I'm using Snort to study detection, and I wanted to simulate a DoS attack from the inside to another computer in my home network, but I have a question.
If I start to flood the target computer with network requests would that only affect the target computer or could I also block the entire network if I send too much packets?
A little background first. As you know, when communicating over a network, programs split raw data into "packets", which as well as this raw data also contain some extra information:
Routers are the physical devices that move packets around, using the above extra information. According to specifications, routing systems are expected to be responsible for two things:
That second point is the important one for your question. It means that with the exception of multicast packets, a router only forwards a packet on the route it needs to go through to get to the destination. Other routes shouldn't even know about the existence of the packet.
In theory, if you place a dedicated router between the attacker and the target, the only devices that will notice the load are
And that solves your problem. Now, I'm not saying that all routers will respect this, but it should be how it works.
Generally, if you are doing DoS from computer to another, you are hitting anything (like routers, ...) between them with the same load.
Since you mentioned home network, I'm going to bring up a couple of points that may be unique to them.
First, there's the use of dumb switches. Quite often, home customer premises equipment will use dumb unmanaged switches with no support for spanning tree. Internally, this might be a separate switch chip or it might be integrated onto main system-on-a-chip. These switches may be overloaded by large amounts of packets. While routers do routing on the network layer, switches do their own forwarding on the data-link layer. They also need to read the frame, get the MAC addresses and then do the forwarding. If the load is too high, they switch may become unresponsive. If the switch is not a separate chip, it can bring whole CPE down. A simple way to see how that looks like is to take an average home router, a network cable and to connect the cable to two switch ports on the router. Leave the cable connected for about a minute and watch what happens.
Next maybe not so obvious issue is if one (or even worse both!) of the computers is connected via WiFi. WiFi is a shared medium and has a very important concept of air time which is time it takes to transmit a frame. This time depends a lot on the data rate used by the network.
Basically, only one transmitter can work on WiFi at one time on the same channel, even if they are in different networks. That transmitter will take control of the channel while it's transmitting its frame and others have to stay silent and wait for it to finish. If you have a scenario with two computers on WiFi and an access point, then one computer will have to transmit to AP, then AP will have to transmit to second computer, then again back for confirmation of reception.
If you're using WiFi for experimentation, then you could potentially, depending on the access point used, starve out other users of their air time if you send a large amount of small packets, especially if your computer is using a low data rate. This is especially big issue if you try combining WiFi and multicasting. Since in such scenario there is no confirmation of reception of multicast packets, many access points will default to the lowest data rate they support, in order to maximize the number of potential receivers. On many units, this can go as low as the speeds of IEEE 802.11 (with no letters), meaning 1 Mb/s or 2 Mb/s! This will seriously disrupt any operation of any WiFi network on that channel, since it will eat up air time.
It will surely impact the complete network, as sending too many packets would lead to bandwidth starvation in the local network. Also the router through which you are connected could start dropping packets if it isn't capable of handling them all !!
I would rather suggest for you to test the DDoS on a virtual environment.
If you start to send lots of packets it would probably create a bottleneck on the network. But you can try to send only a few packets just for testing purposes.
