RE: Client DDoS requests, ideas?

["Sergio Castro" <sergio.castro () unicin net>]

I've never done it, but I would think you could use a network packet
emulator (Packetstorm comes to mind). Packetstorm claims to be able to
generate data rates of up to 10 Gbps.

- Sergio

-----Mensaje original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En
nombre de Erin Carroll
Enviado el: Lunes, 14 de Julio de 2008 03:44 p.m.
Para: pen-test () securityfocus com
Asunto: Client DDoS requests, ideas?

Pen-testers,

There have been times when, during the course of a pen-test for a client, a
request is made for DoS/DDoS attacks against external systems & services.
While there are resource exhaustion & other attack methods for certain
services/systems, let's assume that Smurf-like attacks aren't viable. I'm
curious for ideas or methods to simulate straight bandwidth DDoS attacks if
the client pipe(s) are larger than your available pipe(s).

It's not like we all have huge botnets in our back pocket... Has anyone
faced this situation before and if so, how did you manage?

--
Erin Carroll
Moderator, SecurityFocus pen-test list

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


__________ NOD32 3266 (20080714) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------