Nmap Development mailing list archives
Re: Implement the Ndos tool into the next version of Nmap
From: Duarte Silva <duartejcsilva () gmail com>
Date: Fri, 13 Feb 2009 11:16:18 +0000
Hi,
A DoS attack from a single network connection is not enough in a pentesting situation.DoS attacks from a single connection no longer work in the modern
If you could care to read that chapter in what I think to be one of the "Stealing The Network" series book (I didn't click the link you provided), you can read that, ndos as a big flaw, witch is the fact that the user cant spoof its IP address in order to use the many *cool* DoS features in it (resource exhaustion by file request? leaving connections half completed?). Second, ndos isn't a DDoS tool (maybe could be made into one? don't know). You were the one to write,
So, please include the Ndos tool in Nmap. I would greatly appreciate it for education purposes.
And for this, a simple non firewall protected web server on a local lan with a simple SYN packet sender utility will suffice. Once again you would be able to teach the *class* the basics of DoS and demonstrate the results. The hell, even DDoS.
Professor 0110 is my online alias. All hackers white, black or gray should have one.
I can't help myself to wonder why... you choose to use *your* alias to send this message. I'm off to weekend, best regards and have fun, Duarte Sex, 2009-02-13 às 20:49 +1000, Professor 0110 escreveu:
A simple SYN packet senderwould suffice wouldn't? A DoS attack from a single network connection is not enough in a pen testing situation.DoS attacks from a single connection no longer work in the modern digital age matey. Also, who cares if Black Hats misuse it? Black Hats already misuse Nmap, nessus, Metasploit, and about a million other hacker tools around the Internet. It doesn't have to be implemented into Nmap, but I would appreciate a copy of Ndos all the same.And sincerely, why you hide behind *Professor 0110*, come on,educational proposes? Professor 0110 is my online alias. All hackers white, black or gray should have one. Sincerely, Professor 0110 On Fri, Feb 13, 2009 at 8:37 PM, Duarte Silva <duartejcsilva () gmail com>wrote:Hi, Allow me to disagree.countered by tools out there such as Metasploit which basically hands exploits to black hat hackers on a golden plate.Black hat hackers are the ones that make the exploit modules to Metasploit. Not the other way round, they may use Metasploit, but only as a base for rapid prototyping and development of their one exploits. And sincerely, why you hide behind *Professor 0110*, come on, educational proposes? If you wanted to show the *class* how to DoS a server, why don't you do a tool yourself? A simple SYN packet sender would suffice wouldn't? Best regards, saphex Sex, 2009-02-13 às 18:23 +1000, Professor 0110 escreveu:Dear Fyodor and Nmappers , Ever since Fyodor wrote this paper: http://insecure.org/stf/tcp-dos-attack-explained.html I have been intensely interested in his Ndos tool which I hear is a very powerful tool for Denial of Service enumeration. And since Ncat and Ndiff have been integrated into Nmap, why not Ndos? Also, Ndos would be great for pen testing situations where clients want their network stress tested against denial of service attacks. Also, the argument that releasing this tool would aid Black Hat Hackers is countered by tools out there such as Metasploit which basically hands exploits to black hat hackers on a golden plate. So, please include the Ndos tool in Nmap. I would greatly appreciate it for education purposes. Sincerely, Professor 0110 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Attachment:
signature.asc
Description: Esta é uma parte de mensagem assinada digitalmente
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Implement the Ndos tool into the next version of Nmap Professor 0110 (Feb 13)
- Re: Implement the Ndos tool into the next version of Nmap Duarte Silva (Feb 13)
- Re: Implement the Ndos tool into the next version of Nmap Professor 0110 (Feb 13)
- Re: Implement the Ndos tool into the next version of Nmap Duarte Silva (Feb 13)
- Re: Implement the Ndos tool into the next version of Nmap Professor 0110 (Feb 13)
- Re: Implement the Ndos tool into the next version of Nmap Professor 0110 (Feb 13)
- Re: Implement the Ndos tool into the next version of Nmap Duarte Silva (Feb 13)