Penetration Testing mailing list archives
Re: DoS test on specific TCP Port
From: "Shankar Arjunan" <shankar.arjunan () gmail com>
Date: Tue, 21 Jul 2009 17:17:40 +1000
Hi Benjamin / All, Thank you all for the responses.It is for an inhouse application which is going to be live soon, before going live thought of doing a stress test on specific port for DoS type attacks and see the outcomes.
I will use hping and do a test. Regards Shankar----- Original Message ----- From: "Benjamin Greenfield" <bcg () struxural com>
To: <shankar.arjunan () gmail com> Cc: <pen-test () securityfocus com> Sent: Saturday, July 18, 2009 5:56 AM Subject: Re: DoS test on specific TCP Port You can try using hping3 to send out all sorts of traffic in all kinds of different frequencies and bursts. However, the first thing you should do is verify with your client that they consent to you trying a DoS attack. Depending on application / service / OS is connected to that port there may be particular vulnerabilities and / or exploits that result in DoS conditions as well. As far as determining the effectiveness of the attack, you'd need to log all the incoming responses and evaluate them I suppose. I would expect subtle differences would account for things like an IPS blacklisting your IP versus the host actually going offline or slowing due to load, and depending on the specifics it may not actually be possible to determine what precisely occurred target-side happened. Seriously, verify that the client wants you to test a DoS first though... On Thu, Jul 16, 2009 at 9:18 PM, <shankar.arjunan () gmail com> wrote:
Dear All,I am performing a pentest on server, can anyone tell me if there is any script or tool or a method available to test a specific TCP port (eg: 1310) for server load test by doing DoS/DDoS type attacks. This is to check how the server responds for attack on specific port, any possibilities of server going down or to check any degrade of performance.Please advice. Regards Shankar ------------------------------------------------------------------------This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- DoS test on specific TCP Port shankar . arjunan (Jul 17)
- Re: DoS test on specific TCP Port Benjamin Greenfield (Jul 17)
- Re: DoS test on specific TCP Port Shankar Arjunan (Jul 21)
- Re: DoS test on specific TCP Port R. DuFresne (Jul 22)
- RE: DoS test on specific TCP Port Wong Yu Liang (Jul 22)
- Re: DoS test on specific TCP Port Shankar Arjunan (Jul 21)
- Re: DoS test on specific TCP Port Shawn Merdinger (Jul 21)
- <Possible follow-ups>
- RE: DoS test on specific TCP Port Shenk, Jerry A (Jul 17)
- Re: DoS test on specific TCP Port Benjamin Greenfield (Jul 17)