Denial of Service attack on an Apache Server
Credits : Xin Bi, Ahmet Miles Putun, Stephen D’Amico, John Di Spirito
Note: The concepts and implementations that are being used in this documentation assume that readers have some background knowledge in communication networks and/or computer security.
Abstract:
We have implemented a denial of service attack on an Apache server that was set up using a Raspberry Pi 4. In class, we discussed DoS attacks multiple times and how they are used to shutdown/block servers, creating problems for the server’s intended users. The main idea behind our project is that we have implemented python code that connects to our apache server by utilizing sockets. Once we have successfully made these connections we begin sending data in a way that overloads the server and makes it temporarily unavailable for other users. Our implementation of the DOS attack in python successfully overloads our apache server in such a way that any new connections attempting to reach the server take an abnormally long time to successfully connect. By running the attack multiple times while varying the number of sockets that connect to the Apache server, we were able to get a better understanding of the relationship between socket connections and connection time. Depending on the number of sockets we choose to use we can increase the time taken to connect to our server from .227 seconds using just 1 socket all the way to 80.913 seconds using 750 sockets, which is a 35,544.5% increase in time taken to successfully connect to the server.
Interesting Aspects:
Through this project, our group was able to get some hands-on experience working with network programming, primarily through the use of sockets. Each of us has heard about infamous DoS attacks on the news, such as the attack on Amazon in 2020, so it was interesting to truly understand what happened in these instances. We also incorporated the RSA algorithm into the project, by using the algorithm to encrypt our data before it was sent to the server.
Salient Results:
We ran a multitude of different tests each time changing the number of sockets used by our python program to connect to our apache server. The tests we included varied the number of sockets from 10, 50, 100, 500, and 750. Each time we increased the number of sockets it took longer and longer to connect to our apache server successfully. Effectively denying service to the intended clients by consuming the server's resources with our connections from the python program, we accomplish this by making the server busy wait for meaningless data while intended clients are left waiting on the outside. Normally connecting to the server would be almost instant but in our test with 750 sockets we were able to increase the connection time all the way to 80.913 seconds.
Project Overview
The objective for our project was to implement a DoS attack on a simple Apache server. The Apache server was placed on a Raspberry Pi 4 so that it could be on it’s own computer. The attack was then run off of a group member’s laptop. By creating connections to the server using sockets and keeping these connections open by sending a small amount of data every so often, we were able to observe how this could affect other users. Primarily, our idea was that by varying the amount of meaningless connections (sockets) to the Apache server, we could see how this would affect the response time of the server to handle a get request from an actual intended user. We predicted that the more connections/sockets that were connected to the server, the longer the time it would take for an intended user to connect to the server due to the server’s resources being exhausted.
We utilized multiple technologies/software libraries in this project implementation. The Apache server used was a simple web server that is able to handle HTTP requests, such as get and post. The server is able to serve multiple users at a time, which was crucial to our project.
Two Python libraries were crucial to our project. The first was the “socket” library. This allowed us to create connections to a server by specifying a port and IP Address, which we were able to find using Linux command on the Raspberry Pi terminal. This library also contained methods for sending data to the server in the form of bytes. The sockets that we created were TCP connections instead of UDP, which was important because TCP establishes a connection between server and client while UDP is connectionless. The second important library that we used was “urllib.request”. This allowed us to open a connection to the Apache server by using the IP Address of the server. By using this in combination with Python’s time library, we were able to create a script that recorded the amount of time it took to connect to the server.
In order to understand the steps that are going to be displayed soon, please familiarize yourself with the main code, misc.py, in the github repository provided, so that you are clear with our follow ups.
https://github.com/sdamico23/CMPEN462-FinalProject-Group12
The initial connection time test was done without any extra socket connections from the program, and as the screenshot demonstrates, the website loaded in under a quarter of a second.
Next we created ten artificial socket connections with our program and they showed up on the Raspberry Pi through calling the “ss -s” command, which displays all the socket statistics for the machine, it shows that 10 TCP connections have been established. The connection now takes over four and a half seconds to be established.
Next, fifty sockets were established, and that pushed the connection time to four and three quarter seconds.
The next test was one hundred sockets, and the connection now takes almost five seconds.
The next test was conducted with five hundred sockets, and the performance of the server has been severely impacted, and it now takes 50 seconds to load the webpage.
Finally, the last test was conducted with seven hundred and fifty sockets, and the time has been further increased to 80 seconds. Interestingly, the amount of TCP connections on the Raspberry Pi never exceeded 665, and we believe this is a mechanism native to the Raspberry Pi or the Apache HTTP Server as a protection mechanism to shield itself from such attacks.
Summary
As we mentioned before, the outcome of this project was determined under the relationship between the number of sockets that are utilized during the connection and their connection time interval. Along with the results that we have obtained through our testing, we can confidently assert that by varying the number of sockets that connect to the Apache server and testing it by increasing the number of sockets, we were able to deny the service to its intended users successfully. Although this lasted for a limited amount of time until the server dropped the connection, we effectively used the server’s resources with our meaningless requests and made it become unavailable on the web.
Project References
- DOS Attack Python: https://medium.com/@joel.barmettler/denial-of-service-attacks-do-not-always-have-to-flood-the-server-with-requests-to-make-him-shut-c630e59b731e
- Apache server on Raspberry Pi: https://magpi.raspberrypi.org/articles/apache-web-server
- RSA Algorithm help: https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29#Key_generation
- RSA Algorithm help: https://www.kite.com/python/answers/how-to-convert-letters-to-numbers-in-python
- Figure 1: https://magpi.raspberrypi.org/articles/apache-web-server
- Figure 2: https://www.studiopieters.nl/raspberry-pi-apache-web-server-part-ii/
