Many tools have been designed by hackers to cause DOS and DDOS attacks.The common tools are LOIC, HOIC, XOIC, RUDY, slow loris and HULK.We will discuss these tools and the mitigation techniques for DOS.
Before 10 years, these tools can be used effectively to bring down almost any website.Now DOS resistant devices and networks have been developed which can save your networks from even large volume DDOS attacks.
Low orbit ion cannon:
This is a tool that was developed by praetox.It can cause TCP or UDP or HTTP flooding on a particular target.It became famous after it was used by a group called anonymous to cause the denial of service on the sites that opposed Wikileaks.Use this tool cautiously, as the proxy cannot be used for this tool the target gets your IP for every request you make.
High orbit ion cannon:
This is an advanced version of LOIC developed to cause high magnitude DDOS attacks.It works mainly based HTTP GET and POST requests.The main difference is that HOIC can work based on boosters.There was also used by the anonymous group to cause DDOS attacks in 2013.
It can perform DOS using TCP/UDP/HTTP/ICMP messages.It can be operated in three modes.It can be used perform DOS on a target IP using the desired port and desired protocol.Not many famous attacks have happened using XOIC.But this a nice tool to identify the vulnerabilities that can be exploited by DOS attacks.
R u dead yet?
This is one of the unique dos tools.This follows the low and slow strategy and this is tough to detect.The principle behind this attack is establishing a huge number of threads with never-ending HTTP POST packets which drains out the server resource causing the denial of service.It detects web forms in the web pages and sends HTTP POST packets with large headers which prevent the server from disconnecting.
This is a basically packet generator which can be used to cause DDoS attacks.One of the main features of hping is that it can be used to spoof the source address so that the target receives each request from random IPs.You can customize the attack by specifying the time interval, target port, window size etc.
Apart from these, there are tools like HULK,#Refref, Pyloris etc used for denial of service.Most of the tools are available in Sourceforge website.Hping is default Kali Linux tool.
In the beginning, the organizations faced volumetric DDoS attacks like TCP flood, UDP flood etc.Then came the application layer DDoS attacks which drains out the server resources etc.These required firewalls, IDS, IPS, WAF, load balancers etc to protect the network.Nowadays DDoS attacks are mostly hybrid which includes both volumetric and application attacks.
Protection against volumetric attacks requires a hardware device which filters and sends only legitimate packets inside the network.Protection against application attacks requires behavior-based analysis and devices like WAF to protect the network.
Nowadays DDoS resistant architecture has been developed.The vendors provide hybrid security with cloud-based and on-premise protection.Each and every packet is monitored.The flooding packets are sent to a scrubbing center where it is filtered and other packets are monitored based on behavioral analysis and signatures.Famous DDOS protection vendors are arbor networks,f5 networks,incapsula and Radware.