##### Paths of the script and other files
##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with –cron
##### option so that the new frequency takes effect
##### How many connections define a bad IP? Indicate that below.
##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
##### KILL=0 (Bad IPs are’nt banned, good for interactive execution of script)
##### KILL=1 (Recommended setting)
##### An email is sent to the following address when an IP is banned.
##### Blank would suppress sending of mails
##### Number of seconds the banned ip should remain in blacklist.
If everything is alright, open the configuration file once more and change the bellow setting
DEVEL_MODE=0 And run the restart command once again. Useful commands:
tail-10/var/log/apf_log# last 10 lines from log
apf-d220.127.116.11RESON# blocking the IP 18.104.22.168
apf-u22.214.171.124# unblocking the IP 126.96.36.199
/etc/apf/apf-r# restarting the firewall
HOIC (High Orbit Ion Canon)
LOIC ( Low Orbit Ion Canon)
OWASP DOS HTTP Post
GoldenEye HTTP Denial of Service Tool
Slowloris HTTP Dos
Here, we are testing DOS Deflate against HOIC. It is one of the most popular DOS attacking tools freely available on the Internet. This tool is really easy to use even for a beginner. We can download this tool from the URL mentioned below.
After downloading the tool, we need to extract it into the folder and open it by clicking the hoic.exe file. We will get the following HOIC interface.
Now, we need to add the IP Address or the URL of the server in which we have configured the DOS Deflate.
After adding the target URL, we will the see this URL in the target section.
Then, click on the “FIRE THE LAZER” icon and it will start the DOS attack on the server. After 2 minutes we will receive an email at the email address which was mentioned in the server configuration, stating that the IP address has been banned on the server.
We can also check the banned IP address by logging in to the server and checking the IP tables. We can check the IP tables status by the following command.
iptables -L -n
It can be seen in the above screen shot that DOS Deflate has banned the IP address through the IP tables in which we had started the HOIC DOS tool.
Another commonly used DOS attacking tool is Slowloris HTTP DOS. It was developed in Python. It has some of the very good features in it. This tool is availablein both Windows and Lnux platforms, but we will use the Linux flavur of this tool. We can download this Python script based tool by running the mentioned command below.
After downloading the tool, we will make it executable,
== How to install Slowloris on Linux ==
Install perl from your packages, you should find it easily. Note that you need ithreads to be enabled (it should be enabled in most the distributions by default; on gentoo you should add the ithreads USE-flag before (re)installing perl).
Then, you need IO/Socket/SSL, that you should find in your packages or searching on the web. In ubuntu, the package is libio-socket-ssl-perl; on gentoo, it's dev-perl/IO-Socket-SSL.
Then, open a terminal/console and type (or copy-paste):
You can replace gerbad.ir with the host you want to attack. You can also replace values for timeout and number of sockets (just by changing the last line), but these options should do it. If you want to run Slowloris again, once it has been installed, just run the last line.
then give the following command which will launch it on the URL.
./slowloris.py –dns <URL of the Server>
After starting the attack, we could check the email or IP table status for verifying whether it is blocked by DOS Deflate or not.
We have successfully tested DOS Deflate against all the tools which were given above in the article. Readers can try by themselves so that they can understand it better.