Setting the scene!
Before you commence this <1h microcourse - you need to be aware that Cisco Packet Tracer is free, free for everyone - students, teachers and of course education establishments.
You will need to download/install this before you commence. Cisco offer this via ...
Versions exist for Windows, Linux and the Mac.
Andrew Smith - from the Open University Cisco Academy Support Centre (OUCisco) has created this ad-hoc resource for everyone. He will refer to teachers and students separately as this activity can be accomplished both online and in the classroom.
Above is a brief introduction from Andrew Smith ... it is under 30 seconds ... please take the time to watch this and then scroll onwards.
Getting started!
We will assume that you have a recent version of Packet Tracer installed - this should work with all versions. However, the later the version - the better the experience. As shared in getting started (scroll up) - anyone can obtain and install packet tracer for free.
By default, Cisco Packet Tracer requires you to login to NetAcad - this is essential if you wish to save this activity at any time. Be careful, the login is case fussy.
You may notice some minor differences in appearance. Everything being demonstrated, was created using v7.2.2
First you will be greeted with a blank canvas - soon, this will be full of multiple PC's - however you are going to need to build a simple switched network.
We are going to emulate a BotNet - a tool commonly used by cybercriminals to orchestrate a DDOS attack. Each device on a BotNet is known as a Zombie.
Here, we added 10 switches, from 0 to 9. Each Switch has 24 ports. Giving us the potential to add 200+ Zombies to our BotNet.
Note for teachers - we are not simply exploring a DDOS attack - at each stage, a relevant networking technology will also be introduced. We advise that both you and your students (hello students) explore Spanning Tree Protocol and Dijkstra's Algorithm
First, lets create a victim
In Packet Tracer - we have PC's (personal computers) in real life it is often these devices that are infected with Malware to ensure that they become Zombies on a BotNet.
Once a BotNet is activated, each Zombie is primed to send a little traffic. For this device, this isn't an issue - however, for the victim - 100's of devices all sending traffic can become a major issue.
This means, that you are going to need to create a victim as well as a probe (to observe how the victim is coping).
As you can see, adding two PC's is easy - remember this, as you are soon going to be adding a lot (lot) more.
Now, we need to both 'name' and 'address' both the victim and the probe.
The addressing makes sense, when you learning subnetting and how IPv4 addresses work. A little something for your teachers to expand on. Here for simplicity - the victim has the first available address of 10.0.0.1 and the probe is using the last address of 10.255.255.254.
As there are 16,777,214 addresses available in this network segment (now your teachers are going to show you binary again) and 200+ ports we have plenty of scope available.
Let's get our probe, checking the victim!
A classic command is ping - it is designed to send specific ICMP packets (internet control messaging protocol) between devices on a network to check connectivity.
In the next video - you are going to send from probe to victim a continuous (no timeout) ping. The purpose of this is to establish a connection and explore the impact of a DDOS attack from the zombie BotNet. Eventually, we will see this connection struggle and hopefully fail.
Do not forget ... ctrl+c will kill the command at any time. You will need to set up ... ping -t 10.0.0.1 from probe - to send continous traffic to victim.
Note for teachers - all versions of ping on all operating systems have equivalents of the -t option - you may also discover that you can also set packet size and other parameters on a 'real' system. However this luxury does not exist within Packet Tracer. As a bonus - also consider using the Sniffer within Packet Tracer or Wireshark on a live network to explore the contents of an ICMP packet.
Now, let's build the BotNet!
The challenge is ... keep adding PC's, keep upping the IP address by one and then pinging the Victim (ping -t 10.0.0.1)
You can see from the video below, you need to be systematic. Otherwise, it will not work.
As the system grows, the performance of Victim will degrade as the machine load is increasing and the bandwidth decreasing.
As you can see from the image above, we added a DHCP server to save a little bit of typing ... however the work is yours to accomplish. You can either build this network from scratch or use our template created on v7.2.2.
Remember: keep adding PC's, Keep incrementing the IP addresses, one at a time.
Keep plugging at it ...
Now it is for you to keep plugging at it - how many devices does it take in your hand crafted BotNet to bring the Victim to its knees.
The aim is to create continual request time out messages via the ping command on the probe command prompt screen.
For added interest, while you are doing this - go to the Victim command prompt (you know how) and enter 'arp -a' the command between the single quotes.
What did this do? - Why did it list what it listed?
Tweet us at @OUCisco to let us know how many it took for you to defeat the Victim and create continual request time out messages on the probe command prompt.
The OU Cisco team would like to thank David Anderson for giving us the seed of an idea.
Credits:
Created with images by sik-life - "anonymous hacker network" • MustangJoe - "stage curtain theatre" • Oxa Roxa - "untitled image" • Braden Collum - "Relay runner" • Glenn Carstens-Peters - "If you feel the desire to write a book, what would it be about?" • JOHN TOWNER - "Telescope overlooking Paris" • Craig Sybert - "Toy robots at a collectible toy store in Mt. Airy, MD" • Neven Krcmarek - "untitled image"