2

Recently I set up 2 virtual machines with Mint 18 inside, to practice and analyze some DDoS attack types. For now on, I'm using hping3 to perform some simple DDoS (or I should say, DoS attacks, since there's only one VM against another).

I read a lot about hping3 and know how to make a regular syn flood:

sudo hping3 -S --flood x.x.x.x (I don't need the --tcp option, because I read it's a default setting).

To make a spoofed syn flood, I simply need some random, fake IP source addresses. So far, so easy: sudo hping3 -S --flood --rand-source x.x.x.x.

However, I read somewhere online, that to make a spoofed syn flood, I need some extra parameters: -P -U. I did hping3 -h and saw:

-P  --push       set PUSH flag
-U  --urg        set URG flag

So it seems a 'real' spoofed syn flood should look like this: sudo hping3 -S -P -U --flood --rand-source x.x.x.x

But I don't really understand:

  1. Why do I need these flags?
  2. What's more important, what's their purpose?
  3. Why do I not need them in 'standard' flood?

Thank you.

mazix
  • 195
  • 1
  • 7

2 Answers2

1

No as far as syn flooding is considered you don't need those flags .. these flags are pointless when there is no tcp payload

Syn in all standard implementation of TCP/IP stack are packet with empty payload

Arjun sharma
  • 660
  • 3
  • 20
1
  1. Why do I need these flags?

For generating SYN flood, you really don't need these flags (i.e., PUSH and URGENT flag).

  1. What's more important, what's their purpose?

These flags are part of TCP header and like other flags, they have some well defined roles and usage. To get to know more about these 2 flags, read this.

  1. Why do I not need them in 'standard' flood?

You can achieve some extra things by using these flags and this will help you in achieving high flood density.

Hope this helps !!!

Community
  • 1
Gaurav Kansal
  • 637
  • 6
  • 22