Re: DDos within a pentest

From: Jose Maria Lopez Hernandez (jkerouac@bgsec.com)
Date: Tue May 10 2005 - 04:44:08 EDT

• Next message: Nacho: "how effective are SPF records for preventing identity theft?"
• Previous message: Joachim Schipper: "Re: Filtering email headers generated from internal network (Sensible?)"
• In reply to: Julian Totzek: "DDos within a pentest"
• Next in thread: Christoph Puppe: "Re: DDos within a pentest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

El vie, 06-05-2005 a las 09:44 +0200, Julian Totzek escribió:
> Hi group,
>
> within a pentest we trying to offer the possibility of a DDos Foold for our customers. I know there are many tools to do a flood from a single PC, but all of these tools just send as many syn's as the can. Does anybody know a tool where I'm able to limit the bandwidth? I don’t want to get a bandwidth overload, I just want to show that the server is not able to handle all the syn packets.
>
> An other question is from where would I start such a attack? We only have a 2Mbit line here in the office, so if I need to flood a 10Mbit line there will not be enough packets to do this, right? Maybe there is a provider out there who already offers this service!
>
> The third question is what will be the side effects if I send packets with spoofed sources? As you all know I don't a answer to my packets, but would it be a DDos to all spoofed sources then? How can you ensure that only the main target is getting flooded?
>
>
> Best regards
>
> Julian Totzek
>
> THE BRISTOL GROUP Deutschland GmbH
> Robert-Bosch-Straße 11
> 63225 Langen
> Telefon +49 (0) 6103 20 55 300
> Telefax +49 (0) 6103 70 27 87
> Emergency Phone 0190/858 979 000 (1,86€/min)
> julian.totzek@bristol.de
> www.bristol.de
>
>
> HTTPS, HTTP, SMTP, IMAP, POP3 und FTP
> Kostenloser 14-Tage-Test einer CP Secure Antivirus Appliance
> http://www.bristol.de/testing.htm
>

A good way to simulate a Ddos attack, and above all if you care about
an overwhelming amount of SYN connections, is to install a P2P client
in the target machine. You just put a lot (30 or 40) of the most popular
files in the queue, configure the P2P to have a lot of sources for each
file, and you are done... thousands of machines will make connections
to you and from you. It's a poor man Ddos tool.

I've been working a lot to block the P2P's in the enterprise, and now
I have found they are useful for something. That's odd...

Regards.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"

• Next message: Nacho: "how effective are SPF records for preventing identity theft?"
• Previous message: Joachim Schipper: "Re: Filtering email headers generated from internal network (Sensible?)"
• In reply to: Julian Totzek: "DDos within a pentest"
• Next in thread: Christoph Puppe: "Re: DDos within a pentest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:20 EDT