In the past I had to do several DoS security audits, with múltiples types of tests and intensities. Sometimes several DDoS protections were present like Akamai for static content, and Arbor for absorb part of the bandwith.
One consideration for the DoS/DDoS tools is that probably it will loss the control of the attacker host, and the tool at least has to be able to stop automatically with a timeout, but can also implement remote response checks.
In order to size the minimum mbps needed to flood a service or to retard the response in a significant amount of time, the attacker hosts need a bandwith limiter, that increments in a logarithmic way up to a limit agreed with the customer/isp/cpd.
There are DoS tools that doesn't have this timeouts, and bandwith limit based on mbps, for that reason I have to implement a LD_PRELOAD based solution: bwcontrol
Although there are several good tools for stressing web servers and web aplications like apache ab, or other common tools used for pen-testing, but I also wrote a fast web flooder in c++ named wflood.
As expected the most effective for taking down the web server are the slow-loris, slow-read and derivatives, few host were needed to DoS an online banking.
Remote attacks to database and highly dynamic web content were discarded, that could be impacted for sure.
I did another tool in c++ for crafting massive tcp/udp/ip malformed packets, that impacted sometimes on load balancers and firewalls, it was vulcan, it freezed even the firewall client software.
The funny thing was that the common attacks against Akamai hosts, where ineffective, and so does the slow-loris family of attacks, because are common, and the Akamai nginx webservers are well tunned. But when tried vulcan, few intensity was enough to crash Akamai hosts.
Another attack vector for static sites was trying to locate the IP of the customer instead of Akamai, if the customer doesn't use the Akamai Shadow service, it's possible to perform a HTTP Host header scan, and direct the attack to that host bypassing Akamai.
And what about Arbor protection? is good for reducing the flood but there are other kind of attacks, and this protection use to be disabled by default and in local holidays can be a mess.
Related articles
- Best Hacking Tools 2020
- Hacking Tools For Games
- Hack Tools For Games
- Hacking Tools For Beginners
- Hacker Tools Linux
- Growth Hacker Tools
- Hack Tools For Games
- Pentest Reporting Tools
- Hack Tools Mac
- New Hacker Tools
- Termux Hacking Tools 2019
- Hack Tools Online
- Pentest Tools Apk
- Pentest Tools Review
- Hacking Tools For Windows 7
- Pentest Tools For Android
- Pentest Tools For Ubuntu
- Hacker Search Tools
- Pentest Tools List
- Nsa Hacker Tools
- Hacking Tools Github
- Hack Tools For Ubuntu
- Hack Apps
- Hacker Techniques Tools And Incident Handling
- Hack Tools For Pc
- Hack Tools Download
- Bluetooth Hacking Tools Kali
- Hacking Tools For Mac
- Pentest Tools For Windows
- Pentest Tools For Mac
- Pentest Tools Review
- Hacking Tools For Windows
- What Are Hacking Tools
- Hacker Security Tools
- Pentest Tools Subdomain
- Hacking Tools For Kali Linux
- Hack Tools Github
- Hacking Tools Free Download
- Hack Tools For Games
- Hacker Tools For Pc
- Pentest Tools Kali Linux
- Hacks And Tools
- New Hacker Tools
- Pentest Tools Android
- Hacking Tools And Software
- Blackhat Hacker Tools
- Hack Tool Apk No Root
- Bluetooth Hacking Tools Kali
- Tools 4 Hack
- Hacking Tools Name
- Hacking Tools For Windows
- Pentest Tools Url Fuzzer
- Pentest Tools Online
- Pentest Tools Framework
- Hack Tools Mac
- Hacking Tools Windows
- Hack Tools
- Hacker Tools For Mac
- Ethical Hacker Tools
- Hacking Tools And Software
- Hack Tools For Games
- Hacking Tools Name
- How To Hack
- Hacks And Tools
- Pentest Tools Bluekeep
- Pentest Tools Website Vulnerability
- Tools 4 Hack
- Hack Tools Mac
- Nsa Hack Tools Download
- Hacker Tools Mac
- Hack Tools For Games
- Hack Tool Apk
- Hack And Tools
- Pentest Tools Linux
- Pentest Tools For Ubuntu
- Android Hack Tools Github
- Hacks And Tools
- Bluetooth Hacking Tools Kali
- Pentest Tools
- Hacking Tools For Windows 7
- Pentest Tools Find Subdomains
- Hack App
- Pentest Tools Github
- Hack Website Online Tool
- Best Hacking Tools 2020
- Pentest Tools Url Fuzzer
- Pentest Tools Bluekeep
- Hacker Tools Apk
- Hacking Tools Github
- Hacking Tools For Windows
- Hacking Tools 2019
- Hack App
- Hacker Tools Hardware
- Best Pentesting Tools 2018
- Usb Pentest Tools
- Hack Tools Github
- Top Pentest Tools
- Hacking Tools For Windows 7
- What Is Hacking Tools
- Hacker Tools For Mac
- Hack Apps
- Pentest Tools Android
- Hack Tools Pc
- Hack Tool Apk No Root
- Pentest Tools Framework
- Underground Hacker Sites
- Kik Hack Tools
- Pentest Tools Windows
- Hacker Tools 2020
- Hacker Tools For Ios
- Computer Hacker
- Growth Hacker Tools
- Hackrf Tools
- Pentest Tools Open Source
- Termux Hacking Tools 2019
- Hacker Tool Kit
- Pentest Tools Url Fuzzer
- Hacker Tools Hardware
- Hack Rom Tools
- Hack Tools
- Hacker Tools Software
- Hacker Tools Apk Download
- Ethical Hacker Tools
- Hacker Tools Linux
- Hack Tools
No hay comentarios:
Publicar un comentario