C# Class LOIC.ReCoil

ReCoil basically does a "reverse" DDOS Requirements: the targeted "file" has to be larger than 24 KB (bigger IS better ;) !)

it sends a complete legimit request but throttles the download down to nearly nothing .. just enough to keep the connection alive the attack-method is basically the same as slowloris ... bind the socket as long as possible and eat up as much as you can apache servers crash nearly in an instant. this attack however can NOT be mitigated with http-ready and mods like that. this attack simulates sth like a massive amount of mobile devices running shortly out of coverage (like driving through a tunnel) due to the nature of the congestian-response this could maybe taken a step further to self-feeding congestion-cascades if done "properly" in a distributed manner together with packet-floods.(??) Limitations / Disadvantages: this does NOT work if you are behind anything like a proxy / caching-stuff. in this implementation however we are bound to the underlying system-/net-buffers ... due to that the required size of the targeted file differs -.- Dataflow: {NET} --> {WINSOCK-Buffer} --> ClientSocket .. so we have to make sure the actual data exceeds the winsock-buffer + clientsocket-buffer, but we can ONLY change the latter. from what i could find on a brief search / test the winsock buffer for a 10/100 links lies around 16-18KB where 1 GBit links have an underlying buffer around 64KB (size really does matter :P ) what to target?: although it might makes sense to target pictures or other large files on the server this doesn't really makes sense! the server could (and in most cases does - except for apache) always read directly from the file-stream resulting in nearly 0 needed RAM --> always target dynamic content! this has to be generated on the fly / pulled fom a DB and therefor most likely ends up in the RAM! high-value targets / worst case szenario: as it seems the echo statement in php writes directly to the socket .. considering this it should be possible to take down the back-end infrastructure if the page does an early flush causing the congestation while still holding DB-conns etc.

Inheritance: cHLDos

Exibir arquivo Open project: NewEraCracker/LOIC Class Usage Examples

Public Methods

Method	Description
ReCoil ( string dns, string ip, int port, string subSite, int delay, int timeout, bool random, bool resp, int nSockets, bool usegZip ) : System	creates the ReCoil object. <.<
Start ( ) : void
Stop ( ) : void

Private Methods

Method	Description
bw_DoWork ( object sender, DoWorkEventArgs e ) : void

Method Details

ReCoil() public method

creates the ReCoil object. <.<

public ReCoil ( string dns, string ip, int port, string subSite, int delay, int timeout, bool random, bool resp, int nSockets, bool usegZip ) : System
dns	string	DNS string of the target
ip	string	IP string of a specific server. Use this ONLY if the target does loadbalancing between different IPs and you want to target a specific IP. normally you want to provide an empty string!
port	int	the Portnumber. however so far this class only understands HTTP.
subSite	string
delay	int	time in milliseconds between the creation of new sockets.
timeout	int	time in seconds between request on the same connection. the higher the better .. but should be UNDER the timout from the server. (30 seemed to be working always so far!)
random	bool	adds a random string to the subsite so that every new connection requests a new file. (use on searchsites or to bypass the cache / proxy)
resp	bool
nSockets	int	the amount of sockets for this object
usegZip	bool	turns on the gzip / deflate header to check for: CVE-2009-1891 - keep in mind, that the compressed file still has to be larger than ~24KB! (maybe use on large static files like pdf etc?)
return	System

Start() public method

public Start ( ) : void
return	void

Stop() public method

public Stop ( ) : void
return	void