**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
In today’s online world Distributed Denial of Service (DDoS) attacks pose a major threat that’s hard to handle. These attacks swamp a target system or network with too many requests, making it unable to cope and shutting out real users. Both companies and individuals can fall victim to these attacks, which can cause long downtimes, money losses, and damage to their names. This means protecting systems from DDoS attacks is key to keeping services running and shielding important technology.
Let’s start with LOIC (Low Orbit Ion Cannon), a well-known open-source tool for DDoS attacks. It lets users copy DDoS attacks by sending loads of requests to a target IP. While people often use LOIC for testing, it’s also gained a bad rep for its use in actual attacks. This shows why strong DDoS protection is so crucial. On the flip side, Anti-DDoS Guardian is a defense tool for Windows systems. It keeps an eye on incoming and outgoing traffic in real-time and filters it. This tool can spot suspicious activity, like tons of requests or heavy traffic from specific IP. It then lets users block potential attackers helping to lessen DDoS threats.
Walkthrough
In this walkthrough, we’ll show how to set up Anti-DDoS Guardian on a Windows victim machine (IP: 192.168.118.146) to detect and respond to a simulated DDoS attack using LOIC from the attacking machine (IP: 192.168.118.137). This step-by-step guide highlights an easy way to implement an effective DDoS defense.
1. On the Windows victim machine (IP: 192.168.118.146), double click on Anti_DDoS_Guardian_setup.exe.
2. In the Setup Anti DDoS Guardian window, click Next.
3. When prompted, uncheck the Install Stop Windows Remote Desktop Brute Force option and click Next.
4. In the Select Additional Tasks wizard, check Create a desktop shortcut and click Next.
5. When the installation is ready, click Install.
6. In the final setup window, ensure Launch Anti-DDoS Guardian is selected and click Finish.
7. When the Anti-DDoS Wizard appears, click Continue in each step, leaving all default settings.
8. Click Finish in the last window. The main Anti-DDoS Guardian window will now display information about incoming and outgoing traffic.
9. On the Windows attacker machine (192.168.118.137), Double click on LOIC.exe.
10. In the LOIC main window, under Select your target, enter the IP address of the target machine (192.168.118.146) in the IP field, and click Lock on.
11. Under Attack options, set:
- Method: Select UDP.
- Threads: Set to 5.
- Power: Slide the bar to the middle.
12. Under Ready?, click IMMA CHARGIN MAH LAZER to begin the attack on the target machine.
13. The attack has started now.
14. Now, switch to the victim’s machine (192.168.118.146). Observe the traffic in Anti-DDoS Guardian. The tool will show a significant number of packets incoming from the attacker’s machine (192.168.118.137).
15. Double click the session from the attacker’s IP (192.168.118.137) to open the Traffic Detail Viewer.
This viewer will display raw data, including a high volume of incoming bytes from 192.168.118.137.
16. In the Traffic Detail Viewer window, select Block IP in the left pane to block the attacker’s IP address.
17. The blocked IP session will turn red in the Action Taken column, indicating that the attacker’s IP is now blocked.
This completes the demonstration of detecting and protecting against a DDoS attack using Anti-DDoS Guardian.
Summary Points
1. Install Anti-DDoS Guardian on the target machine (192.168.118.146) and launch it with default settings.
2. Set Up LOIC on the attacker machine (192.168.118.137) and configure an attack using UDP.
3. Start the Attack with LOIC and monitor the traffic on Anti-DDoS Guardian.
4. View Attack Details in Anti-DDoS Guardian and observe high traffic from the attacker’s IP.
5. Block the Attacker by selecting “Block IP” in the Traffic Detail Viewer, confirming the attack has been mitigated.
