I. SYN Flooding a Target Host Using hping3

Scenario

An SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

An SYN flood attack works by not responding to the server with the expected ACK code. The malicious client can either simply not send the expected ACK, or by spoofing the source IP address in the SYN, cause the server to send the SYN-ACK to a falsified IP address, which will not send an ACK because it "knows" that it never sent an SYN. The server will wait for the acknowledgement for some time, as simple network congestion could also be the cause of the missing ACK, but in an attack increasingly large numbers of half-open connections will bind resources on the server until no new connections can be made, resulting in a denial of service to legitimate traffic. Some systems may also malfunction badly or even crash if other operating system functions are starved of resources in this way.

As an expert ethical hacker or security administrator of an organization, you should have sound knowledge of denial-of-service and distributed denial-of-service attacks and should be able to detect and neutralize attack handlers. You should use SYN cookies as a countermeasure against the SYN flood which eliminates the resources allocated on the target host.

Lab Objectives

The objective of this lab is to help students learn to perform denial-of-service attacks and test the network for DoS flaws. In this lab, you will:

• Perform denial-of-service attacks

• Send huge amount of SYN packets continuously

Lab Analysis

In this lab, you have learnt how to perform denial-of-service attacks, and send a huge amount of SYN packets continuously. Document all the results gathered during the lab.