A Denial of Service (DoS) attack is designed to cause service outages. These attacks can easily cost an organization a significant amount in damages and wasted, even if the attacker does not demand a ransom to stop the attack. A number of different free DDoS tools exist, making it cheap and easy for even unsophisticated attackers to use this attack technique.

Bạn đang xem: Download

What is a denial-of-service attack?

A DoS attack is any attack that is designed to take a system offline or make it unavailable to legitimate users. The goal of the attack could be to hurt the target organization, extort a ransom to allow services to be restored or cover up another attack.

DoS attacks can take advantage of a number of different vulnerabilities within a computer system. Buffer overflow vulnerabilities and other programming flaws can be exploited to cause a segmentation fault or other error that causes a program to crash.

However, the most common method of performing a DoS attack is to take advantage of bottlenecks within a computing system. Every component of a system has a maximum amount of traffic, data, connections and so on that it is capable of processing, and the entire system is limited by the component with the lowest threshold. Most DoS attacks are designed to exceed this maximum capacity, making it impossible for the system to process legitimate user requests.

DoS attacks can be performed in multiple different ways. Examples of common attack techniques include:

Volumetric attacks: Network connections and network interface cards (NICs) have set bandwidth limitations. Volumetric attacks attempt to overwhelm these systems by sending more data than they can handle. These attacks may be composed of a massive number of small packets or a smaller number of very large ones.Protocol-level attacks: Computers have a set number of TCP and UDP port numbers allocated and cannot handle a new connection if no port is available. Protocol-level attacks attempt to consume all of a computer’s available connections, making it incapable of accepting new connections.Application-layer attacks: Applications communicating over the network need to be capable of processing the requests that they receive. In many cases, an application’s thresholds are much lower than the infrastructure that it runs on. By sending many legitimate requests to an application, an attacker can consume all of its available and make it unavailable to legitimate users.

DDoS or distributed denial-of-service attack

DoS attacks are designed to overwhelm a service with more traffic than it can handle. However, this assumes that the attacker has the necessary to achieve this.

Distributed DoS (DDoS) attacks are designed to ensure that the target is overwhelmed by taking a many-to-one approach to the attack. Instead of using a single machine to perform an attack, the attacker uses a botnet.

Xem thêm: Gh3 Là Gì Về Đàn Piano Yamaha Clavinova, Gh3 Nghĩa Là Gì

This botnet is composed of many attacker-controlled machines, including compromised computers, leased cloud infrastructure and more. Each of these machines is instructed to send some traffic to the target service. By taking advantage of its greater numbers, a DDoS botnet can take down any unprotected service, even if the target has more network bandwidth and better computers than the attacker.

Free DoS attacking tools

It’s possible for an attacker to write custom software to perform a DoS attack or malware to perform a DDoS attack, and many DDoS websites offer DDoS-as-a-Service. For penetration testers wishing to perform their attacks independently but don’t want to write their own tools, a number of free DoS attack tools exist.

1. LOIC (Low Orbit Ion Cannon)

LOIC is one of the most popular DoS attacking tools freely available on the internet. The famous hacking group Anonymous has not only used the tool, but also requested internet users to join their DDoS attacks via IRC.

LOIC can be used by a single user to perform a DoS attack on small servers. This tool is really easy to use, even for a beginner. This tool performs a DoS attack by sending UDP, TCP or HTTP requests to the victim server. You only need to know the URL or IP address of the server, and the tool will do the rest.


Image 1: Low Orbit Ion Cannon

You can see a snapshot of the tool above. Enter the URL or IP address, and then select the attack parameters. If you are not sure about what settings to use, you can leave the defaults. When you are done with everything, click on the big button saying “IMMA CHARGIN MAH LAZER”, and it will start attacking the target server.

This tool also has a HIVEMIND mode. It lets attackers control remote LOIC systems to perform a DDoS attack. This feature is used to control all other computers in your zombie network. This tool can be used for both DoS attacks and DDoS attacks against any website or server.

The most important thing you should know is that LOIC does nothing to hide your IP address. If you are planning to use LOIC to perform a DoS attack, think again. Using a proxy will not help you because it will hit the proxy server not the target server. This tool should only be used for testing the resiliency of your own systems against DoS and DDoS attacks.


XOIC is another nice DoS attacking tool. It performs a DoS attack against any server if the user can provide an IP address, a target port, and a protocol to use in the attack. Developers of XOIC claim that XOIC is more powerful than LOIC in many ways. Like LOIC, it comes with an easy-to-use GUI, so a beginner can easily use this tool to perform attacks.


Image 2: XOIC

In general, the tool comes with three attacking modes. The first one, known as test mode, is very basic. The second is normal DoS attack mode. The last one is a DoS attack mode that comes with a TCP/HTTP/UDP/ICMP Message.