Denial-of-Service attack
A SYN flood was performed on the Ubuntu server via the Kali Linux system. In the SYN flood attack, the Kali Linux system sent thousands of SYN requests to the HTTP server. The webserver attempted to respond to each request and created a "half-open" connection. System resources on the server were quickly overwhelmed as it attempted to establish thousands of connections a second.
Example website
A website was created for the purpose of this penetration test and is being hosted by the Ubuntu server. The website was accessible from the Kali Linux system by browsing to its domain name, SnrProj.com. The Kali Linux system was used to preform the DoS attack on the website.
Setting up the attack
The ping command was used on the website's domain name in order to obtain the IP address. From the Kali Linux system, the IP address was seen as 192.168.10.10.
An nmap command was then used to confirm that the target IP was running HTTP services. Other vulnerable services such as SSH were also discovered with this command.
Metasploit was started on the Kali Linux system and the auxiliary dos/tcp/synflood module was loaded. The RHOST option represents the target system and was set as 192.168.10.10.
Demonstration
The attack was launched with the exploit command. Once the attack is started it will continue to run until the break command (CTRL - C) is issued.
Screenshot of the system resource usage on the Ubuntu server before the DoS attack.
Screenshot of the system resource usage on the Ubuntu server during the DoS attack.
Wireshark was started on the Ubuntu server during the SYN flood and a packet capture was taken. Thousands of incoming SYN requests were seen as well as destination unreachable messages. This indicated that the webserver was being overwhelmed and had started denying further connection requests.