1
00:00:00,210 --> 00:00:05,760
‫Although it's not the subject of our cause because it's very common usage, I'd like to show you how

2
00:00:05,760 --> 00:00:11,670
‫to perform an IP spoofed D.O.C. or denial of service attack using the Bing tool.

3
00:00:12,920 --> 00:00:19,060
‫Going to attack my own server first, I'll testify, I can connect to the application.

4
00:00:20,050 --> 00:00:27,040
‫So open a terminal screen and ping the application w WW Dot, OWASP, BW Accom.

5
00:00:28,050 --> 00:00:30,540
‫OK, I have a connection through the application.

6
00:00:31,560 --> 00:00:33,690
‫Open a browser and visit the website.

7
00:00:39,490 --> 00:00:43,030
‫Here I click a few links to show the response time of the server.

8
00:00:45,970 --> 00:00:50,320
‫Well, it's really fast, it responds as soon as I click on the links.

9
00:00:51,440 --> 00:00:55,130
‫Now, let's prepare the shipping command to prepare a dos attack.

10
00:00:58,330 --> 00:01:00,970
‫The first parameter of the command is Dash Flood.

11
00:01:03,840 --> 00:01:09,090
‫You know what, let's run a ping three dash help in another terminal screen to see the meanings of the

12
00:01:09,090 --> 00:01:09,720
‫parameters.

13
00:01:14,460 --> 00:01:20,730
‫Flood parameter is used to send packets as fast as possible to make it a sin flood attack.

14
00:01:21,180 --> 00:01:27,060
‫I said the sin flag using Dash s parameter when I send a sin packet.

15
00:01:27,060 --> 00:01:32,850
‫Since it's a legitimate TCP handshake starter, the server will try to respond to all the packets at

16
00:01:32,850 --> 00:01:37,770
‫the start of the TCP communication, so the server will be very, very busy.

17
00:01:38,800 --> 00:01:41,080
‫Dash V is to open verbose mode.

18
00:01:41,530 --> 00:01:44,310
‫That means we'd like to see the results of sent packets.

19
00:01:46,750 --> 00:01:53,980
‫The next parameter is Rand Source, this parameter will randomize the source IP addresses as if they

20
00:01:53,980 --> 00:02:01,750
‫are requested by different systems, so the attack is distributed denial of service now and since the

21
00:02:01,750 --> 00:02:05,680
‫IP addresses are random, the victim doesn't know about you.

22
00:02:06,870 --> 00:02:08,970
‫You have the target domain as a last parameter.

23
00:02:09,900 --> 00:02:13,080
‫Oh, by the way, the order of the parameters is not important.

24
00:02:14,480 --> 00:02:16,130
‫Hit enter to start the attack.

25
00:02:17,270 --> 00:02:20,420
‫Now, because we're in flood mode, no replies have shown.

26
00:02:21,470 --> 00:02:26,060
‫Let's try to click a few links to see the response time of the server while it's under attack.

27
00:02:28,090 --> 00:02:28,690
‫Click a link.

28
00:02:29,790 --> 00:02:35,430
‫It's waiting, waiting, waiting is obviously so down.

29
00:02:36,060 --> 00:02:37,740
‫Maybe our request will be timed down.

30
00:02:38,640 --> 00:02:42,030
‫So this is how a simple denial of service attack is performed.

31
00:02:43,390 --> 00:02:47,740
‫I'll stop the flood by stopping the run of the command using Control C keys.

32
00:02:49,080 --> 00:02:54,090
‫As you see, in less than a minute, we spent more than a million signed packets to the victim server,

33
00:02:54,930 --> 00:02:59,400
‫no packets received because we randomized to source IP addresses of the packet.

34
00:02:59,670 --> 00:03:02,490
‫That means the responses were sent to different IP addresses.

35
00:03:03,270 --> 00:03:05,190
‫This is why we didn't receive any packets.

36
00:03:06,390 --> 00:03:11,340
‫Since I stopped sending packets, the server is now responding in good time again.

37
00:03:12,290 --> 00:03:16,760
‫Now, let's repeat the attack while Wireshark is running to see what's happening under the hood.

38
00:03:17,890 --> 00:03:22,120
‫Start Wireshark, since we're using the eith zero interface of call.

39
00:03:22,330 --> 00:03:27,040
‫I'll double click the eth0 on the home screen to start to listen to the traffic passing through the

40
00:03:27,040 --> 00:03:28,300
‫E0 interface.

41
00:03:29,680 --> 00:03:32,530
‫There's still some packets on the queue because of our previous attack.

42
00:03:33,190 --> 00:03:38,320
‫I restart capturing by pressing the green button at the upper left corner of Wireshark to clean the

43
00:03:38,320 --> 00:03:40,030
‫screen before the second attack.

44
00:03:41,140 --> 00:03:42,310
‫Continue without saving.

45
00:03:43,210 --> 00:03:43,570
‫OK.

46
00:03:43,750 --> 00:03:45,490
‫Wireshark is running and clean.

47
00:03:46,210 --> 00:03:47,650
‫We're ready to repeat the attack.

48
00:03:55,940 --> 00:04:01,850
‫You can see the number of packets at the bottom of Wireshark, as you see we sent hundreds of thousands

49
00:04:01,850 --> 00:04:03,260
‫of packets in seconds.