The "D" in DDoS stands for "distributed". Using one interface to flood packets is not distributed.

also, the "any" wifi network is misleading since you have to be connected to the the wifi network which for most networks implies knowing the password.

Not necessarily, if you know the channel you can create a network on the same channel and then flood that one with noise. It should cause a bunch of packet collisions and retransmits which would slow down the victim network. Haven't tested this yet, so this is pure conjecture, I don't actually know if this style of attack works. If someone does try it please do post back.

That's not how wifi works you better off buying a cheap sdr and just transmit actual noise.

You're right, my mistake. You could use the node tools in my mesh networking package to set up a distributed network that could DDoS a network though...

What!? Also what is your test target because this will do absolutely nothing to most wifi networks.

Just to clarify, what I mean by 'set up a distributed network' is just run a botnet using https://github.com/pirate/python-medusa/, that will let you run this little script on multiple computers all connected to the same Wifi.

That's not a mesh network its a bunch of clients connected to a single ap.

maybe they're chirping at each other!

I've tested it with a Linksys WRT54G, a Cisco router that I cant read the serial # on, and an Apple Airport Express. What router are you having trouble with?

Asus ac87u, just to be sure did you check it with another client because sending random junk to random targets will do absolutely squat to modern Wifi routers. That however will definitely could kill your own interface or make the ap boot you for misbehaving.

With all 3 networks I tested it with (<20 clients each), it prevented other connected clients from sending/receiving packets while the flood was running. I will try it at my office next week and report back if it works with more powerful corporate APs.

I can't really see anything in dnet (https://github.com/dugsong/libdnet) that does anything useful with the string "HOST:all|GET:spam"; it appears all you're functionally doing is spraying data (in the form of that string) at your NIC PHY.

Still, that's fun to play with! Here's my go.

My router (a flaky Netgear DG834GU I'm definitely upgrading when I get the chance) does NOT like the following snippet which floods NULs over ICMP (it took a few seconds for Google to become re-pingable):

  yes "$(printf '%16s' $'\0')" | pv | sudo socat stdin ip-sendto:$(route -n | \
   sed -n '/^\(0\.\)\{2\}/{s/[^ ]\+ \+\([^ ]\+\).*/\1/;p;q}'):1

The call to pipeviewer is only to show I/O rate and can be removed, and the subshell call to `route' and `sed' is just to fish out the first listed gateway; you might want to substitute a specific IP address.

IMHO the moral of this post is that it's a testament to socat's power that I got to the above point with only a few minutes' tinkering; I know nothing about networking. :D

(Sidenote: `yes`ing different string widths produces wildly different results; 16 bytes produces 1GB/s+ of data on this old box, everything either side of that is just MB/s. I wonder why?)

This is really cool! I'll re-implement this in C or Python this weekend if I have some time.

If you really want to be evil you could just open TCP sessions to random valid ip addresses. You'll need a custom stack to make it stateless so you can just "forget" about the TCP sessions. You'll fill the NAT table at some point.

I've been meaning to learn more about TCP and IP in general, so that's actually quite an interesting idea.

Not too practical in real-world use - if the link speed is slow, getting the connections successfully ESTABLISHED is going to take a few minutes - but the educational value is certainly noteworthy.

Here's the great thing. You create your own or use some one else's stateless implementation and you can just slam the interface with MBs upon MBs of syn packets to random ips.

Whenever you get to the next step from any of them you just advance. It's beautiful.

Just tested with my X220 generating packets using both this Python script and i336_'s simpler socat command. Both killed the connection of the X220, but neither affected other connected hosts (in particular, my X1 Carbon and Nexus 6 were both able to ping Google just fine).

I'm running a TL-WDR3600[1] with OpenWRT.

[1]: http://www.amazon.com/dp/B008RV51EE

Kind of off-topic, but since I see it (mis-)used here, I kind of dislike how the term 'router' has become synonymous with 'SOHO Wifi Access Point / Modem / Router thingy'...

In most 'professional' settings, all of these things are actually completely different devices with clear purposes, and this script would actually do nothing against a router. It might freak out some APs, but that's about it.

Yes, this will only affect the AP and not the router. The devices that I tested it against were consumer home routers that also serve as APs. My title might be better as 'DoS any home Wifi network with 7 lines of Python and 1 library'.

> 7 lines of Python

...and two libraries. Still cool, but come on

Two libraries? It's just dnet, and many systems have it preinstalled, the pip library is just Python bindings.

reverse runtime deps (RDEPEND) of libdnet: https://qa-reports.gentoo.org/output/genrdeps/rindex/dev-lib...

edit: also, pip isn't a library, it's a package manager.

I know pip is not a library haha, I meant the package you install with `pip install dnet` is just bindings.

What am I looking at here? I found a libdnet dependency list, it doesn't seem to include any of these: http://braumeister.org/formula/libdnet