Penetration Testing mailing list archives
RE: DDos within a pentest
From: Omar Herrera <oherrera () prodigy net mx>
Date: Mon, 09 May 2005 19:16:12 -0500
Hi Julian, These kinds of tests are delicate. I understand that you would like to show customers the impact, but there are some problems: * Unless you control all devices (or at least have written permission to perform this test on them) between your machines and the ones from you client, you might be DoSing a third party (e.g. a router of the ISP of your client is unable to handle the attack and goes down). * Even if you control bandwidth things fail (i.e. payload could trigger a DoS, not necessarily a certain amount of packets) * A third party might just get angry to see this activity on his equipment, even if you cause not harm, you will still use some bandwidth (with dubious intent, from their point of view), and they could go after you. So, the main problem here is: dealing with third parties. My suggestion therefore is to avoid them. You can do a couple of things: a) Work with your client to get your machines plugged into their perimeter routers, which will give you the ability to perform a controlled (D)DoS with almost no deviation from a real test. b) Do it in their internal network, in a controlled environment. One option or the other would be more interesting to each company, depending on their business process (e.g. e-commerce sites might prefer a), while a manufacture company might prefer b) ). For your last question, it all depends how your client configured their routers/firewalls. If they answer all requests, then you could DoS the legitimate user of the spoofed address, otherwise no. It also depends on whether you rotate the source (spoofed) address; in this case only a couple of packets might be sent to the spoofed addresses, if any. I hope this helps, Omar Herrera
-----Original Message----- From: Julian Totzek [mailto:julian.totzek () bristol de] Sent: Friday, May 06, 2005 2:44 AM To: pen-test () securityfocus com Subject: DDos within a pentest Hi group, within a pentest we trying to offer the possibility of a DDos Foold for our customers. I know there are many tools to do a flood from a single PC, but all of these tools just send as many syn's as the can. Does anybody know a tool where I'm able to limit the bandwidth? I don’t want to get a bandwidth overload, I just want to show that the server is not able to handle all the syn packets. An other question is from where would I start such a attack? We only have a 2Mbit line here in the office, so if I need to flood a 10Mbit line there will not be enough packets to do this, right? Maybe there is a provider out there who already offers this service! The third question is what will be the side effects if I send packets with spoofed sources? As you all know I don't a answer to my packets, but would it be a DDos to all spoofed sources then? How can you ensure that only the main target is getting flooded? Best regards Julian Totzek THE BRISTOL GROUP Deutschland GmbH Robert-Bosch-Straße 11 63225 Langen Telefon +49 (0) 6103 20 55 300 Telefax +49 (0) 6103 70 27 87 Emergency Phone 0190/858 979 000 (1,86€/min) julian.totzek () bristol de www.bristol.de HTTPS, HTTP, SMTP, IMAP, POP3 und FTP Kostenloser 14-Tage-Test einer CP Secure Antivirus Appliance http://www.bristol.de/testing.htm
Current thread:
- DDos within a pentest Julian Totzek (May 09)
- Re: DDos within a pentest Sels, Roger (May 09)
- Re: DDos within a pentest Thierry Zoller (May 09)
- Re: DDos within a pentest Thierry Zoller (May 11)
- RE: DDos within a pentest Omar Herrera (May 11)
- Re: DDos within a pentest Jose Maria Lopez Hernandez (May 11)
- <Possible follow-ups>
- Re: DDos within a pentest Christoph Puppe (May 17)
- Re: DDos within a pentest Christoph Puppe (May 18)