How DoS Attack Effects on Any End Device: A Step-by-Step Lab by Aden Hawsh

 

                      DoS Attack on an End-Device

 

The Internet of Things (IoT) has become a favourable arena for bot herders to carry out distributed denial-of-service attacks. IoT devices are notorious for their inherent security vulnerabilities, with some being obsolete and unpatched for extended periods. In addition, some manufacturers may have ceased operations, but their devices remain operational and connected to many other IoT devices, such as CCT home cameras, which are attractive targets for cybercriminals. This permits bot herders to construct their cyber armies and initiate devastating DDoS attacks(Bertino and Islam, 2017).

 

Compromised home IoT devices allow bot herders to initiate attacks by flooding target servers or networks with traffic. Criminals may use basic computers or devices to send massive ICMP packets, resulting in temporary or permanent loss of service. In certain instances, attackers may use compromised IoT devices to initiate attacks on nearby IoT devices, thereby expanding their botnet armies.

Figure 27 depicts how a hacked IoT device can be recruited as a bot army and then used to coordinate attacks on other victim machines, such as servers and production machinery, to exhaust their resources or render them unusable or inaccessible to customers.

 

Figure 1 DDoS attack using Smart Homes IoT devices as botnets.

 

We all remember how the Mira botnet malware hit in 2016 and wreaked devastation throughout the world. The Mira botnet is a type of malware designed specifically to infect IoT devices such as routers, IP cameras, and digital video recorders, transforming them into a network of bots that may be used in large-scale cyber-attacks.

 

 

Hping3 will be the first tool we will put to the test. Again, Kali Linux was used as the platform of choice for black hat hackers.

 

Hping3 is a popular network testing and security evaluation tool. Security professionals and hackers frequently use it to test the security of networks and devices. To carry out various forms of attacks, Hping3 may produce packets and send them to target devices. These attacks can range from simple ping floods to more complex such as TCP/IP stack fingerprinting.

 

The programme is especially handy for launching denial-of-service (DoS) attacks on IoT devices. These attacks might cause the gadget to malfunction or become unusable by overwhelming it with traffic. Hping3 can flood the device with traffic, causing it to crash or freeze.

In this paper, I will demonstrate how that attack reduces the ability to perform

 

 

Attacking instruction.

 

Step 1. We downloaded the hping3 in my Kali attacking machine as the following command shows in Figure 24.

 

Figure hping3 installations command on Linux machine.

In this demonstration, I examined the IP address of my victim’s Windows PC.

The IP address is shown in Figure 29. Using arp-scan, where arp-scan will send ARP requests to every host within the specified network range. The -l option instructs the arp-scan to select the range of addresses to scan based on the IP address and netmask of the present network interface. whereas Netdiscover does listen for other machines' requests and takes a long time to return results.

 

Figure  arp-scan -l results (victim machine IP 10.0.2.19)

We intend to use hping3 to initiate an ICMP echo request flood against a Windows 7 computer, which is the target of this operation. The purpose of this flood is to exhaust all of the target machine's resources. I will use Wireshark, installed on the target machine, to simultaneously capture and analyse the incoming request flood. In addition, I will monitor the Windows 7 computer's performance to determine the influence of this deluge on system resources.

The command I use is captured in Figure 28

 


Figure 4 hping3 flood command target machine 10.0.2.19

 

 

Figure 5 shows Wireshark captures after we increased the size of the ICMP packets to 24300. Given that my Windows PC's resources are average, we purposefully implemented this increase to accelerate the rate at which those resources are depleted. Choosing this path allowed us to experience first-hand how my actions affected the computer I was aiming at.

 



Figure 5. Traffic (ICMP packet, IPV4 protocol) on Wireshark

The system performance monitor of my intended Windows 7 workstation is shown in Figure 32 below. The speed graph showed a dramatic increase after we sent an ICMP echo request from my Kali computer using hping3. Within the first three seconds of the attack, the graph shows a meteoric rise from 0 to 40% per cent of total resources. then there was a gradual increase in resource utilisation right up until the point where machines began to freeze and shut down.

 

Figure 6. Resource monitor of Windows 7 as the flooding attack happens.

Figure 6 and Figure 7 demonstrate that the ICMP echo flooding that was sent by the attacking machine running Kali has caused the victim's Windows computer's physical RAM to be consumed.

 

Figure 7.The physical memory of the victim’s machine

Figure 8 is a graphic depiction of the consequences of such an attack, demonstrating that it can have significant effects on production machinery. Following the attack, the Windows 7 computer reported insufficient memory and then shut down. Similarly, home IoT devices, including CCTV cameras and control units, are susceptible to the same flaws and even have less computing power and memory. Putting these devices under a denial-of-service attack can have negative consequences.

 

Figure 8 Windows 7 shows low memory and finally freezing as the resource was consumed by flooding.

As seen in Figure 8 the goal of these attacks is to overwhelm IoT devices with unauthorised network traffic or requests, rendering them unusable and disturbing their functionality. For example, if the Windows PC goes down, what about other IoT devices with less computer power, such as a smart thermostat that stops regulating temperature, a smart security camera that stops working, or a smart lock that stops performing? The impact is more than just a nuisance; it can also raise serious safety and security issues. For example, if a smart alarm system is penetrated by a Denial of Service (DoS) the hazard of fire and theft is higher.

 

Figure 9 shows that the Windows 7 computer is down and unreachable after ping because of that attack.

 

    Figure 9. The victim’s Windows 7 is unreachable and is down due to a DoS attack.

 

  

Conclusion 

 

After a thorough lab demonstration of the effects of a Denial of Service (DoS) attack on a Windows computer, it is clear that the availability of the system is seriously jeopardised, resulting in either a significant decline in performance or the total unavailability of services. The targeted Windows computer was subjected to excessive traffic volumes, which depleted memory, CPU, and network capacity. Because of this saturation, valid requests were refused access, demonstrating how susceptible unprotected systems are to denial-of-service assaults. The presentation emphasised how crucial it is to put strong security measures in place, such as intrusion detection systems, firewalls, and appropriate network settings, in order to reduce the danger of such attacks and guarantee the availability of services.

 

Disclaimer

The information provided in this blog, especially regarding the Dos attack on an End-device  lab, is intended for educational purposes only. It aims to increase awareness about cybersecurity threats and to demonstrate how individuals can safeguard their networks. Under no circumstances should the content be used to engage in or promote illegal activities. Network testing should only be conducted on networks you own or have explicit permission to analyze. The author assumes no responsibility for the misuse of the information or any damages resulting from applying the techniques outlined. Always practice ethical hacking and adhere to all applicable laws and regulations.
Aden Hawsh

Comments

Post a Comment

Popular posts from this blog

Setting Up a Lab: Step-by-Step Guide to Installing Suricata as an Intrusion Detection System on Raspberry Pi to Generate Logs, by Aden Hawsh

Image
   Introduction. This lab guide was methodically developed with the primary purpose of serving as an educational resource for those interested in learning about and setting up a Security Operations Centre (SOC) basic lab. It is aimed at students who want to properly monitor their small office or home networks(for project or practice) while maintaining security and integrity. The growing incidence of cybersecurity risks needs a solid understanding of how to safeguard network infrastructures against potential attacks and unauthorised access. This lab aims to provide readers with the information and skills necessary to install and deploy Suricata, an open-source Intrusion Detection System (IDS), on a Radxa Raspberry Pi. This guide serves as a comprehensive instructional, bringing readers through each crucial stage of the process, from the initial configuration to the final implementation and testing phases  IDS (Suricata) on Radxa Raspberry Pi Figure 1 demonstrates how...
Read more

Step-by-Step Guide to Demonstrating Arp- Spoofing and Man-in-the-Middle Attacks in the Lab, by Aden Hawsh

Image
  Arp-spoofing and Man-in-the-Middle attack     An ARP spoofing cyberattack happens when an attacker uses the Address Resolution Protocol (ARP) to intercept communication between two parties, such as a user and a device, on a local area network (LAN). This attack is especially dangerous in the context of the Internet of Things (IoT), as it has the potential to undermine the entire network's security. Attackers can eavesdrop on the transmission or even manipulate the data being delivered by presenting themselves as a man-in-the-middle using ARP spoofing, putting both data integrity and confidentiality at risk. ARP spoofing attacks on IoT devices entail multiple important components. Initially, the attacker discovers the target IoT devices and then manipulates the network's ARP signals to make their machine look like the legitimate gateway or device. This allows the attacker to intercept and perhaps change data sent between the IoT device and other netw...
Read more

Understanding the Threat of Evil Twin Attacks on Home Networks , Lab Step by Step . By Aden Hawsh

Image
Understanding the Threat of Evil Twin Attacks on Home Networks   An Evil Twin attack is a common cyberattack in which a hacker sets up a rogue Wi-Fi access point that looks and acts like a real network in order to trick gullible people into connecting to it rather than the real one under the false impression that it is secure. Once connected, the attacker can access the victim's data and obtain private information like credit card numbers, login passwords, and private messages.   This kind of attack is common in public places like cafes, airports, and hotels since it takes advantage of people's faith in well-known Wi-Fi networks and needs little equipment. It can, however, also target people at home, highlighting the significance of caution and network security procedures for all internet users. It is essential to comprehend how Evil Twin attacks work and how to reduce the dangers associated with them in order to safeguard oneself against potential cyber threats. The Evil Twin...
Read more