Penetration Testing mailing list archives
Re: DDos within a pentest
From: Christoph Puppe <puppe () hisolutions com>
Date: Tue, 17 May 2005 15:45:27 +0200
Julian Totzek schrieb:
Hi group, within a pentest we trying to offer the possibility of a DDos Foold for our customers. I know there are many tools to do a flood from a single PC, but all of these tools just send as many syn's as the can. Does anybody know a tool where I'm able to limit the bandwidth? I don’t want to get a bandwidth overload, I just want to show that the server is not able to handle all the syn packets.
Try hping with the -i switch you can set the rate of the generated packets. You have to prevent your host from answering RST on the returned SYN-ACK. See "man iptables" for that ;)
An other question is from where would I start such a attack? We only have a 2Mbit line here in the office, so if I need to flood a 10Mbit line there will not be enough packets to do this, right? Maybe there is a provider out there who already offers this service!
For SYN-Floods you don't need to saturate the line. Most OS kann keep about 100-300 Half-Open Connections and have them stay for 10-120 seconds. So you only need a few unanswered SYNs to tie up the half-open stack.
The third question is what will be the side effects if I send packets with spoofed sources? As you all know I don't a answer to my packets, but would it be a DDos to all spoofed sources then? How can you ensure that only the main target is getting flooded?
Don't use other, unrelated persons and providers IP-Numbers. That is rude and script-kiddy style. If you can't controll the sending host, have your firewall discard all traffik to a certain IP and use this address. As you are from Germany, see my article in ix on the topic: http://www.heise.de/ix/artikel/2005/04/107/ -- Mit freundlichen Grüßen Christoph Puppe Security Consultant We secure your business.(TM) _______________________________________________________ HiSolutions AG Phone: +49 30 533289-0 Bouchéstrasse 12 Fax: +49 30 533289-99 D-12435 Berlin Internet: http://www.hisolutions.com _______________________________________________________
Current thread:
- DDos within a pentest Julian Totzek (May 09)
- Re: DDos within a pentest Sels, Roger (May 09)
- Re: DDos within a pentest Thierry Zoller (May 09)
- Re: DDos within a pentest Thierry Zoller (May 11)
- RE: DDos within a pentest Omar Herrera (May 11)
- Re: DDos within a pentest Jose Maria Lopez Hernandez (May 11)
- <Possible follow-ups>
- Re: DDos within a pentest Christoph Puppe (May 17)
- Re: DDos within a pentest Christoph Puppe (May 18)