Nmap Development mailing list archives
NSE script for web infrastructure testing
From: Michael Pattrick <mpattrick () rhinovirus org>
Date: Wed, 25 Mar 2009 00:31:41 -0400
Last night I wrote a small script to test how well a target HTTP server can handle load. This script starts off by flooding a server with SYN packets, and then proceeds to respond to every SYN-ACK it sniffs with an ACK and then an HTTP GET. Thus simulating thousands of concurrent connections. Apache usually hits the MaxClients limit after a few seconds. Because I use raw sockets, you have to apply a firewall rule to prevent your operating system from interfering with this script, the following iptables rule should do the trick: iptables -A OUTPUT --dst <target> --protocol tcp --tcp-flags RST RST -j DROP This script is pretty rough and it technically never exits, I plan on fixing all the warts later. I may even add support for other protocols if anyone is interested in this. I made some small changes to packet.lua and nse_nmaplib.cc to make things easier for me, if these changes are totally off the mark I can easily write most of them out. Cheers, Michael Pattrick https://www.rhinovirus.org/math
Attachment:
ndos.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSE script for web infrastructure testing Michael Pattrick (Mar 24)