Installing Splunk on a Host Machine and Simulating a DoS Attack Using hping3 from Kali Linux
Saurav ChapagainSince this is my simple home setup, I am using self-managed Splunk, and my attacker machine is Kali VM
After filling in the necessary details, we will download the Splunk file for Windows
The next step is to accept the license agreement and hit the Next button
- In this step, we will assign a username and a password
- After confirming the username and password, we will hit Next and move ahead with the installation procedure.
- After completion of the progress, it will ask you to pop up the login/configuration portal and ask you for the credentials that were supplied during the setup process
- After that, it will take us to the landing page, which looks as below:
- The clear image of the default home page is as below:
- Now we are analyzing the system logs generated in our Windows machine
We will do DOS attack in our Splunk machine using the hping3 command. The command and option used is explained here:
-c : packet count
-d: data size
-s: SYN flag to initiate TCP session
-w: winsize
-p: destination port
–flood: sending packets as fast as possible, wont show replies
–random-source: random source address
Last is the target machine’s IP
- We can see the CPU usage in the target machine is idle before the attack is launched.
- After the target is launched, we can see the CPU utilization rises exponentially
- Before we move forward to the Splunk page, it has to be noted that KALI_DOS is a name given to network monitor. Later, we will be searching under the same monitoring. Here Splunk is monitoring Local Windows Network Monitoring as, we can see it is also highlighted.
- After that, we navigate to the Splunk webpage and check our attack logs. As we can see more than 17 thousand events have occurred already.
- If we further dig into the Splunk page further it has already analysed the attack pattern and provides insight into attacks.
- It is seen that there were around 21.9K events already. We can simply create alert for such patterns and notify them in realtime.
- The alert configuration page has various options to tune accordingly.
For feedback and suggestions, feel free to email me at chapagainsaurav@gmail.com
Subscribe to my newsletter
Read articles from Saurav Chapagain directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Saurav Chapagain
Saurav Chapagain
am a Cybersecurity and Cloud Support Professional with over 9 years of experience in securing IT infrastructure, managing cloud environments, and ensuring compliance with industry standards. My expertise spans security operations, incident response, vulnerability management, and cloud infrastructure management across AWS and Azure platforms. Throughout my career, I’ve successfully: Reduced unauthorized access attempts by 40% through IAM best practices and security hardening. Improved incident response times by 30% by implementing automated SIEM alert triaging systems. Conducted security audits and vulnerability assessments to ensure compliance with HIPAA, HiTrust, and SOC 2 standards. Managed hybrid cloud environments, optimizing security policies and reducing attack surfaces by 50%. I hold two Post Graduate Certificates in Cloud Architecture & Administration (Seneca Polytechnic) and Cybersecurity (Canadore College), along with certifications such as ISC2 Cybersecurity, CompTIA Security+, and Red Hat Certified System Administrator (RHCSA). My technical skills include expertise in tools like Microsoft Sentinel, Splunk, Palo Alto, and scripting with PowerShell and Bash. I am passionate about leveraging my skills to protect organizations from cyber threats and ensure the integrity of their systems and data. I thrive in collaborative environments, working with cross-functional teams to deliver secure and reliable IT solutions. Let’s connect and discuss how I can contribute to your organization’s IT operation and cybersecurity goals!