What is an IP Stresser?
An IP Stresser (or IP Booter) is a service that allows a customer to simulate a DDoS attack against a site that they control. It’s a tool for testing the strength of a network’s protection against a coordinated attack designed to drive it off the Internet.
A Deeper Look
Most often, these types of attacks are launched against websites, but they can also be used on other computers and resources connected to the Internet, such as mail servers, or even individual PCs. In effect, the tool does this by launching an actual attack, using the current methods that a real attacker would use. The difference between an attack from an IP booter and a real DDoS attack is that the booter typically uses legally rented servers or cloud computing instances set up for the purpose. A real attacker would be more likely to use a Botnet, which is an ad-hoc network of malware-infected computers.
Despite the differences in infrastructure, the effect is the same which means that if you use a booter against your website, and it’s not adequately protected, it’s going to go offline.
Why DDoS Protection is Important
A website is a considerable investment and represents the public face of an organization or individual. In the case of web services and SaaS providers, it’s also the primary method of delivering a paid service. Making sure the site is available when someone wants to access it is a vital concern. There are plenty of things that can take a website offline. From natural disasters to mistakes made by an engineer, there are probably thousands of ways a site could be taken off-line accidentally.
And then there are the deliberate malicious actions of people who want to see the site fail. They could be competitors, disgruntled employees, or just someone with a chip on their shoulders. Whatever their reason, they’ll do whatever they can to take the site down. If they have shell or FTP access to the server, it’s trivially easy to deface or delete the site. But for most attackers, that’s not possible. So if they can’t login to the server, they do the next best thing – shut it down through a Denial of Service attack.
Getting in the crosshairs of a DDoS attack is easier than you think. Say the wrong thing on a web forum or tweet, and you’re a target. And when I say wrong, I mean wrong from the point of view of the attacker, naturally. There are even cases of gamers getting knocked off-line by a sore loser. If your website or network is unprotected against DDoS attacks, they’ll almost certainly succeed. If you are protected, then you may still be booted off-line – it depends on the strength of the attack, and the measures used to protect you, which brings us to why you should test your protection.
Why DDoS Protection is Important
The main reason to test your protection is to make sure it works. These days, every web host claims to be fully protected against DDoS attacks. Even the cheapest ones do. And it’s probably true, to a degree. But often the protection is quite weak, and there are lots of different attack methods in the DDoS toolbox. The only way to cut through the sales talk and empty promises is to test it for yourself with an IP stresser. And if you find your site stands up to the punishment, give them a pat on the back and tell your friends. If it doesn’t, I imagine you will have a different type of conversation with them. Either way, it’s better to know now before it’s too late. Let’s put it this way. If you were going to jump from a plane, wouldn’t you want to be sure the backpack you were wearing contained a parachute? Personally, I’d check that out before even stepping into the plane. Well, that’s what you’re doing when you run an IP booter against your site.
How DDoS Attacks Work
To use a stresser service effectively, you need to have some idea of what it does. Each service provides a lot of different attacks and tools for you to tinker with. If you don’t know what they do, you’ll get lost fast. Although there are many different types of denial of service attacks, they all share the same basic goal. That goal is to prevent the target from providing services through the Internet. Serving web pages is a service, so anything that stopped that from happening would be a “denial of service.” The most common approach with these attacks is to flood the target with so much network traffic that it can no longer function properly. These attacks attack weaknesses in different networking protocols.
IP Stresser Attacks: A Deeper Understanding
Bringing attention to a DDoS attack is only part of the work. Often, when IP stressers and booters work, they have dedicated servers in offshore countries that are sending spoofed packets to your server. Due to the low liability laws in the countries where the servers are hosted, taking you or your site offline is as easy as putting it into a Skype resolver and finding the IP. From then on, all they do is insert the IP address of the desired target into a web stresser and the packets will be initiated almost instantaneously. Take a look of what happens, for example, when an IP address is stressed using one of the aforementioned services.
As shown in the video, after selecting an IP address to flood with packets, it instantly times out, leaving the person or server to deal with a plethora of garbage traffic. In short, this is what an IP stresser and booter service provides. Keep checking back, we will be updating this page with more information.
Vulnerability Analysis
Networking is a complex subject – it takes years of study to become an expert. So I won’t be able to go into too much detail about how these protocols work. But I can tell you that there are several different protocols that work together to provide different services. For instance, a web server uses HTTP to receive requests from a web browser and send the desired files. HTTP is an application protocol (because it’s used by the browser and the server, which are both applications.) But HTTP itself relies on a lower-level protocol, called TCP (Transmission Control Protocol) which is a transportation protocol. TCP handles making sure that all the data from the browser arrives to the browser, and in the right sequence.
Streaming video and Internet Telephony, on the other hand, use a different protocol called UDP. Just like HTTP riding on top of TCP, there are lots of other application protocols built on UDP, such as DNS (which is used to turn a domain name, such as Google.com, into an IP address, such as 173.194.45.70). TCP and UDP both rely on the Internet Protocol or IP. All of these different protocols work together to provide services over the Internet. And just like a complex engine, more moving parts mean more things that could go wrong. DDoS attacks exploit these weaknesses to bring the elaborate engine to a grinding halt.
Layer 7 (Application Layer) Attacks
Some attacks work on the Application layer. For instance, a web server can only manage so many simultaneous connections, and then other requests must wait. Sending millions of “GET” requests for a large file is a crude but effective way to make a web server grind to a halt.
Layer 4 (Transport Layer) Attacks
Then there are the attacks that target the transport protocols. For instance, there is a SYN flood, which aims to block TCP. The SYN flood exploits a feature of the TCP protocol called the “handshake.” This is a simple procedure that all computers use when they connect via TCP.
Here’s how the handshake is supposed to go…
1. The first computer sends a “SYN” message (which means “ready to talk?”), to see if the receiver is ready to communicate.
2. If it is, it will respond with a SYN-ACK (which acknowledges the SYN message, and means “sure, go ahead”)
3. Then the first computer (the one who started the conversation) is supposed to send an ACK to let the second one know that it got it (essentially saying “OK, Ill start talking then.”)
It’s a very formal and polite little ritual they go through, and part of the politeness is waiting for the other side to answer (because Internet congestion could delay a reply).
Imagine if the first computer sent the “SYN” request and then ran away. The second computer would reply with the “SYN-ACK” and then wait. It would consume resources inside the computer while it was waiting. Now imagine if that happened millions of times over. The result would be that all the available resources would be eaten up, shutting down TCP.
There are similar attacks for UDP. Currently, the most popular UDP attacks are “amplified” attacks. They use lots innocent machines to increase the volume of traffic sent to the target, and also to cover the attacker’s tracks. Amplified attacks usually use “resolvers,” which are servers for protocols like DNS and NTP. The attacker sends requests to lots of these services, pretending to be the target using “IP spoofing.” These servers send detailed replies with lots of information to the target (who appeared to be asking for the information).
The result is that UDP is flooded and overwhelmed by tons of traffic from millions of sources. Why You Must Use an IP Booter So, now you have a little understanding of DDoS attacks, you may be wondering why you need to use a service to launch them. Couldn’t you attack a site from your computer?
Besides the high learning curve and technical skills you would need to develop to execute a DDoS attack all by yourself, the main reason is that it wouldn’t work. And there are two reasons for that…
1. Your computer couldn’t generate enough traffic fast enough to overwhelm your server. It almost has a better Internet connection than you do.
2. You’d trigger a massive alert with your ISP, who would probably shut down your Internet connection to limit the damage.
IP Stresser and Booter Overview
DDoS stands for “Distributed Denial of Service attack”. Distributed means many machines are working together. Attackers use an army of corrupted PCs to do the job. IP stresser services use multiple servers to do the same thing. In both cases, by launching the attack from multiple sources, it’s harder to block, and a much greater volume of network traffic is generated.
Booter and stresser services are very affordable, as they often take advantage of scalable technologies, such as cloud computing. These services allow the service provider only to pay for the resources consumed when the servers are in use. At any time when the service is idle, the expenses reduce to almost nothing. They pass the savings on to you as cheaper fees.
If your site is ready for launch, or if it’s already attracting attention, you should test your DDoS protection using a stresser/booter service as soon as possible.