In the past I had to do several DoS security audits, with múltiples types of tests and intensities. Sometimes several DDoS protections were present like Akamai for static content, and Arbor for absorb part of the bandwith.
One consideration for the DoS/DDoS tools is that probably it will loss the control of the attacker host, and the tool at least has to be able to stop automatically with a timeout, but can also implement remote response checks.
In order to size the minimum mbps needed to flood a service or to retard the response in a significant amount of time, the attacker hosts need a bandwith limiter, that increments in a logarithmic way up to a limit agreed with the customer/isp/cpd.
There are DoS tools that doesn't have this timeouts, and bandwith limit based on mbps, for that reason I have to implement a LD_PRELOAD based solution: bwcontrol
Although there are several good tools for stressing web servers and web aplications like apache ab, or other common tools used for pen-testing, but I also wrote a fast web flooder in c++ named wflood.
As expected the most effective for taking down the web server are the slow-loris, slow-read and derivatives, few host were needed to DoS an online banking.
Remote attacks to database and highly dynamic web content were discarded, that could be impacted for sure.
I did another tool in c++ for crafting massive tcp/udp/ip malformed packets, that impacted sometimes on load balancers and firewalls, it was vulcan, it freezed even the firewall client software.
The funny thing was that the common attacks against Akamai hosts, where ineffective, and so does the slow-loris family of attacks, because are common, and the Akamai nginx webservers are well tunned. But when tried vulcan, few intensity was enough to crash Akamai hosts.
Another attack vector for static sites was trying to locate the IP of the customer instead of Akamai, if the customer doesn't use the Akamai Shadow service, it's possible to perform a HTTP Host header scan, and direct the attack to that host bypassing Akamai.
And what about Arbor protection? is good for reducing the flood but there are other kind of attacks, and this protection use to be disabled by default and in local holidays can be a mess.
Read more
- Hacking Tools Windows
- Hacking Tools For Windows
- Hacking Tools Kit
- Hak5 Tools
- Hack Website Online Tool
- Pentest Tools Apk
- Pentest Tools Online
- Hacking Tools For Windows
- Hacker Tools Hardware
- Usb Pentest Tools
- Termux Hacking Tools 2019
- Hacker Tools 2019
- Pentest Tools Apk
- Hack App
- Beginner Hacker Tools
- Hacking Tools For Games
- Hacker Tools Apk
- Pentest Tools Alternative
- Pentest Tools For Mac
- Hacking Tools Hardware
- Hack Tools For Games
- Hacker Tools Linux
- Hackers Toolbox
- Tools Used For Hacking
- What Is Hacking Tools
- Hacker Tools Linux
- Hacking Tools For Games
- Hacker Tools 2019
- New Hack Tools
- Hacker Techniques Tools And Incident Handling
- Pentest Automation Tools
- Hacks And Tools
- Growth Hacker Tools
- Pentest Tools Github
- Wifi Hacker Tools For Windows
- Hacking Tools 2020
- Hack Tools For Windows
- Hacker Tools Mac
- Bluetooth Hacking Tools Kali
- Physical Pentest Tools
- Hack Tools For Pc
- Hacking Tools Kit
- How To Hack
- Hacker Tools For Ios
- Hacker Tools Hardware
- Hacker Tools For Pc
- Hacking Tools 2020
- Hacker Search Tools
- Pentest Reporting Tools
- Hack Tools Mac
- New Hacker Tools
- Hacker Tools 2020
- Bluetooth Hacking Tools Kali
- Pentest Tools Website
- Hacking Tools Windows 10
- Hacker Tools For Mac
- Hacker Tools For Mac
- Hacking Tools Download
- Hack Tools Mac
- Pentest Tools Port Scanner
- Hacking Tools For Kali Linux
- Top Pentest Tools
- World No 1 Hacker Software
- Pentest Tools Open Source
- Bluetooth Hacking Tools Kali
- Underground Hacker Sites
- Hacking Tools For Kali Linux
- Hacker Tools 2020
- Pentest Tools Nmap
- Hack Tools
- Hacking Tools For Beginners
- Hack Tools For Ubuntu
- Hacking Tools For Games
- Hacker Tool Kit
- Tools 4 Hack
- Hacking Tools For Mac
No hay comentarios:
Publicar un comentario