Unicorn Cannon – The making of

DDos-Attack-837x230

It takes about 3 lines of code to make a Denial of Service attack, but what can be done do to increase the performance and impact?

 

Why python?
It’s effective, fast and broad. It’s alså easy to write in and and the amount of code for writing a script is far less than other languages like C or similar.

 

The main ingredient for a DoS tool is a loop that spams HTTP requests towards your target. Lets start writing our own Denial of Service script.

This will generate HTTP GET requests one after another as long as you let the program run.
It won’t be super-effective, but it shows the concept of a Denial of Service.
basic-dos

 

 

So how do we improve its performance?
Multi-processing. Lots of parallel HTTP requests at the same time will probably work better. In this example I’ll be using 100 processes, where they constantly keeps spamming HTTP get requests.

multi-dos

This screenshot was taken just a few seconds after the script started, already making a huge load impact on the target webserver (cache is not enabled here).
The main issue with this type of requests, is that you are very limited to what you can do with it. One of the main reasons is so predefined methods like requests or urllib will comply with RFC standards.

Because of that, I’ll use a empty TCP stream socket so I can manipulate the data more freely.

Next part is how to exploit and abuse RFC’s to our advantage

2 Responses to “Unicorn Cannon – The making of”

  1. R says:

    Hi. Great article. Is there a way to block the FIN and RST packets using Python? Also what are good strategies to prevent DOS attacks of malformed TCP packets?

    Thanks ~R

    • Torstein says:

      Thanks, both yes and no. You can avoid sending FIN packets by manually writing your own TCP handshake using scapy.
      RST packets are automatically sent in return by the kernel – for tcp sessions that does not exist, so these needs to be blocked by a firewall like IPtables.

Leave a Reply

Your email address will not be published. Required fields are marked *