Simple But Powerful Denial Of Service (DoS) Attack

Photo by Clint Patterson on Unsplash

“Disclaimer: This is just for informational purposes only. Any violence because of this, is beyond my responsibility”

Nowadays, cybersecurity is becoming an important part of our life. One of the most well-known attacks that I believe everybody knows is Denial Of Service Attack. Even for special security engineers, this attack is really hard to defend. Because this attack focuses on the services. As we know, in this digital era everything was connected by the internet. So, when the service is down. It means, our device is no more than trash (If we don’t have things that can be accessed offline).

Take the information from cyberpedia, Denial-of-Service (DoS) attack is an attack that uses to shut down a machine or network, so it wouldn’t accessible for intended users. The site also says there are two general methods of DoS attack, that is Flooding and Crashing Services. For flooding occurs when the system receives too much traffic so the services become down and for crashing means as you think about it.

For me, there is one more way to do this attack. I am still a learner, so I can’t classify this into that general method. This attack can be done by playing with Address Resolution Protocol (ARP). ARP is a protocol that enables the network to reach a specific device on the network. ARP translates Internet Protocol (IP) address to a Media Access Control (MAC) address, and vice versa. The easiest example, whenever our device wants to connect to the internet. Our device will contact the router or gateway first.

ARP Spoofing, also known as ARP Poisoning actually using for Man in the Middle (MitM) attack. The reason I put the title for this article as DoS attack is that there are just a few articles, that really practice DoS attack. I just want to share this knowledge. So, it up to you, if want used it for MitM attack. But, I will not talk about it. Without more talk, let’s do it.

Requirements

1. Kali Linux
2. Victim OS (Virtual or Real Machine)
3. dsniff

The Attack

1) Install dsniff

apt-get install dsniff

2) Enable the IP Forwarding in Kali Linux

echo > 1 /proc/sys/net/ipv4/ip_forward

Enable the IP Forward

3) Get the victim IP address

Perhaps, this is the difficult step among others. As a hacker, you should put your attack only on the target. I will give you the way to get the victim's IP address. It’s beyond my responsibility.

For this tutorial, I have two PC, so I can easily check the IP address from the Victim OS. For windows, using ipconfig command save a lot time.

The output of ipconfig command

Because, this is a tutorial, I want you to know, the concept how the attack is work, first check using arp -a command in the command line

The output of arp -a command

As you can see, there are many connected device in one network with me. This why I said it was difficult steps, you need to face. From the picture above, please focus only with the physical address of the gateway 192.168.90.1.

4) Test the victim connection

Do simple search for connection test

5) Check your internet interface

ifconfig

My Internet Interface as shown is wlan0

6) Launch the attack

After everything is set you are ready to launch the attack, the command structure is arpspoof -i [your internet interface] -t [target IP address] -r [gateway IP address] , for the example this is mine

arpspoof -i wlan0 -t 192.168.90.252 -r 192.168.90.1

The Attack is Launched

After, the attack launched, let’s check again the connection from the victim, when I try to refresh the page. The output will be like this

The connection is down

Why? this is the perfect question. Back to step three, I use arp -a command. So, we can get the way my computer connect into the router. So, if we run the command again, we will get two Internet address that have same Physical Address, like this.

The Reason Why Connection Down

If you understand, how ARP work, it changes the router physical address into your kali IP address. After that, your kali block the connection from the router into victim, it makes victim can’t connect into internet.

Solution

Actually, there is one way to mitigate this attack. It was changing the router MAC address as static, so the hacker can’t change the router MAC address. But, this not really good mitigation. Another mitigation I think, is never put the IP of the router as 192.168.xx.1 as 1, because it makes hacker easy to launch the attack. But yeah, in networking no system is safe.

Closing

Remember, this just for informational purposes only. I think this attack is really simple but really powerful, I hope there someone who read it not only used it but also can mitigate this attack. Because, it can be done for almost device, I have tested.

Thanks.