Home/ Hacking My Own Environment/ Denial-of-Service

Attack 01 — DoS

Denial-of-Service Attack

Network Config Hydra Metasploit Denial-of-Service Attack Mitigation

Overview

A SYN flood was performed against the Ubuntu server from the Kali Linux system. Thousands of SYN requests were sent to the HTTP server, causing it to create "half-open" connections until system resources were overwhelmed.

Reconnaissance

Step 1 — Identify the target

A website hosted at SnrProj.com was accessible from Kali Linux and served as the DoS target.

SnrProj.com website loaded in browser

Step 2 — Resolve the IP address

The ping command resolved the domain to 192.168.10.10.

Ping resolving SnrProj.com to 192.168.10.10

Step 3 — Confirm HTTP services

An nmap scan confirmed HTTP and SSH were open on the target.

nmap scan showing HTTP and SSH open

Step 4 — Configure Metasploit

Metasploit was launched and the auxiliary/dos/tcp/synflood module was loaded. RHOST was set to 192.168.10.10.

Metasploit synflood module configured

Demonstration

Step 5 — Launch the attack

The exploit command launched the SYN flood, running continuously until stopped with CTRL+C.

Metasploit exploit command launching the SYN flood

The impact on the Ubuntu server's resources was immediate:

Server resource usage before the DoS attack

Before the attack — normal resource usage

Server resource usage during the DoS attack

During the attack — resources overwhelmed

Video demonstration

← Metasploit exploit Attack mitigation →