Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using php to bounce scan

From: thiebaut.adsl () WANADOO FR (Thiebaut)
Date: Sun, 30 Apr 2000 12:26:44 +0200

Matt Rae wrote:

  DDOS with php might be something to look at also.  If it were even possible
  to make a somewhat effective DDOS programs with php, it sure would be easier
  for kidz to rack up the nodes.

  matt

I've thought about that also. I've had problems with portsentry while testing
my script. Actually after 20 attempts (I cound't choose a good interface)
to scan myself (the script was hosted locally), portsentry got down, at least
it didn't seem to respond to anything. So there is "some" DOS condition
(after 20 or 30 scans) with that script. If someone has a bit of time to check
this, I saw it happend only once and didn't conduct anymore tests.
That's the first point.

The second point is with DDOS.
There are various time limitations on for, while, and so on. So the main
problem is that you can (at least I couldn't - but I'm in the "new-hackers"
catagory...)  just put a script in a box a let it run for the night.
This can be defeated with a cronjob, but you need a bit more acces to the
machine you are using than just a web acces.
You could also play with the time to make your script work (ie evry 30 sec) but
don't expect Php to be C ...

I'll try to find somth if I got some time left next week ;-)

Th.
Previous By Date Next
Previous By Thread Next

Current thread: