
DDoS any Wi-Fi network with just 7 lines of Python - nikisweeting
https://github.com/pirate/mesh-networking/blob/master/bringitdown.py
======
gruez
The "D" in DDoS stands for "distributed". Using one interface to flood packets
is not distributed.

~~~
Scarbutt
also, the "any" wifi network is misleading since you have to be connected to
the the wifi network which for most networks implies knowing the password.

~~~
nikisweeting
Not necessarily, if you know the channel you can create a network on the same
channel and then flood that one with noise. It should cause a bunch of packet
collisions and retransmits which would slow down the victim network. Haven't
tested this yet, so this is pure conjecture, I don't actually know if this
style of attack works. If someone does try it please do post back.

~~~
dogma1138
That's not how wifi works you better off buying a cheap sdr and just transmit
actual noise.

~~~
nikisweeting
Yes, but that kind of defeats the purpose of having a simple code snippet with
few dependencies. I don't know much about 802.1 and how it deals with noise,
you're probably right about it not working. As I said I haven't tested this
specific attack and have no clue if it has any effect.

------
i336_
I can't really see anything in dnet
([https://github.com/dugsong/libdnet](https://github.com/dugsong/libdnet))
that does anything useful with the string "HOST:all|GET:spam"; it appears all
you're functionally doing is spraying data (in the form of that string) at
your NIC PHY.

Still, that's fun to play with! Here's my go.

My router (a flaky Netgear DG834GU I'm definitely upgrading when I get the
chance) does NOT like the following snippet which floods NULs over ICMP (it
took a few seconds for Google to become re-pingable):

    
    
      yes "$(printf '%16s' $'\0')" | pv | sudo socat stdin ip-sendto:$(route -n | \
       sed -n '/^\(0\.\)\{2\}/{s/[^ ]\+ \+\([^ ]\+\).*/\1/;p;q}'):1
    

The call to pipeviewer is only to show I/O rate and can be removed, and the
subshell call to `route' and `sed' is just to fish out the first listed
gateway; you might want to substitute a specific IP address.

IMHO the moral of this post is that it's a testament to socat's power that I
got to the above point with only a few minutes' tinkering; I know nothing
about networking. :D

(Sidenote: `yes`ing different string widths produces wildly different results;
16 bytes produces 1GB/s+ of data on this old box, everything either side of
that is just MB/s. I wonder why?)

~~~
Senji
If you really want to be evil you could just open TCP sessions to random valid
ip addresses. You'll need a custom stack to make it stateless so you can just
"forget" about the TCP sessions. You'll fill the NAT table at some point.

~~~
i336_
I've been meaning to learn more about TCP and IP in general, so that's
actually quite an interesting idea.

Not too practical in real-world use - if the link speed is slow, getting the
connections successfully ESTABLISHED is going to take a few minutes - but the
educational value is certainly noteworthy.

~~~
Senji
Here's the great thing. You create your own or use some one else's stateless
implementation and you can just slam the interface with MBs upon MBs of syn
packets to random ips.

Whenever you get to the next step from any of them you just advance. It's
beautiful.

------
aftbit
Just tested with my X220 generating packets using both this Python script and
i336_'s simpler socat command. Both killed the connection of the X220, but
neither affected other connected hosts (in particular, my X1 Carbon and Nexus
6 were both able to ping Google just fine).

I'm running a TL-WDR3600[1] with OpenWRT.

[1]:
[http://www.amazon.com/dp/B008RV51EE](http://www.amazon.com/dp/B008RV51EE)

------
_cbdev
Kind of off-topic, but since I see it (mis-)used here, I kind of dislike how
the term 'router' has become synonymous with 'SOHO Wifi Access Point / Modem /
Router thingy'...

In most 'professional' settings, all of these things are actually completely
different devices with clear purposes, and this script would actually do
nothing against a router. It might freak out some APs, but that's about it.

~~~
nikisweeting
Yes, this will only affect the AP and not the router. The devices that I
tested it against were consumer home routers that also serve as APs. My title
might be better as 'DoS any home Wifi network with 7 lines of Python and 1
library'.

------
Domenic_S
> 7 lines of Python

...and two libraries. Still cool, but come on

~~~
nikisweeting
Two libraries? It's just dnet, and many systems have it preinstalled, the pip
library is just Python bindings.

~~~
Hello71
reverse runtime deps (RDEPEND) of libdnet: [https://qa-
reports.gentoo.org/output/genrdeps/rindex/dev-lib...](https://qa-
reports.gentoo.org/output/genrdeps/rindex/dev-libs/libdnet)

edit: also, pip isn't a library, it's a package manager.

~~~
nikisweeting
I know pip is not a library haha, I meant the package you install with `pip
install dnet` is just bindings.

