DDos Applications for Windows

Rollo Tamasi

Hi guys. I'm writing a essay on securing a server at the moment and i want to conduct a practical example of a DDos attack on my home Ubuntu server.

A friend recommended Trinoo to me but i can't find it to download on the net, probably for obvious reasons. Could someone please recommend me a application that runs on Windows that is capable of doing a DDos attack.

I have heard that Smurf can do this but i can't seem to find the offical website for smurf either. I found a download for an old version of smurf but Nod32(my anti virus) went nuts when i tried to download it.

ntlbell

Rollo Tamasi wrote:

Hi guys. I'm writing a essay on securing a server at the moment and i want to conduct a practical example of a DDos attack on my home Ubuntu server.

A friend recommended Trinoo to me but i can't find it to download on the net, probably for obvious reasons. Could someone please recommend me a application that runs on Windows that is capable of doing a DDos attack.

I have heard that Smurf can do this but i can't seem to find the offical website for smurf either. I found a download for an old version of smurf but Nod32(my anti virus) went nuts when i tried to download it.

An essay.....right......;)

Rollo Tamasi

ntlbell wrote:

An essay.....right......;)

i knew i would get at least one!
yes i am in fact doing a essay. I'm in 4th year IT in Waterford.

MrScruff

Well what they neglected to teach you in security 101 was that the first "D" in "DDos" stands for distributed.

You need to comprimise a vast number of machines to act as your zombie network. You have control over these machines and then can direct them to attack a specific machine.

You could just use the regular DOS attacks, Smurf, LAND, Ping of Death et. al

Maybe download Whax or similar live auditing CDs if your AV is going ape****, I'm sure it has the requisite nastys for you!

NutJob

Rollo Tamasi wrote:

Hi guys. I'm writing a essay on securing a server at the moment and i want to conduct a practical example of a DDos attack on my home Ubuntu server.

A friend recommended Trinoo to me but i can't find it to download on the net, probably for obvious reasons. Could someone please recommend me a application that runs on Windows that is capable of doing a DDos attack.

I have heard that Smurf can do this but i can't seem to find the offical website for smurf either. I found a download for an old version of smurf but Nod32(my anti virus) went nuts when i tried to download it.

im looking to do a masters some day(another year or so) on DDos but you need a few pcs and a few routers.

As an example som of the smaller (significant sized) bot nets run with 1,000 machines and tend to screw routers close to the host so simulateing this may be a bit of a problem.

but am start small what are you trying to measure and am best of luck tracking down a medium sized network and routers.

MrScruff wrote:

Maybe download Whax or similar live auditing CDs if your AV is going ape****, I'm sure it has the requisite nastys for you!

If your av goes nuts it is probably too late as your connection is probably shagged(technical term ) up network anyway.


the only way i can think about doing this is a ton of linux machines running on 486 boxes. Half as routers in various configs and a start point and target box.

You can buy 486s by the pallet according to internet cafe dude (always a reliable source) somewhere in limerick.

Rollo Tamasi

thanks for the replys lads, ya i know i would need a good few machines for a distrubted attack but i only want to simulate the actual attack for documentation purposes.

I asked about Smurf on a Ubuntu forum and the guy there said it was pretty useless since Os's have been patched against it. Don't know how much of that is true. I'm still looking for a download for any program btw and i'm open to other suggestions of other means of identifying security issues in servers
nmap / snort / smoothwall is all i have at the moment program wise

rogue-entity

There are more then one varient of DoS attacks, as one well known site has witnessed.

Simple DoS attacks can be done with one machine using different methods. From Ping of Death to SYN flood, both of which Windows 9x is vulnerable to.

DDoS Attacks can be done with multiple compromised machines controled by a single master (attacker's) machine. There is a well known site that documents this attack, and how you can defend against it.

DRDoS attacks also require multiple machines to work but the machines do not need to be compromised, just connected to a fast network connection. Again there is a well known site that documents this attack and how you can defend against it.

NutJob

Windows xp sp2(was removed due to worms and crap) doesnt support raw sockets so ur source machine will probably have to be Ubuntu as smurf and fraggle required a spoofed source address.

ntlbell

Rollo Tamasi wrote:

thanks for the replys lads, ya i know i would need a good few machines for a distrubted attack but i only want to simulate the actual attack for documentation purposes.

I asked about Smurf on a Ubuntu forum and the guy there said it was pretty useless since Os's have been patched against it. Don't know how much of that is true. I'm still looking for a download for any program btw and i'm open to other suggestions of other means of identifying security issues in servers
nmap / snort / smoothwall is all i have at the moment program wise

I'm trying to wade through the rubbish here, you need to make the point of the essay alot clearer, are you writing an essay on how to secure a server, or an essay on DDoS?

If it's securing a server then there's no real need to attempt a local DDoS, just concentrate on securing a linux box.

DDoS on the netowk level is pretty boring these days it comes down to this, who has the biggest pipe. EOF

NutJob

ntlbell wrote:

I'm trying to wade through the rubbish here, you need to make the point of the essay alot clearer, are you writing an essay on how to secure a server, or an essay on DDoS?

If it's securing a server then there's no real need to attempt a local DDoS, just concentrate on securing a linux box.

DDoS on the netowk level is pretty boring these days it comes down to this, who has the biggest pipe. EOF

if its a college essay ca type thingy im way off point

www.securityfocus.com may be of help in explaing stuff like why and how old stuff doesnt work and why fraggle + smurf are virtually extinct


if its a live experiment..... agh i give up