Giters

HPaulson / udp-flood

A UDP-Flooding script created for my Freshmen Science Fair. This repository contains all code used, and experiment information / data! Enjoy!

Home Page:https://cdn.smc.wtf/scifare2020

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

udp-flood

This is a UDP packet flooding script I created for my Freshmen Science Fair at school. This script is to be used for educational or scientific purposes ONLY! DoS attacks are harmful, and I am in no way responsible for any damages or misuse of this script. Only use this script on yourself, or with the written consent of a server or network owner, for education or scientific reasons. This script is dangerous, and will flood your server with UDP packets. Use at your own risk!

All data and experiment information i collected during the Science Fair can be found below!

Experiment Overview

Abstract

How do UDP Packet Flooding affect a server's bandwidth? To test this I sent many UDP packets, which are generally used for sending information from client to server, however, in this case, are data packets used to increase bandwidth and create longer latency, to a server for 60 seconds to see how excessive packet requests would effect the maximum server bandwidth. The bandwidth increased a lot during my tests due to the constant packets incoming to the server. On average the bandwidth increased by 11.9 MBit/s during my trials, causing latency to spike and be extremely high. Overall I believe my experiment went very well and my hypothesis was correct.

Problem

How does UDP Flooding affect a server's incoming bandwidth?

Hypothesis

If I send many UDP packets to a server for 60 seconds, then the server’s incoming bandwidth will increase because the server cannot handle many requests at one time.

Materials

You will need: A Windows 10 computer to send packets from (Localhost), A Ubuntu 18.4 server from DigitalOcean.com with 2 vCPUs and 4gb RAM, Xampp software (https://www.apachefriends.org/index.html)

Procedure

1. First, you will need a hosting server. To get accurate data, you should use a Ubuntu 18.04.04 Virtual Private Server (VPS) with 2vCPU(s), 25GB SSD, 4GB ram, 4TB transfer x64 from DigitalOcean.com. You can use any server, however, the network and CPU differences may cause a difference in results.

  1. After you purchase a droplet (VPS) from DigitalOcean, Follow all prompts by DigitalOcean to continue setting up your hosting server, and getting the root password. Once the setup process is finished, you may log in. On a different Windows computer, press Windows Key + R at the same time. Then, in the prompt, type “CMD”. Your Command Prompt will open. Type the following command: “ssh root@IP”. Fill in “IP” with the IPv4 provided on the DigitalOcean website. Then press enter. Now, it will prompt your password. Type or paste (To paste, right-click) your root password provided by DigitalOcean during the setup process. NOTE: You will not be able to see the password as you type it! After, it will ask you to save this host to your computer. Type “yes” and press enter. If you logged in correctly, you will see something such as “Root@Example:#~”. If you have any issues logging in, setting up, or receiving your root password, contact DigitalOcean, or start over.

  2. Third, you will set up the UDP flooding script. First, you will have to download a tool to run the script. Go to https://www.apachefriends.org/download.html and download the Xampp tool. Find your system requirements, and click download. When the .exe file is finished downloading, you will need to run the file. Once the program starts, click “Next”. On the next screen, select all of the check boxes, and click “Next”. Finally, follow the prompts by clicking “Next” until the green status bar appears. During this process, you may get some pop-up prompts. Click “Allow Access” on any that occur. If another command prompt opens, ignore it. This is just a part of the download process. After the status bar reaches the end, the download is complete, and you can click “Finish”. Select the American Flag for English, and click “Save”. Then, you will have two prompts. On the “Configuration of Control Panel” prompt, select “Save”. On the other prompt (“XAMPP Control Panel”), select “Start” next to “Apache”, and “MySQL”. You may receive another prompt, if so select “Allow Access”. Now, click Windows Key + R once again. This time in the prompt, type “explorer”. Once the menu opens, you will have to scroll on the left sidebar until you find “This PC”. Once you find “This PC”, you can click on it. Then find “Windows (C:)” on the right side of the menu. Once found, double click it. It will open up a list of folders. You will need to find the folder called “xampp”, and double click it. Then, find the folder “htdocs” and double click the folder. Now, you will see a few files. You should see a file called “index” or “index.php”. Right-click this file, and press “Delete”. Now, you will need to install the UDP script. Inside of the File Explorer menu, click Shift + Right Click. Then press the “Open PowerShell window here”. (This may say “Open Command Prompt window here”) Then type “git clone https://github.com/C0braD3v/udp-flood”. Once the file is finished installing, and you see “done.”, you may close the PowerShell or Command Prompt window that you ran the command in. Back in file explorer, you will see a new folder called “udp-flood”. Double click this folder. Then, you will see a file named “index” or “index.php”. Click and hold on this file, and drag your mouse to the top bar where it says “htdocs >”. Drop the file (unclick your mouse) on top of “htdocs” to move it into that folder. Then, click on “htdocs”. You should see the “index” or “index.php” file again. If you do, it means you have done this step correctly. Otherwise, you should retry this step.

  3. Now it is time to start running the trials. Go into your browser of choice, and in the URL bar type “http://127.0.0.1/”. It should open a page with green text reading “UDP PACKET FLOOD”. If it does not, then try step 3 again. If it does, then you may begin your first trial. In the “SERVER_IP” box, type the IPv4 provided earlier by DigitalOcean. In the “SECONDS” box, type “60”. Now, you should run your control test. Go back to the Command Prompt window from Step 2. Type the command “apt install nload”. Once you see something like “root@Example#~” then it is completed. Then, run the command “nload”. You should see “incoming” and “Outgoing” titles. You may begin your control test. Set a timer for 60 seconds, and once competed log the “Cur” (current), “Avg” (average), and “Max” (maximum) values under the “Incoming” section. You may also log the time stamp of when you did the test, but this is optional. Press Ctrl + C to exit. To start your first trial, you will go back to hit your browser and click on the “SEND_PACKETS” button. (WARNING: UDP Flooding is a DoS attack. Ensure thatthe IP address listed in the “IP” textbox is the IP address of a server you own, and or have written consent of the owner to run that test. DoS is very dangerous and this procedure and script should be used for educational and scientific reasons only.) Very quickly go back to your Command Prompt window, and again type “nload”. Once completed, start a timer for 60 seconds. After the timer is complete, log the “Cur” (current), “Avg” (average), and “Max” (maximum) values under the “Incoming” section. Then press “Ctrl + C”. You will want to wait about five minutes before starting your next trial, as some packets may be delayed. To start your next trial, repeat the steps for trial one, and again for trial three.

  4. Now, draw conclusions and observe your data. When you have fully completed the experiment, you may go back to the “XAMPP Control Panel” window. Click “Stop” on “Apache” and “MySQL”. You may then close this window, and uninstall XAMPP if you chose. Also, you may remove your DigitalOcean droplet on the DigitalOcean website by selecting “Kill Droplet”.

Data

Analysis

My data reflects as I expected it to. As seen in my data table and graph, the maximum MBit/s of bandwidth increased in my trials, due to the server overflowing not being able to handle all the requests. As seen, during my trials the maximum MBit/s or bandwidth increased by 11.9 MBit/s average. This change is a very large difference and reflects on how large the impact of UDP flooding can actually be. Although in my trials I only tested for 60000ms with a fairly weak script, the packets were still powerful enough to have a large impact on the MBit/s of bandwidth. This proves the dangers of these floods, and that when used at much larger scales than the one in this test they can have very large and significant impacts.

Conclusion

Overall, I believe this experiment went very well. When I sent many UDP packets to a server for 60 seconds, the servers incoming bandwidth increased because the server cannot handle many requests at once. The data I collected during this experiment reflected my hypothesis, as the maximum and average packets increased from the control in each test. I noticed that in general, the UDP packets caused the server’s bandwidth to increase, which then caused high server latency for processes. The bandwidth increased in spikes, and did not have one increase and decrease. I noticed that when the script began, the bandwidth would shoot up, but then decrease, and increase becoming a “wave”, or spike in bandwidth. I found this very interesting as I expected the latency to peak as the packets came in, and continue until all the packets were processed. Possible errors in this experiment could have been starting or closing NLoad too late, causing the average latency to be slightly lower than accurate due to the average calculating after the packets were finished sending. To improve this, I could have used another computer to run the script in the browser, and a second one to view NLoad to ensure that it is stopped on time and the data is accurate. I could also try more trials and longer periods of time for the packets. All in all, I learned very valuable information about UDP packets and DOS attacks.

Applications

I found that these attacks can lead to very high server bandwidth, which can cause damage and very high latency. If these attacks were used on large companies, they could lead to harming actual users on a server. For example, if someone were to use this flood on a company’s server where they run a website, and a customer attempts to go on the site, they may not be able to access the site as the server is busy handling requests of the useless UDP packets. This could cause loss of traffic, revenue, and business for those running important processes on a server. This makes my experiment very valuable, to show the negative effects of these attacks, and how companies should take action to secure their servers to prevent this type of thing from happening on a real-world large scale.

About

A UDP-Flooding script created for my Freshmen Science Fair. This repository contains all code used, and experiment information / data! Enjoy!

https://cdn.smc.wtf/scifare2020

Languages

Language:PHP 100.0%