**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
A Distributed Denial-of-Service (DDoS) attack is a type of cyberattack in which multiple systems overwhelm a target server, network, or application with excessive traffic, leading to disruption or complete service unavailability. By flooding the target with more requests than it can handle, a DDoS attack exhausts critical resources, such as bandwidth and CPU, making the system unresponsive to legitimate users. This type of attack is often used to disrupt business operations, compromise availability, or target vulnerable services.
In this demonstration, we use two popular DDoS tools: ISB (I’m So Bored) and UltraDDOS-v2. The ISB tool allows attackers to perform TCP flood attacks by configuring settings like buffer size, interval, and thread count, which define the intensity of the attack. UltraDDOS-v2 is a versatile DDoS tool that can send a large number of packets in parallel threads, creating a massive network load on the target. Together, these tools simulate a powerful DDoS attack against a Windows machine.
Walkthrough
Objective: We will demonstrate a DDoS attack using two attacker machines, one running the ISB (I’m So Bored) tool and the other using UltraDDOS-v2, against a victim Windows machine targeting port 445.
Prerequisites:
1. Attacking Machine 1 – Windows with IP 192.168.118.137 (running ISB tool)
2. Attacking Machine 2 – Windows with IP 192.168.118.148 (running UltraDDOS-v2 tool)
3. Victim Machine – Windows with IP 192.168.118.146 (target machine with port 445 open)
We can set this up using a VMware workstation.
Step 1: Configure ISB on Attacking Machine 1
1. Switch to Attacking Machine 1 with IP 192.168.118.137.
2. Double-click on ISB (Im So Bored).exe to open the ISB tool.
3. Once the ISB window appears, configure the attack as follows:
– Enter the IP address of the victim machine (192.168.118.146) in the URL: field.
– Enter Port 445 in the Port: field and click Set Target. The target IP and port should now be visible in the Set: field.
4. Under the TCP Flood attack tab, configure:
– Interval: 10
– Buffer: 256
– Threads: 1000
7. Leave the ISB window open.
Step 2: Configure UltraDDOS-v2 on Attacking Machine 2
1. Switch to Attacking Machine 2 with IP 192.168.118.148.
2. Double-click on ultraddos.exe. In the Ultra DDOS v2 interface, click OK to open the tool.
6. Click on DDOS Attack.
7. Enter the target IP 192.168.118.146 (the victim machine) and click OK.
8. Enter Port 445 and click OK.
9. In the packet configuration:
– Number of Packets: 1000000
– Number of Threads: 1000000
10. If you press OK, the attack will start.
Step 3: Launch the Attack from Both Machines
1. Click OK to start the attack on the victim machine from the attacking machine.
2. Return to Attacking Machine 1 (192.168.118.137) and, in the ISB window, click on Start Attack.
Both attacks are now running, targeting the victim machine on port 445.
Step 4: Monitor the Victim Machine
1. Switch to the Victim Machine with IP 192.168.118.146.
2. In the Task Manager, observe the CPU and network utilization. We see high CPU utilization as the victim machine handles the incoming requests from both attack tools.
3. We can see the spikes ranging from 65% to 90% CPU utilization.
This concludes our practical where the combined traffic from ISB and UltraDDOS-v2 tools overwhelmed the system, demonstrating how DDoS attacks consume network resources and processing power, ultimately disrupting normal functionality.
Summary Points
1. Objective: Demonstrated a simulated DDoS attack using ISB and UltraDDOS-v2 tools to observe the impact on a victim Windows machine.
2. Tools Used: ISB (I’m So Bored) and UltraDDOS-v2, each configured with high packet and thread counts to generate maximum network load.
3. Target: Victim Windows machine with IP 192.168.118.146, targeting open port 445.
4. Attack Configuration: ISB was set with 1000 threads and 256 buffer size, while UltraDDOS-v2 sent one million packets with one million threads.
5. Results: The victim machine experienced high CPU and network usage, demonstrating resource exhaustion, which can lead to service unavailability in real-world scenarios.
6. Conclusion: This exercise highlights the importance of DDoS mitigation strategies to protect against such high-traffic attacks and maintain service availability.
