of 20
5/24/2018 Storm Security
1/20
StormSecurity
IT Security Research and ServicesProcedural SQL injection
SqlBita new blind SQL injection exploiter
Application Layer DDoS Simulator
Update(november 2010): ddosim v0.2 has been released. You can find it at:https://sourceforge.net/projects/ddosim/.
ddosimis a tool that can be used in a laboratory environment to simulate a distributeddenial of service (DDOS) attack against a target server. The test will show the capacity ofthe server to handle application specific DDOS attacks. ddosimsimulates several zombiehosts (having random IP addresses) which create full TCP connections to the target server.
After completing the connection, ddosimstarts the conversation with the listeningapplication (e.g. HTTP server).
ddosimis written in C++ and runs on Linux. Its current functionalities include:
HTTP DDoS with valid requests HTTP DDoS with invalid requests (similar to aDC++ attack) SMTP DDoS TCP connection flood on random port
In order to simulate such an attack in a lab environment we need to setup a network like
this:
Network configuration for DDOS simulation
On the victim machine ddosimcreates full TCP connectionswhich are only simulatedconnections on the attacker side.
http://stormsecurity.wordpress.com/http://stormsecurity.wordpress.com/2008/10/15/procedural-sql-injection/http://stormsecurity.wordpress.com/2008/10/15/procedural-sql-injection/http://stormsecurity.wordpress.com/2008/10/15/procedural-sql-injection/http://stormsecurity.wordpress.com/2009/10/08/sqlbit-a-new-blind-sql-injection-exploiter/http://stormsecurity.wordpress.com/2009/10/08/sqlbit-a-new-blind-sql-injection-exploiter/http://stormsecurity.wordpress.com/2009/10/08/sqlbit-a-new-blind-sql-injection-exploiter/http://stormsecurity.wordpress.com/2009/10/08/sqlbit-a-new-blind-sql-injection-exploiter/https://sourceforge.net/projects/ddosim/https://sourceforge.net/projects/ddosim/http://sourceforge.net/projects/ddosim/http://sourceforge.net/projects/ddosim/https://sourceforge.net/projects/ddosim/https://sourceforge.net/projects/ddosim/http://stormsecurity.wordpress.com/2008/08/11/dc-and-ddos-attacks/http://stormsecurity.wordpress.com/2008/08/11/dc-and-ddos-attacks/http://stormsecurity.wordpress.com/2008/08/11/dc-and-ddos-attacks/http://stormsecurity.files.wordpress.com/2009/03/ddosim_topology1.pnghttp://stormsecurity.wordpress.com/2008/08/11/dc-and-ddos-attacks/https://sourceforge.net/projects/ddosim/http://sourceforge.net/projects/ddosim/https://sourceforge.net/projects/ddosim/http://stormsecurity.wordpress.com/2009/10/08/sqlbit-a-new-blind-sql-injection-exploiter/http://stormsecurity.wordpress.com/2008/10/15/procedural-sql-injection/http://stormsecurity.wordpress.com/5/24/2018 Storm Security
2/20
There are a lot of options that make the tool quite flexible:
Usage: ./ddosim-d IP Target IP address-p PORT Target port
[-k NET] Source IP from class C network(ex. 10.4.4.0)[-i IFNAME] Output interface name[-c COUNT] Number of connections to establish[-w DELAY] Delay (in milliseconds) between SYN packets[-r TYPE] Request to send after TCP 3-way handshake. TYPE can beHTTP_VALID or HTTP_INVALID or SMTP_EHLO[-t NRTHREADS] Number of threads to use when sending packets (default 1)[-n] Do not spoof source address (use local address)[-v] Verbose mode (slower)[-h] Print this help message
Examples:
1. Establish 10 TCP connections from random IP addresses to www server and send invalidHTTP requests (similar to a DC++ based attack):
./ddosim -d 192.168.1.2 -p 80 -c 10 -r HTTP_INVALID -i eth0
2. Establish infinite connections from source network 10.4.4.0 to SMTP server and sendEHLO requests:
./ddosim -d 192.168.1.2 -p 25 -k 10.4.4.0 -c 0 -r SMTP_EHLO -i eth0
3. Establish infinite connections at higher speed to www server and make HTTP validrequests:
./ddosim -d 192.168.1.2 -p 80 -c 0 -w 0 -t 10 -r HTTP_VALID -i eth0
4. Establish infinite TCP connections (without sending a Layer 7 request) from localaddress to a POP3 server:
./ddosim -d 192.168.1.2 -p 110 -c 0 -i eth0
More background info:
Some of the hardest to mitigate distributed denial of service attacks are the ones targetingthe application layer (in TCP/IP stack). They are difficult to stop because they looklegitimate to classic firewalls which let them pass freely (for an example lookhere). The
http://stormsecurity.wordpress.com/2008/08/11/dc-and-ddos-attacks/http://stormsecurity.wordpress.com/2008/08/11/dc-and-ddos-attacks/http://stormsecurity.wordpress.com/2008/08/11/dc-and-ddos-attacks/http://stormsecurity.wordpress.com/2008/08/11/dc-and-ddos-attacks/5/24/2018 Storm Security
3/20
only way to stop this kind of attacks is deep packet inspection (layer 7 inspection) whichmeans a lot of money/resources.
In general, a DDoS attack is performed by an armie of bots (zombies) that simultaneouslysend attack packets to a victim server. If we talk about UDP packets (ex. targeting a DNS
server), the attack is easier to implement because a zombie needs to send a single UDPpacket (multiple times) to contribute to the attack. But in case of a TCP based attack, thezombie needs first to establish the full TCP 3-way handshake and then send the datapackets (e.g. HTTP GET request). ddosimsuccessfully simulates this attack scenario.
If you have any questions regardingddosim,please let me know.
About these ads
Like
4 bloggers like this.
This entry was posted on March 3, 2009 at 12:14 pm and is filed underDDoS,Tools (StormSecurity)withtagsDDoS,ddos flood,denial of service,simulation.You can follow any responses to this entry through theRSS 2.0feed You canleave a response,ortrackbackfrom your own site.
54 Responses to Application Layer DDoSSimulator
1. hora de bloquear endereos IP por pas? - ISTFSays:
August 14, 2009 at 2:04 pm
[...] [...]
http://sourceforge.net/projects/ddosim/http://sourceforge.net/projects/ddosim/http://sourceforge.net/projects/ddosim/http://en.wordpress.com/about-these-ads/http://en.wordpress.com/about-these-ads/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?like=1&source=post_flair&_wpnonce=1c9f85538dhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?like=1&source=post_flair&_wpnonce=1c9f85538dhttp://stormsecurity.wordpress.com/category/ddos/http://stormsecurity.wordpress.com/category/ddos/http://stormsecurity.wordpress.com/category/ddos/http://stormsecurity.wordpress.com/category/tools-stormsecurity/http://stormsecurity.wordpress.com/category/tools-stormsecurity/http://stormsecurity.wordpress.com/category/tools-stormsecurity/http://stormsecurity.wordpress.com/tag/ddos/http://stormsecurity.wordpress.com/tag/ddos/http://stormsecurity.wordpress.com/tag/ddos/http://stormsecurity.wordpress.com/tag/ddos-flood/http://stormsecurity.wordpress.com/tag/ddos-flood/http://stormsecurity.wordpress.com/tag/ddos-flood/http://stormsecurity.wordpress.com/tag/denial-of-service/http://stormsecurity.wordpress.com/tag/denial-of-service/http://stormsecurity.wordpress.com/tag/denial-of-service/http://stormsecurity.wordpress.com/tag/simulation/http://stormsecurity.wordpress.com/tag/simulation/http://stormsecurity.wordpress.com/tag/simulation/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/feed/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/feed/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/trackback/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/trackback/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/trackback/http://www.istf.com.br/vb/noticias-de-seguranca/14253-e-hora-de-bloquear-enderecos-ip-por-pais.html#post54177http://www.istf.com.br/vb/noticias-de-seguranca/14253-e-hora-de-bloquear-enderecos-ip-por-pais.html#post54177http://www.istf.com.br/vb/noticias-de-seguranca/14253-e-hora-de-bloquear-enderecos-ip-por-pais.html#post54177http://www.istf.com.br/vb/noticias-de-seguranca/14253-e-hora-de-bloquear-enderecos-ip-por-pais.html#post54177http://www.istf.com.br/vb/noticias-de-seguranca/14253-e-hora-de-bloquear-enderecos-ip-por-pais.html#post54177http://www.istf.com.br/vb/noticias-de-seguranca/14253-e-hora-de-bloquear-enderecos-ip-por-pais.html#post54177http://www.istf.com.br/vb/noticias-de-seguranca/14253-e-hora-de-bloquear-enderecos-ip-por-pais.html#post54177http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-9http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-9http://gravatar.com/mezganihttp://gravatar.com/newoaktownhttp://gravatar.com/davehardy20http://lax1.ib.adnxs.com/click?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA_AAAAAAAAAAAAAAAAAAAAAGjrGk5rVWRwyzYOFys7iwqCRfhQAAAAAOQBCwAPBAAA5QAAAAIAAAA94igARS0CAAAAAQAAAAAAVVNEACwB-gDsPAAAAAAAAgEAAQUAAIIAGxCg6gAAAAA./referrer=http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator//clickenc=http://givology.org/donate/http://gravatar.com/mezganihttp://gravatar.com/newoaktownhttp://gravatar.com/davehardy20http://lax1.ib.adnxs.com/click?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA_AAAAAAAAAAAAAAAAAAAAAGjrGk5rVWRwyzYOFys7iwqCRfhQAAAAAOQBCwAPBAAA5QAAAAIAAAA94igARS0CAAAAAQAAAAAAVVNEACwB-gDsPAAAAAAAAgEAAQUAAIIAGxCg6gAAAAA./referrer=http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator//clickenc=http://givology.org/donate/http://gravatar.com/mezganihttp://gravatar.com/newoaktownhttp://gravatar.com/davehardy20http://lax1.ib.adnxs.com/click?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA_AAAAAAAAAAAAAAAAAAAAAGjrGk5rVWRwyzYOFys7iwqCRfhQAAAAAOQBCwAPBAAA5QAAAAIAAAA94igARS0CAAAAAQAAAAAAVVNEACwB-gDsPAAAAAAAAgEAAQUAAIIAGxCg6gAAAAA./referrer=http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator//clickenc=http://givology.org/donate/http://gravatar.com/mezganihttp://gravatar.com/newoaktownhttp://gravatar.com/davehardy20http://lax1.ib.adnxs.com/click?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA_AAAAAAAAAAAAAAAAAAAAAGjrGk5rVWRwyzYOFys7iwqCRfhQAAAAAOQBCwAPBAAA5QAAAAIAAAA94igARS0CAAAAAQAAAAAAVVNEACwB-gDsPAAAAAAAAgEAAQUAAIIAGxCg6gAAAAA./referrer=http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator//clickenc=http://givology.org/donate/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-9http://www.istf.com.br/vb/noticias-de-seguranca/14253-e-hora-de-bloquear-enderecos-ip-por-pais.html#post54177http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/trackback/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/feed/http://stormsecurity.wordpress.com/tag/simulation/http://stormsecurity.wordpress.com/tag/denial-of-service/http://stormsecurity.wordpress.com/tag/ddos-flood/http://stormsecurity.wordpress.com/tag/ddos/http://stormsecurity.wordpress.com/category/tools-stormsecurity/http://stormsecurity.wordpress.com/category/ddos/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?like=1&source=post_flair&_wpnonce=1c9f85538dhttp://en.wordpress.com/about-these-ads/http://sourceforge.net/projects/ddosim/5/24/2018 Storm Security
4/20
Reply
2.
RaviSays:August 18, 2009 at 10:51 am
I am encountering this error whilst executing this tool on FC 3
./ddosim -d 99.99.20.65 -p 80 -c 0 -w 0 -t 10 -r HTTP_VALID -i eth1
./ddosim: error while loading shared libraries: libnet.so.0: cannot open shared objectfile: No such file or directory
Reply
o
stormsecuritySays:August 18, 2009 at 7:35 pm
You should do an export LD_PRELOAD=libnet.so first.
Reply
3.
GhafurSays:November 10, 2009 at 6:44 am
Perhaps you can elaborate more on the export LD_PRELOAD=libnet.so. Is it a
command or what? Maybe you could briefly write the step by step instructions inshell? Thank you.
Reply
o
stormsecuritySays:November 20, 2009 at 3:29 pm
export LD_PRELOAD=libnet.so is kind of a hack. The best method is to
install the official package libnet0-dev which will provide you the correctlibnet.so library.
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=9#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=9#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-10http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-10http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=10#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=10#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-11http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-11http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=11#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=11#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-27http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-27http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=27#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=27#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-30http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-30http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-30http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=27#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-27http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=11#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-11http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=10#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-10http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=9#respond5/24/2018 Storm Security
5/20
Reply
4. InfoSec Daily Episode 251Android Exploit, Adobe, Pwnieexpress, DDoS Sim,CIS, IR & CertsSays:November 6, 2010 at 12:07 am
[...]http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/DDoS Simulator is a tool that can be used in a laboratory environment tosimulate a distributed [...]
Reply
5.
KaiSays:November 6, 2010 at 2:13 pm
Hello,
i cannot configure ddosim:
> configure: error: libnet0 (dev) is required for this program
but i have libnet and its headers installed:
$ rpm -qf /lib/libnet.so.0libnet-1.1.2.1-141.1.i586
$ rpm -qf /usr/include/libnet.hlibnet-1.1.2.1-141.1.i586libnet_1.0.2a-devel-1.0.2a-1.1.i586
my system is opensuse 11.3possibly that libnet0 has another name in it. whichfiles exactly needed for building ddosim?or how could i make any workaround for configure to make it think libnet0 isinstalled?
Cheers
Reply
o
stormsecuritySays:November 6, 2010 at 9:03 pm
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=30#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=30#respondhttp://www.isdpodcast.com/episode-251-android-exploit-adobe-pwnieexpress-ddos-sim-cis-ir-certs/http://www.isdpodcast.com/episode-251-android-exploit-adobe-pwnieexpress-ddos-sim-cis-ir-certs/http://www.isdpodcast.com/episode-251-android-exploit-adobe-pwnieexpress-ddos-sim-cis-ir-certs/http://www.isdpodcast.com/episode-251-android-exploit-adobe-pwnieexpress-ddos-sim-cis-ir-certs/http://www.isdpodcast.com/episode-251-android-exploit-adobe-pwnieexpress-ddos-sim-cis-ir-certs/http://www.isdpodcast.com/episode-251-android-exploit-adobe-pwnieexpress-ddos-sim-cis-ir-certs/http://www.isdpodcast.com/episode-251-android-exploit-adobe-pwnieexpress-ddos-sim-cis-ir-certs/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-62http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-62http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=62#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=62#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-63http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-63http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=63#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=63#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-64http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-64http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-64http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=63#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-63http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=62#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-62http://www.isdpodcast.com/episode-251-android-exploit-adobe-pwnieexpress-ddos-sim-cis-ir-certs/http://www.isdpodcast.com/episode-251-android-exploit-adobe-pwnieexpress-ddos-sim-cis-ir-certs/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=30#respond5/24/2018 Storm Security
6/20
Hi,
Maybe you have libnet1. It must be libnet0.
Regards,
Reply
KaiSays:November 6, 2010 at 9:10 pm
there is no such package in opensuse:
http://www.google.com/search?q=site:download.opensuse.org+libnet
0&ie=utf-8&oe=utf-8
http://packages.opensuse-community.org/index.jsp?searchTerm=libnet0
that`s why i think it just has another name (libnet_1.0.2a maybe?).could you please tell me exact list of files (libs, headers, etc) neededfor ddosim to work?
Cheers
stormsecuritySays:November 9, 2010 at 7:16 am
Hi,
I developed ddosim in Backtrack (Ubuntu 8.10 basically) and I havethe following libnet packages installed:
root@bt:~# dpkg -l | grep libnet0ii libnet0 1.0.2a-7 library for the construction and handling ofnetwork packets (obsolete)ii libnet0-dev 1.0.2a-7 Development files for libnet0 (obsolete)
Hope this helps,Adrian
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=64#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=64#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-65http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-65http://www.google.com/search?q=site:download.opensuse.org+libnet0&ie=utf-8&oe=utf-8http://www.google.com/search?q=site:download.opensuse.org+libnet0&ie=utf-8&oe=utf-8http://www.google.com/search?q=site:download.opensuse.org+libnet0&ie=utf-8&oe=utf-8http://packages.opensuse-community.org/index.jsp?searchTerm=libnet0http://packages.opensuse-community.org/index.jsp?searchTerm=libnet0http://packages.opensuse-community.org/index.jsp?searchTerm=libnet0http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-68http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-68http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-68http://packages.opensuse-community.org/index.jsp?searchTerm=libnet0http://packages.opensuse-community.org/index.jsp?searchTerm=libnet0http://www.google.com/search?q=site:download.opensuse.org+libnet0&ie=utf-8&oe=utf-8http://www.google.com/search?q=site:download.opensuse.org+libnet0&ie=utf-8&oe=utf-8http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-65http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=64#respond5/24/2018 Storm Security
7/20
6. Que tal simular um ataque DDoS para testar o seu WebLab? | Coruja de TISays:November 8, 2010 at 11:02 am
[...] DDOSIM simula uma srie de mquinas zombies com ips randmicos (o ip dohost zombie muda) criando uma [...]
Reply
7. DDOSIM v0.2Says:November 9, 2010 at 8:48 pm
[...] [...]
Reply
8.
andriySays:November 11, 2010 at 4:02 pm
Ubuntu 10.10configure: error: libnet0 (dev) is required for this program.
I have libnet1-dev installed, installing libnet0-dev(downloaded deb) conflicts. AlsoI need to keep libnet1-dev on my system. How to install ddosim now?Thanks
Reply
o
stormsecuritySays:November 12, 2010 at 10:53 am
Hi,
Libnet0-dev is required for ddosimto work. Maybe it would be a goodapproach to install it in a (Debian based) virtual machine.
Regards,Adrian
Reply
9.
http://blog.corujadeti.com.br/que-tal-simular-um-ataque-ddos-para-testar-o-seu-weblab/http://blog.corujadeti.com.br/que-tal-simular-um-ataque-ddos-para-testar-o-seu-weblab/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-67http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-67http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=67#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=67#respondhttp://www.backtrack-linux.org/forums/suporte-software/34748-ddosim-v0-2-a.html#post180648http://www.backtrack-linux.org/forums/suporte-software/34748-ddosim-v0-2-a.html#post180648http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-70http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-70http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=70#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=70#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-73http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-73http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=73#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=73#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-74http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-74http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=74#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=74#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=74#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-74http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=73#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-73http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=70#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-70http://www.backtrack-linux.org/forums/suporte-software/34748-ddosim-v0-2-a.html#post180648http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=67#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-67http://blog.corujadeti.com.br/que-tal-simular-um-ataque-ddos-para-testar-o-seu-weblab/5/24/2018 Storm Security
8/20
NikeshSays:November 15, 2010 at 9:21 am
Oh boy, this is great tool, I will surely going to try it out
Reply
o
stormsecuritySays:November 15, 2010 at 6:28 pm
Please share your results with us.
Reply
10.
aaaSays:November 16, 2010 at 2:47 pm
Can I compile with another version of libnet?
Reply
o
stormsecuritySays:November 16, 2010 at 9:55 pm
Sorry, Im afraid you cannot do that with the current version of ddosim. Youneed libnet0.Try apt-get install libnet0-dev.
Reply
11.insecure DDOSIMLayer 7 DDoS SimulatorSays:
November 19, 2010 at 10:55 am
[...] More Info : 1) DDOSIM at Sourceforge 2) Application Layer DDoS Simulator[...]
Reply
http://linuxpoison.blogspot.com/http://linuxpoison.blogspot.com/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-76http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-76http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=76#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=76#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-77http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-77http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=77#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=77#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-78http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-78http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=78#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=78#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-79http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-79http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=79#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=79#respondhttp://blog.insecure.in/?p=625http://blog.insecure.in/?p=625http://blog.insecure.in/?p=625http://blog.insecure.in/?p=625http://blog.insecure.in/?p=625http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-81http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-81http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=81#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=81#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=81#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-81http://blog.insecure.in/?p=625http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=79#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-79http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=78#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-78http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=77#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-77http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=76#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-76http://linuxpoison.blogspot.com/5/24/2018 Storm Security
9/20
12.
Break The SecuritySays:December 8, 2010 at 8:09 am
Great tool. Is there any tools for windows?
Break The security
Reply
o
stormsecuritySays:December 8, 2010 at 9:20 pm
Thanks. I do not know a (free) similar tool for Windows If anyone knows,please share.
Reply
13.DDOSIMLayer 7 DDoS Simulator | Kanoor TechSays:December 22, 2010 at 12:12 pm
[...] More Info : 1) DDOSIM at Sourceforge 2) Application Layer DDoS Simulator[...]
Reply
14.
inckieSays:December 22, 2010 at 6:58 pm
Installing in Ubuntu 10.10
Install required packages:
sudo apt-get install build-essentialsudo apt-get install libpcap-devwgethttp://mirrors.us.kernel.org/ubuntu//pool/universe/libn/libnet0/libnet0_1.0.2a-7_amd64.debsudo dpkg -i libnet0_1.0.2a-7_amd64.debwgethttp://mirrors.us.kernel.org/ubuntu//pool/universe/libn/libnet0/libnet0-dev_1.0.2a-7_amd64.debsudo dpkg -i libnet0-dev_1.0.2a-7_amd64.deb
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-98http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-98http://www.breakthesecurity.com/http://www.breakthesecurity.com/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=98#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=98#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-103http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-103http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=103#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=103#respondhttp://www.kanoortech.com/2010/12/ddosim%e2%80%93layer-7-ddos-simulator/http://www.kanoortech.com/2010/12/ddosim%e2%80%93layer-7-ddos-simulator/http://www.kanoortech.com/2010/12/ddosim%e2%80%93layer-7-ddos-simulator/http://www.kanoortech.com/2010/12/ddosim%e2%80%93layer-7-ddos-simulator/http://www.kanoortech.com/2010/12/ddosim%e2%80%93layer-7-ddos-simulator/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-107http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-107http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=107#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=107#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-108http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-108http://mirrors.us.kernel.org/ubuntu/pool/universe/libn/libnet0/libnet0_1.0.2a-7_amd64.debhttp://mirrors.us.kernel.org/ubuntu/pool/universe/libn/libnet0/libnet0_1.0.2a-7_amd64.debhttp://mirrors.us.kernel.org/ubuntu/pool/universe/libn/libnet0/libnet0_1.0.2a-7_amd64.debhttp://mirrors.us.kernel.org/ubuntu/pool/universe/libn/libnet0/libnet0_1.0.2a-7_amd64.debhttp://mirrors.us.kernel.org/ubuntu/pool/universe/libn/libnet0/libnet0-dev_1.0.2a-7_amd64.debhttp://mirrors.us.kernel.org/ubuntu/pool/universe/libn/libnet0/libnet0-dev_1.0.2a-7_amd64.debhttp://mirrors.us.kernel.org/ubuntu/pool/universe/libn/libnet0/libnet0-dev_1.0.2a-7_amd64.debhttp://mirrors.us.kernel.org/ubuntu/pool/universe/libn/libnet0/libnet0-dev_1.0.2a-7_amd64.debhttp://mirrors.us.kernel.org/ubuntu/pool/universe/libn/libnet0/libnet0-dev_1.0.2a-7_amd64.debhttp://mirrors.us.kernel.org/ubuntu/pool/universe/libn/libnet0/libnet0-dev_1.0.2a-7_amd64.debhttp://mirrors.us.kernel.org/ubuntu/pool/universe/libn/libnet0/libnet0_1.0.2a-7_amd64.debhttp://mirrors.us.kernel.org/ubuntu/pool/universe/libn/libnet0/libnet0_1.0.2a-7_amd64.debhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-108http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=107#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-107http://www.kanoortech.com/2010/12/ddosim%e2%80%93layer-7-ddos-simulator/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=103#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-103http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=98#respondhttp://www.breakthesecurity.com/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-985/24/2018 Storm Security
10/20
wgethttp://downloads.sourceforge.net/project/ddosim/ddosim-0.2.tar.gztar xfv ddosim-0.2.tar.gzcd ddosim-0.2/./configuremake
sudo make install
It should be updated to use libnet1 instead. then you could just saysudo apt-get install libnet1-dev
Reply
o
stormsecuritySays:December 23, 2010 at 2:32 pm
Thanks for posting these steps.However, the libnet0 package should not conflict with a previously existinglibnet1.The system that I used for building and testing the application was a 32 bitmachine with Backtrack (Ubuntu 8.10) and libnet0-dev.
Reply
o
ubiqcx-mailSays:July 26, 2011 at 10:08 am
nice tutorialworks well in my BT5_x86
Reply
15.
Muddassar MasoodSays:December 24, 2010 at 6:07 am
This is really an awesome tool, wish it could run out of lab environment to testapplication in real time environment, anyways thanks for addition.
Reply
http://downloads.sourceforge.net/project/ddosim/ddosim-0.2.tar.gzhttp://downloads.sourceforge.net/project/ddosim/ddosim-0.2.tar.gzhttp://downloads.sourceforge.net/project/ddosim/ddosim-0.2.tar.gzhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=108#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=108#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-110http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-110http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=110#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=110#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-128http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-128http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=128#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=128#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-111http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-111http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=111#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=111#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=111#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-111http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=128#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-128http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=110#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-110http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=108#respondhttp://downloads.sourceforge.net/project/ddosim/ddosim-0.2.tar.gz5/24/2018 Storm Security
11/20
o
stormsecuritySays:December 24, 2010 at 7:48 am
Running DDOSIM out of lab is not really possible because it simulatesdistributed (multiple source IPs) attacks using a connection-orented protocol(TCP) which needs at least the 3way handshake before sending any usefuldata.
So the communication must be bidirectional. The packets (TCP SYN-ACK)sent by the server must reach the attacker (having random IP address).
I do not think the simulation of a distributed DOS on a connection orientedprotocol is possible outside lab environment.
If anyone has other ideas, please share.
Reply
16.
DDOSSays:December 27, 2010 at 7:02 am
so if we put the ip address of the victim server outside the lab like 221.223.224.225
on port 80, will it work then?
Reply
o
stormsecuritySays:December 27, 2010 at 9:20 am
No, it will NOT work. Simply because the packets sent by the target serverwill never reach the attacker (to complete the 3way handshake).
Reply
DDOSSays:December 27, 2010 at 10:07 am
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-112http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-112http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=112#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=112#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-114http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-114http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=114#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=114#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-115http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-115http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=115#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=115#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-116http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-116http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-116http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=115#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-115http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=114#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-114http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=112#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-1125/24/2018 Storm Security
12/20
So do you have any alternative for that?
stormsecuritySays:December 29, 2010 at 9:56 pm
Nope. Dont think there is one
17.
P.VaishnaviSays:February 17, 2011 at 4:06 am
How to include application level attacks in payload? I tried editing ddosim.cpp and
compiling it, but it saysIn file included from ddosim.h:9,from ddosim.cpp:7:/usr/include/libnet.h:87:2: error: #error byte order has not been specified, youllIn file included from ddosim.h:9,from ddosim.cpp:7:/usr/include/libnet.h:88: error: expected unqualified-id before string constant
How to change the code to include payload?
Reply
o
stormsecuritySays:February 18, 2011 at 12:42 pm
What you can easily do right now is to modify the current payloads insenderThread.cpp and recompile ddosim.
Custom payloads is a feature planned for the next release.
Reply
P.VaishnaviSays:March 17, 2011 at 4:22 am
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-117http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-117http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-120http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-120http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=120#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=120#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-121http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-121http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=121#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=121#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-124http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-124http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-124http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=121#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-121http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=120#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-120http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-1175/24/2018 Storm Security
13/20
The payload is declared as u_char * it takes only 4 bytesichanged the type to char * in tcputils.cpp , tcputils.h ,senderthread.cpp.it throws an errorhow to include payload of
greater size ?
18.
MoeSays:March 12, 2011 at 6:25 am
Hi,
Im doing a research on DoS and I wonder if this tool could help establish DoS
case. I have the following questions:
1) can I run it on a single machine not connected to LAN (in other words, Does the
machine that runs the DDosim has to be connected physically to other machine?)
2) suppose I run the tool, can I collect the results in order to graph them??
3) Can I modify the code to get a specific scenario?
Your response through this is highly appreciated
Best Regards,Moe
Reply
o
stormsecuritySays:March 12, 2011 at 11:15 am
Hi Moe,
1. Yes, if your target server is on a virtual machine hosted on the same
physical machine. Running ddosim against yourself (on localhost) I do notthink is possible.
2. No, in this version of ddosim you cannot collect the results. You have justthe statistics displayed periodically (number of connections established,reset, finished). Maybe in a future version I will implement the collectionfeature, thanks for suggestion.
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-122http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-122http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=122#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=122#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-123http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-123http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-123http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=122#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-1225/24/2018 Storm Security
14/20
3. Yes, you can modify the code to do whatever you want it to do.
Cheers,Adrian
Reply
19.
Old manSays:May 17, 2011 at 5:47 pm
With help from the previous comments I was able to compile on CentOS 5. Makegives me an error:ddosim.cpp: In function int main(int, char**):ddosim.cpp:58: error: libnet_host_lookup was not declared in this scope
ddosim.cpp:184: error: libnet_host_lookup was not declared in this scopeddosim.cpp: In function u_long getLocalIp(const std::string&, std::string&):ddosim.cpp:292: error: libnet_open_link_interface was not declared in this scopeddosim.cpp:296: error: libnet_get_ipaddr was not declared in this scopeddosim.cpp: In function u_long resolveNameToIp(char*, std::string&):ddosim.cpp:316: error: libnet_name_resolve was not declared in this scopeddosim.cpp:317: error: LIBNET_ERR_FATAL was not declared in this scopeddosim.cpp:317: error: libnet_error was not declared in this scopemake: *** [ddosim.o] Error 1
Anybody can help me?
Thank you.
Reply
o
stormsecuritySays:May 18, 2011 at 6:38 am
You most probably do not have the development package for libnet0
installed.
Reply
20.
gatnjefSays:August 16, 2011 at 9:34 am
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=123#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=123#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-126http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-126http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=126#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=126#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-127http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-127http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=127#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=127#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-129http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-129http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-129http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=127#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-127http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=126#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-126http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=123#respond5/24/2018 Storm Security
15/20
Hi, thanks for writing a tool like this. However, I was wondering if you can use itagainst a host over the internet with the -n option (no spoofing). I tested it (against amachine under my control), but no ack is sent after synack is received and thereforethe tool ends up performing a syn flood. Could you please comment on this? Manythanks.
Reply
o
stormsecuritySays:August 19, 2011 at 7:43 am
Hi, I tested this scenario and it works. Make sure you have connectivity /correct routing set.To create 10 connections to the target host without spoofing the source
address you should use the following command:./ddosim -dhttp://www.your_host.com-p 80 -i eth0 -c 10 -r HTTP_VALID-n -v
You should receive a final status like this:Final results:TCP connections: 10 SYN_SENT, 10 ESTABLISHED, 0 RST, 0FIN_WAIT_1
Cheers,
Reply
21.
sergeySays:December 24, 2011 at 4:54 pm
please help me to configur and run ddosim on centos 5
Thank you
Reply
o
stormsecuritySays:December 26, 2011 at 9:21 am
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=129#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=129#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-130http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-130http://www.your_host.com/http://www.your_host.com/http://www.your_host.com/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=130#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=130#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-139http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-139http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=139#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=139#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-140http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-140http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-140http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=139#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-139http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=130#respondhttp://www.your_host.com/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-130http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=129#respond5/24/2018 Storm Security
16/20
Hi,
I did not test ddosim on other Linux distributions. If you have the necessarylibraries, it should compile and work smoothly.
Cheers,
Reply
22.
KeshavSays:February 28, 2012 at 11:29 am
I have a network environment thats pretty much similar to whats described here
above except that the packets ddosim goes thro a switch to the server. All Im
seeing is SYNs
TCP connections: 180300 SYN_SENT, 0 ESTABLISHED, 0 RST, 0FIN_WAIT_1. 6040
and wireshark says:
Acknowledgement Number: Broken TCP. The acknowledgement field is nonzerowhile the ACK flag is not set.
Not sure whats going on.. Has anyone seen this behavior?
Reply
23.
KeshavSays:February 28, 2012 at 11:34 am
One thing I missed noting at February 28, 2012 at 11:29 am:
I tested with HTTP_VALID, HTTP_INVALID and the plain TCP connection flood(as shown in the example in the article above). They all appear to show the samebehavior.Any clues appreciated.
Reply
24.
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=140#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=140#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-147http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-147http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=147#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=147#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-148http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-148http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=148#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=148#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=148#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-148http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=147#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-147http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=140#respond5/24/2018 Storm Security
17/20
KeshavSays:February 28, 2012 at 2:32 pm
(continuation from February 28, 2012 at 11:34 am):Upon further investigation, I saw ddosim indeed sends non-zero ACKs when TCPACK flag is not set. However, the TCP connections complete when the host runningddosim and the victim server are connected directly (as suggested by the author).Its the device standing in between the hosts in my setup, thats dropping the
requests because of invalid ACK number.It would be nice to nice to see the problem fixed, if its easy.
Reply
o
stormsecuritySays:
February 28, 2012 at 6:54 pm
Since the TCP connections complete when the host running ddosim and thevictim server are connected directly, it means that the network device that isstanding between attacker and victim is modifying the packets somehow.You can make a simple testtry to establish a single connection usingddosimand check that all the packets sent from attacker reach the victimand vice versa.
Reply
25.
Nasir Mehmood MalikSays:March 9, 2012 at 1:50 pm
Geeks,
I am still not able to figure out how to recover from the set back of libnet0-dev oncentos. Any help would be greatly appreciated.
Regards
Reply
o
stormsecuritySays:March 9, 2012 at 2:41 pm
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-149http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-149http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=149#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=149#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-150http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-150http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=150#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=150#respondhttp://ittweaks.com/http://ittweaks.com/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-156http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-156http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=156#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=156#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-157http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-157http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-157http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=156#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-156http://ittweaks.com/http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=150#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-150http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=149#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-1495/24/2018 Storm Security
18/20
As I already said, I did not test ddosim on CentOS. DDosim was built andtested on a Backtrack machine (Debian based) having the package libnet0-dev installed.
Reply
26.
SebSays:April 2, 2012 at 3:15 pm
Hi ,My tool works. Now I have question if I use application DDoS attack could You tellme how often and how many http reguest are send to victim? Can we managenumber of request or type of request?For example we can setup how many connection TCP we can setup and how many
user we can simulate but for example when we do application DDOS then we donot need many connection and many users but many request. Can we setup thisparameter?
best regards,Sebastian
Reply
o
stormsecuritySays:April 4, 2012 at 10:27 am
Hi Sebastian,
Im glad you made it work
The current version of ddosim does not report the number of requests/secondsent to victim server. However, the parameter -w specifies the delay betweenpackets. You can adjust it in order to obtain an efficient packet rate.
Im afraid that multiple requestsper user are not possible in the currentarchitecture of ddosim. Right now you have a distinct user making a singleHTTP request. Ill think about this for the next release.
Cheers,Adrian
Reply
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=157#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=157#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-164http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-164http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=164#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=164#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-165http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-165http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=165#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=165#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=165#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-165http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=164#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-164http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=157#respond5/24/2018 Storm Security
19/20
SebSays:April 4, 2012 at 2:18 pm
Hi Adrian,When will You think release new version Your software?I am very interesting this tool. Do You know mabe other tool which Ican use?
BR,Sebastian
27.
stormsecuritySays:November 9, 2010 at 7:17 am
It works only in a lab environment because you MUST set the default gateway ofthe victim as described in my post.
Adrian
Reply
28.
GuestSays:November 11, 2011 at 3:17 pm
yeah I am using it in a lab enviroment, but I want to simulate for example 10different ips to send request to the same server, but if the server requested to setcookie, the redirecct will be sent to the false ip address or to the address thatgenerated the false ips? hope my question is clear, and thanks for your reply!
Reply
29.
stormsecuritySays:November 14, 2011 at 8:40 am
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-166http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-166http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-69http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-69http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=69#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=69#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-134http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-134http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=134#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=134#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-135http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-135http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-135http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=134#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-134http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=69#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-69http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/#comment-1665/24/2018 Storm Security
20/20
If you configured your network topology and network settings as described in thearticle, you should receive the redirect packet to the false IP address.However, the ddosim does not know how to handle cookies (in this current version.)
Reply
Leave a Reply
Blog at WordPress.com.Theme:Black-LetterHeadbyUlysses Ronquillo.
Follow
Follow StormSecurity
Get every new post delivered to your Inbox.
Powered by WordPress.com
http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=135#respondhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=135#respondhttp://wordpress.com/?ref=footerhttp://wordpress.com/?ref=footerhttp://theme.wordpress.com/themes/black-letterhead/http://theme.wordpress.com/themes/black-letterhead/http://theme.wordpress.com/themes/black-letterhead/http://ulyssesonline.com/http://ulyssesonline.com/http://ulyssesonline.com/http://void%280%29/http://void%280%29/http://wordpress.com/signup/?ref=lofhttp://wordpress.com/signup/?ref=lofhttp://wordpress.com/signup/?ref=lofhttp://void%280%29/http://ulyssesonline.com/http://theme.wordpress.com/themes/black-letterhead/http://wordpress.com/?ref=footerhttp://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/?replytocom=135#respond
