Penetration Testing mailing list archives
Re: Client DDoS requests, ideas?
From: Jon Kibler <Jon.Kibler () aset com>
Date: Mon, 14 Jul 2008 17:24:05 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Erin Carroll wrote:
Pen-testers, There have been times when, during the course of a pen-test for a client, a request is made for DoS/DDoS attacks against external systems & services. While there are resource exhaustion & other attack methods for certain services/systems, let's assume that Smurf-like attacks aren't viable. I'm curious for ideas or methods to simulate straight bandwidth DDoS attacks if the client pipe(s) are larger than your available pipe(s). It's not like we all have huge botnets in our back pocket... Has anyone faced this situation before and if so, how did you manage?
Hi, What services (e.g., IIS x.x, BIND v.e.r)? What network infrastructure devices (e.g., Cisco xxxx w/ IOS yy.zz)? What O/Ses / versions? There are a number of protocol and device specific attacks where a single to a few hosts with not much bandwidth can successful DoS a system on a much larger pipe. Attacks are not available for every environment, but there is usually just enough of a range of equipment and services on most network to make a DoS attack against something on a target network possible. What to look for? Fragmentation attacks (e.g., jolt) Amplification attacks (e.g., DNS: request a VERY large TXT record) Protocol attacks (e.g., LAND) Application attacks (e.g., SQL Injection 'shutdown with nowait') Where to look? PacketStorm Milw0rm Just some starters. Give some specifics and I can be more specific. Hope this helps! Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkh7w/UACgkQUVxQRc85QlMaMgCbBaDXBsHRXuuT0FcD+VwRJ5Kv V3oAoIAj5YGL4IuEKWc0hhoWNuH7Du+k =UwvL -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Client DDoS requests, ideas? Erin Carroll (Jul 14)
- Re: Client DDoS requests, ideas? Jon Kibler (Jul 14)
- Re: Client DDoS requests, ideas? Erin Carroll (Jul 14)
- Re: Client DDoS requests, ideas? Jon Kibler (Jul 14)
- Re: Client DDoS requests, ideas? Erin Carroll (Jul 14)
- RE: Client DDoS requests, ideas? Sergio Castro (Jul 14)
- Message not available
- Re: Client DDoS requests, ideas? Erin Carroll (Jul 14)
- RE: Client DDoS requests, ideas? Sergio Castro (Jul 14)
- Re: Client DDoS requests, ideas? Roland Dobbins (Jul 14)
- Re: Client DDoS requests, ideas? Erin Carroll (Jul 14)
- Re: Client DDoS requests, ideas? Jon Kibler (Jul 14)