Penetration Testing mailing list archives
Re: DDos within a pentest
From: Thierry Zoller <Thierry () sniff-em com>
Date: Mon, 9 May 2005 21:12:38 +0200
Dear Julian Totzek, Considering this : JT> I dont want to get a bandwidth overload, I just want JT> to show that the server is not able to handle all the syn packets. I don't understand this : JT> We only have a 2Mbit line here in the office, so if I need to JT> flood a 10Mbit line there will not be enough packets to do this, JT> right? If you send SYN packets to an open port with active services you won't need a 2mbit line to DoS a 10mbit line, except of course your into traffic exhaustion which your first statement however negates. JT> The third question is what will be the side effects if I send JT> packets with spoofed sources? If the spoofed sources exist they will be flooded with SYN+ACKS or FIN packets from the host you attack. You might one to choose to spoof an IP which isn't alive. JT> As you all know I don't a answer to JT> my packets, but would it be a DDos to all spoofed sources then? Depends on how often you change the decoys (spoofed ingress addresses) JT> How can you ensure that only the main target is getting flooded? Testen testen testen. -- Thierry Zoller mailto:Thierry () sniff-em com
Current thread:
- DDos within a pentest Julian Totzek (May 09)
- Re: DDos within a pentest Sels, Roger (May 09)
- Re: DDos within a pentest Thierry Zoller (May 09)
- Re: DDos within a pentest Thierry Zoller (May 11)
- RE: DDos within a pentest Omar Herrera (May 11)
- Re: DDos within a pentest Jose Maria Lopez Hernandez (May 11)
- <Possible follow-ups>
- Re: DDos within a pentest Christoph Puppe (May 17)
- Re: DDos within a pentest Christoph Puppe (May 18)