Penetration Testing mailing list archives

Re: DDos within a pentest

From: Christoph Puppe <puppe () hisolutions com>
Date: Tue, 17 May 2005 15:45:27 +0200

Julian Totzek schrieb:

Hi group,

within a pentest we trying to offer the possibility of a DDos Foold for
our customers. I know there are many tools to do a flood from a single
PC, but all of these tools just send as many syn's as the can. Does
anybody know a tool where I'm able to limit the bandwidth? I don’t want
to get a bandwidth overload, I just want to show that the server is not
able to handle all the syn packets.


Try hping with the -i switch you can set the rate of the generated packets.
You have to prevent your host from answering RST on the returned SYN-ACK.
See "man iptables" for that ;)

An other question is from where would I start such a attack? We only
have a 2Mbit line here in the office, so if I need to flood a 10Mbit
line there will not be enough packets to do this, right? Maybe there is
a provider out there who already offers this service!


For SYN-Floods you don't need to saturate the line. Most OS kann keep about
100-300 Half-Open Connections and have them stay for 10-120 seconds. So you
only need a few unanswered SYNs to tie up the half-open stack.

The third question is what will be the side effects if I send packets
with spoofed sources? As you all know I don't a answer to my packets,
but would it be a DDos to all spoofed sources then? How can you ensure
that only the main target is getting flooded?


Don't use other, unrelated persons and providers IP-Numbers. That is rude
and script-kiddy style. If you can't controll the sending host, have your
firewall discard all traffik to a certain IP and use this address.

As you are from Germany, see my article in ix on the topic:
http://www.heise.de/ix/artikel/2005/04/107/

-- 
Mit freundlichen Grüßen

Christoph Puppe
Security Consultant


We secure your business.(TM)
_______________________________________________________

HiSolutions AG     Phone:    +49 30 533289-0
Bouchéstrasse 12   Fax:      +49 30 533289-99
D-12435 Berlin     Internet: http://www.hisolutions.com
_______________________________________________________

Current thread:

DDos within a pentest Julian Totzek (May 09)
- Re: DDos within a pentest Sels, Roger (May 09)
- Re: DDos within a pentest Thierry Zoller (May 09)
  - Re: DDos within a pentest Thierry Zoller (May 11)
- RE: DDos within a pentest Omar Herrera (May 11)
- Re: DDos within a pentest Jose Maria Lopez Hernandez (May 11)
- <Possible follow-ups>
- Re: DDos within a pentest Christoph Puppe (May 17)
- Re: DDos within a pentest Christoph Puppe (May 18)