Penetration Testing mailing list archives
Re: Controlled DoS
From: Dharm Dhwaj Singh <dharm910 () gmail com>
Date: Tue, 16 Mar 2010 10:55:01 +0300
You can say that monitored/controlled DOS attack.In PenTest Scenarios it may require more cooperation from client to analyze the resources which would be impacted from the DOS. Generally this methodology this used to design defense strategies against DOS attacks ..Dharm On Fri, Mar 12, 2010 at 5:25 PM, Adam Mooz <adam.mooz () gmail com> wrote:
Hey Tibor A DoS is essentially just overwhelming the capabilities of whatever service you're going after, so for web servers it's initiating a storm of connections, for SMB it can be attempting to login 1,000,000 times per second, etc... You just keep using the resources until they're exhausted preventing anyone else from using that service. With that in mind, doing a 'controlled' DoS is possible, just limit how many connections or attempts to exhaust the resources, and increase it until the service breaks. Hope this helps... ----------------------------------------------------------------- Adam Mooz Adam.Mooz () gmail com http://www.AdamMooz.com On 2010-03-10, at 6:52 AM, Tibor Kaskoto wrote:Respected Members, Is it possible to do a Denial of Service attack in a controlled way, e.g. in a penetration testing scenario? How can you control/limit the possible degradation of the client's services? Can you ask the client to corporate in terms of IDS/IPS alerts, or any sign of service degradation? How can you measure the success of the test if you are actually not allowed to break anything? What is the approach to a 99.99% availability requirement network? Thanks & Regards, Tibor ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- Cheers and keep rocking! - Dharm ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Controlled DoS Tibor Kaskoto (Mar 11)
- Re: Controlled DoS Adam Mooz (Mar 15)
- Re: Controlled DoS Dharm Dhwaj Singh (Mar 18)
- Re: Controlled DoS Christine Kronberg (Mar 23)
- Re: Controlled DoS Adam Mooz (Mar 15)