDP attack method.
  3. Set the threads and timeout values.
  4. Click IMMA CHARGIN MAH LAZER to start the attack.

Step 4: Monitor the Target Server

a. Monitor Server Load (CPU and Memory)

htop

b. Monitor Network Traffic

sudo iftop -i eth0

c. Check Apache Access Logs

sudo tail -f /var/log/apache2/access.log
  • Expected Result: Increased CPU usage, high bandwidth consumption, and potential service unavailability.

Step 5: Implement Mitigation Techniques

a. Apply Rate Limiting with iptables

sudo iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/second --limit-burst 100 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j DROP
  • Explanation: Limits incoming HTTP requests to prevent flooding.

b. Use Mod_Evasive with Apache (Anti-DDoS Module)

sudo apt install libapache2-mod-evasive -y
  • Configure mod_evasive:
sudo nano /etc/apache2/mods-available/evasive.conf
  • Example configuration:
DOSHashTableSize    3097
DOSPageCount        2
DOSSiteCount        50
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   10
  • Restart Apache:
sudo systemctl restart apache2

c. Deploy Cloudflare (Optional)

  • Sign up for Cloudflare.
  • Configure DNS to route traffic through Cloudflare for DDoS protection.

Step 6: Verify the Mitigation

  1. Re-run the DDoS simulation.
  2. Monitor the server’s response and performance.
  3. Expected Result: The server should remain stable under attack due to implemented protections.

Solution & Explanation

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) attack floods a server or network with excessive traffic, overwhelming its resources and making it unavailable to legitimate users.

Common Types of DDoS Attacks

  1. TCP SYN Flood: Overwhelms server connections.
  2. UDP Flood: Sends large volumes of UDP packets to exhaust resources.
  3. HTTP Flood: Floods a web server with HTTP requests.

Mitigation Techniques

  1. Rate Limiting: Controls the rate of incoming traffic.
  2. Firewalls and IPS: Filters malicious traffic.
  3. Anti-DDoS Tools: Tools like mod_evasive and services like Cloudflare offer protection.
  4. Traffic Filtering: Uses firewalls or iptables rules to drop excess traffic.

Testing & Verification

  • Before Mitigation: The server becomes unresponsive during the attack.
  • After Mitigation: The server handles traffic without disruption.

Verify Firewall Rules

sudo iptables -L -v -n

Monitor Apache Logs

sudo tail -f /var/log/apache2/access.log

Security Best Practices

  1. Implement Anti-DDoS Solutions: Use hardware/software solutions for protection.
  2. Deploy Web Application Firewalls (WAF): Protect web applications.
  3. Use Content Delivery Networks (CDN): Offload traffic.
  4. Enable Rate Limiting: Control excessive requests.
  5. Monitor Traffic Regularly: Identify abnormal spikes early.

Additional Script (Optional)

Automate basic DDoS protection using iptables:

#!/bin/bash
# Apply basic DDoS protection rules
sudo iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/second --limit-burst 100 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j DROP

echo "Basic DDoS protection applied."

Run the script:

chmod +x ddos_protection.sh
sudo ./ddos_protection.sh

Conclusion

In this exercise, you simulated a DDoS attack using hping3 and LOIC, monitored its impact on a web server, and implemented mitigation techniques such as rate limiting and firewall rules. Understanding how DDoS attacks work and applying defensive strategies is essential for maintaining service availability and network resilience.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *