DoS attack using iperf in the network - tcp

I would like to do a TCP DoS attack using iperf in my simulated network. (I use mininet). The only code that I could find is the following command for making UDP burst traffic in my network which is not relevant.
(host1: 10.0.0.1) iperf -s
(host2: 10.0.0.2) iperf -c 10.0.0.1 -b 30M -l 1200
Please let me know if there is a better code to do the TCP DoS attack using iperf or even if, there is any other code or approach to make TCP traffic as an attack.
Thanks in advance.

The only thing I could do is that, just to add number of iperf tx form attacker using threads. In this way,it sends packet in parallel to the server. So, I used the following code:
host1: 10.0.0.1) iperf -s
(host2: 10.0.0.2) iperf -c 10.0.0.1 -b 30M -l 1200 -P 6

If you want to send UDP flooding, then you must use -u switch on the server command:
iperf -s -u
on the client side, using your specification, it will be:
iperf -c 10.0.0.1 -t 200 -l 1200 -P 6

iperf is suitable for bandwidth testing. If you want to do ddos attack, please try hping3 or dperf.

Related

nmap scan (part of UDP but full range TCP)

i have a question about nmap scan exactly about part of udp ports but full range tcp ports together...is it possible? I mean that i would like to scan just a few udp ports (most common) but the whole 65535 tcp in one command.
i try this full range but this is very slow
nmap -v -n -sT -sU -p- -sV -sC --open --reason (ip)
i also try
nmap -v -n -sT -sU -p U:53,111,137 T:(here need tips for full range tcp) -sV -sC --open --reason (ip)
thanks for your time
The syntax you need to use is: -p U:53,111,137,T:-
The - part means "all ports" and is equivalent to 1-65535. Because it comes after the T:, it applies only to TCP ports.
You probably also want to use -sS instead of -sT. Both scan for open TCP ports, but -sS lets Nmap have more fine-grained control over scan probes and a better understanding of responses, which leads to faster overall scan times. -sT uses generic socket connect() calls, which can be less efficient.

How can I stop iperf server when it finishes?

Once the client finishes the process is automatically closed. I would like to do the same thing in the server side, because I want to automatize some processes, but the server side finishes but remains open.
In iperf3, you can just give the -1 parameter and it will close automatically. It only accepts one connection and it will exit when that is finished.
Example:
% iperf3 -s -B 192.168.20.10 -p 70011 -1
I think it depends on the version. I can speak for iperf 2 where we recently added this capability. When the -server is launched there will ultimately be two threads per the "server", a listener thread and a traffic (receiver/server) thread. So -t does a few things, it sets the listener thread timeout and the traffic threads' times. The listener thread is the parent of the traffic thread so it must wait for the traffic threads to complete before it can terminate.
Example: Let's say one issues iperf -s -t 30 which will keep the listener around for 30 seconds. If no clients present themselves within 30 seconds the "server" terminates after 30 seconds. But if 20 seconds after the iperf -s -t 30 a client connect, e.g. iperf -c <server> -t 30, then the listener/server will to stay around for 20 + 30 seconds before terminating. (Note: The client's -t <value> isn't passed to the server so the server -t needs to be equal or greater than the clients -t.)
In server side of iperf there is no -t option for time limitting. You can use -P option for limiting the incoming clients.
For example if you run iperf -s -P 1 command, after the client finishes the test, the server shuts itself down.
use iperf option -t . So that it will stop after t seconds. Default iperf client timeout is 10 seconds. so it stops after that.
Try. Here both will stop after 10 seconds.
Server: iperf -s -t 10
Client: iperf -c <ipaddress> -t 10
Start it in background, wait until it's complete and after kill it.
iperf -s -w 2Mb -p 5001 &
sleep 20
pkill iperf

Load-balancing UDP on localhost by source IP

I have a server (openvpn) which is not multithreaded and hence does not take advantage of the multiple cores in the box. I'm trying to solve the problem by running multiple servers, each on a different port, e.g. 127.0.0.1:8000, 127.0.0.1:8001, ... then load balancing the exterior 1194 port based on the source IP -- openvpn uses UDP but all packets for a client must arrive at the same server.
Issue I'm running into is how to load balance. I tried IPVS, but it seems like it doesn't work with servers on the same host. Then tried nginx's new udp feature, but again no dice. Any ideas on how to achieve this?
I discovered that plain old iptables can create such a load balancer, using the HMARK target extension (see man 8 iptables-extensions).
Essentially the HMARK target can mark a packet based on a hash of specific IP tuple parameters, source IP and source port in my case, as these will be unique per client, even behind a NAT. Then I can route the packets to the appropriate localhost server based on the mark:
iptables -A PREROUTING -t mangle -p udp --dport 1194 -j HMARK \
--hmark-tuple src,sport --hmark-mod 2 \
--hmark-rnd 0xcafeface --hmark-offset 0x8000
iptables -A PREROUTING -t nat -p udp -m mark --mark 0x8000 \
-j DNAT --to-destination 127.0.0.1:8000
iptables -A PREROUTING -t nat -p udp -m mark --mark 0x8001 \
-j DNAT --to-destination 127.0.0.1:8001
Remember to enable routing packets to localhost:
sysctl -w net.ipv4.conf.eth0.route_localnet=1

Do i have reset service/something when banning an ip with iptables -j DROP

I just run this command
iptables -A INPUT -s 1.1.1.1 -p TCP -j DROP
Do i have to reset a service or something like that? It does not seems to work because when i use netstat -antp i can still see the ip i just dropped
The TCP connection may still be kept open until the timeouts (up to 5 minutes if I remember correctly), but the traffic itself should be dropped (eg. there should be no data flowing).

Checking how many connections are established on specified port

How can I check, how many connections are established for example on port 80 and then write it to the file using bash console?
I've read that netstat can do this, but I can not find , what exactly should I do with that, as I'm newbie on "Unix" systems.
You probably want sockstat if you're on FreeBSD:
sockstat -c -L -P tcp -p 80

Resources