Re: Controlled DoS

[Dharm Dhwaj Singh <dharm910 () gmail com>]

You can say that monitored/controlled DOS attack.In PenTest Scenarios
it may require more cooperation from client to analyze the resources
which would be impacted from the DOS.
Generally this methodology this used to design defense strategies
against DOS attacks

..Dharm


On Fri, Mar 12, 2010 at 5:25 PM, Adam Mooz <adam.mooz () gmail com> wrote:
> Hey Tibor
>
> A DoS is essentially just overwhelming the capabilities of whatever service you're going after, so for web servers 
> it's initiating a storm of connections, for SMB it can be attempting to login 1,000,000 times per second, etc...  You 
> just keep using the resources until they're exhausted preventing anyone else from using that service.  With that in 
> mind, doing a 'controlled' DoS is possible, just limit how many connections or attempts to exhaust the resources, and 
> increase it until the service breaks.
>
> Hope this helps...
>
> -----------------------------------------------------------------
> Adam Mooz
> Adam.Mooz () gmail com
> http://www.AdamMooz.com
>
> On 2010-03-10, at 6:52 AM, Tibor Kaskoto wrote:
>
> > Respected Members,
> >
> >
> >
> > Is it possible to do a Denial of Service attack in a controlled way, e.g. in
> > a penetration testing scenario? How can you control/limit the possible
> > degradation of the client's services? Can you ask the client to corporate in
> > terms of IDS/IPS alerts, or any sign of service degradation? How can you
> > measure the success of the test if you are actually not allowed to break
> > anything? What is the approach to a 99.99% availability requirement network?
> >
> >
> >
> >
> >
> > Thanks & Regards,
> >
> >
> >
> >
> >
> > Tibor
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> > and CEPT certs require a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------



-- 
Cheers and keep rocking!
- Dharm

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------