There are several DoS tools that can put heavy load on HTTP servers in order to bring them down by exhausting resource pools. GoldenEye is the first of those tools. You can DoS websites with GoldenEye and bring it down almost within 30 seconds depending on how big their memory pool is. Of course, it won’t work on protected servers and servers behind a proper WAF, IDS, but this is a great tool to test your own Web Server for load testing and amend your iptables/Firewall rules accordingly.
Details for GoldenEye tool:
From GoldenEye’s writer’s post:
- GoldenEye is a HTTP DoS Test Tool.
- This tool is meant for research purposes only and any malicious usage of this tool is prohibited.
- GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!
- Attack Vector exploited: HTTP Keep Alive + NoCache
Types of DoS or DDoS attacks
There are basically three types of DoS and DDoS attacks:
- Application layer DoS and DDoS attacks
- Protocol layer DoS and DDoS attacks
- Volume-based DoS and DDoS attacks
1. Application layer DoS and DDoS attacks
Application-layer DoS and DDoS attacks are attacks that target Windows, Apache, OpenBSD, or other software vulnerabilities to perform the attack and crash the server.
2. Protocol layer DoS and DDoS attacks
A protocol DoS and DDoS attacks is an attack on the protocol level. This category includes Synflood, Ping of Death, and more.
3. Volume-based DoS and DDoS attacks attacks
This type of DoS and DDoS attacks includes ICMP floods, UDP floods, and other kind of floods performed via spoofed packets.
The word DoS and DDoS is used loosely as when you attack from a single machine, it’s usually considered as a DoS (Denial of Service) attack. Multiply a single attacker from a botnet (or a group) then it becomes a DDoS (Distributed Denial of Service) attack.
Once download completes, unzip the master.zip
A folder, GoldenEye-master will be created. Change directory to that.
Running GoldenEye is easy. Following is the usage of goldeneye.py
Use the following command to run GoldenEye
You can even slow down the attack per IP to avoid initial detection:
./goldeneye.py http://www.goldeneyetestsite.com/ -w 10 -s 10 -m random
Defend against GoldenEye attack
Following suggestions would work well when you’re using Apache:
- Lower per IP connection (usually it 300 per IP for Apache)
- Edit connection per IP threshold.
- Disable KeepAlive and lower Connection Timeout settings (default is 300)
- If you’re hosted on a Shared server, contact SysAdmin. If they can’t defend this simple attack, just migrate to a better hosting company.
- Use a Web application Firewall (WAF).
- White-list incoming queries and this attack will have no affect on your server.
- NGINX and Node.js seems to work better against these type of attacks.