You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-t private or public IP address of target webserver -p target webserver's port number (defaults to port 80 if not provided) -i your network interface (running without -i will fail, but it will suggest all found interfaces, ie: lo, wlpxxx, eth0 etc.)
Enter control-c to stop the flood attack.
Each packet's IP address is spoofed. MAC addresses are not spoofed.
It is up to you to spoof your MAC Address beforehand if desired.
This attack may only work on web servers susceptible to numerous half-open connections (SYN_RECV).
To demonstrate this, a small Ubuntu Mate running Apache2 will act as the target.
It's a physical machine on a private network.
1. The tcp_syncookies flag was set to 0 (to make the target vulnerable for demonstration purposes) and the webserver was started on the target:
The attacker machine (a separate physical machine also running Ubuntu) executes the gosynflood exe with root privileges:
The initial SYNs are visible in Wireshark on the target, purposefully never completing the thee 3-way handshake:
During the attack the webserver should be unreachable at it's URL if it is susceptible. The half-open connections are visible via the command netstat -na --tcp
This was developed on Ubuntu 18.04 LTS.
Author: rootVIII 2020
About
Demonstrates a synflood DDOS attack with raw sockets (for Ubuntu and Debian-like distros)
