snakebyte
Jun 9 2003, 04:29 AM
hi,
i recently had a new demo unit called fortinet, its a firewall appliance with some bandwidth management and virus fiiltering
currently im trying to get familiar with its setting and i'll be testing its feature.
anyone know some good exploit tools to test this thing? i'd like to see how good this thing can handle DoS/DDoS attack specially syn attack if possible
i've set up a dummy server,client, and attacker machine for testing
one more thing..
in my web server logs i see a lot of /default.ida xxxx(..and on) with 200 status in the end
if this mean my system vulnerable to this exploits?
thanks
dissolutions
Jun 9 2003, 02:20 PM
Well first off DDoS you'll have to either find somebody with a botnet or create one with your network you'll need aout 30-infinite for a small syn attack.
Pretty much you can use any tools that are utilized for hacking or network security.... you try and get by it... the best tool is your head at the moment tho.
GSecur
Jun 9 2003, 02:47 PM
| QUOTE |
one more thing..
in my web server logs i see a lot of /default.ida xxxx(..and on) with 200 status in the end
if this mean my system vulnerable to this exploits? |
Those requests are coming from machines infected with the code red worm. The fact that you are getting status codes of 200 means that most likely you haven't patched your system against it. Take a minute out and complete your updates 
snakebyte
Jun 10 2003, 02:21 AM
hi all,
thanks for replies
i've found the tool, i tested it and it work, now i just need to amplify it to so that it will feel like real attack
do i really need 30 machine to do that
i think i did have update my server, and when i use those scanner from eeye the result looks good
i check with virus scanner... its free of bugs
hmm...wonder what went wrong
dissolutions
Jun 10 2003, 03:25 PM
for DDoS you may need more than 30 machines to do that... I'd just go on an IRC channel and ask some script kiddie with a botnet to flood away on you.
DDoS = Distributed Denial of Service
meaning more than one computer.
Usually computers are infected with a DDoS virus and log onto irc then the attacker types in .syn ip port times or something to that extent and they syn flood... however you do nee windows 2000 machines to do a syn flood.
That is pretty much it about DDoS.
I would suggest if your going to try a DDoS you try: ICMP, UDP, SYN. as methods of testing.
However even the most secure system on the net is Vulnerable to these. It's just depends on how many zombies are attacking. You may be able to "survive" 30 zombies attacking you but will you be able to survive 30,000? Probably not.
If you'd like information on these attacks just give a holler.
snakebyte
Jun 11 2003, 02:31 AM
well... i dont have 30 or more machine to generate that kinda attack just for simulation
so i just make a script to run it like 20 or 30 instances at one time
that should run pretty much like a DDoS right?
but i dont know how to measure or count how much syn packet i sent
anyone know how to do that? to measure up how much syn packet attack this thing can handle
and no.. i dont want to invite any script kiddie to attack my network
beside...it just a simulation, on private lan...not connected to the net
thanks
dissolutions
Jun 11 2003, 03:06 AM
Well technically you can log the amount of syn packets going into this machine by having a a sniffer on the wire. Or on the router/firewall. And then find out how many packets it takes.
Thats about all I can think of.
snakebyte
Jun 12 2003, 01:50 AM
ok then...thanks fot the input
nemesis
Apr 15 2004, 12:58 AM
hi, little n00b question..
a DoS attack, is it just flooding a pc with a huge amount of packets ?
like
| CODE |
| ping -t -v icmp -l 65000 x.x.x.x |
?
or are there other ways?
and how does it works with irc ?
tx
epi
Apr 15 2004, 01:37 AM
yeah
a DDOS attack is just by getting as many machines as possible, at a set time, to send as many huge packets and requests to a server as possible. the server wont be able to handle it, and will have to shut down
sleazy, and hard to combat
edit: how it works with irc:
some script kiddie gets some bot code that somebody else made. infects somebody with it. the bot virus spreads, and every time it infects another machine, that machine secretly logs onto an irc network + channel, and waits. the script kiddie then gives them all a command, and they go out and do it
Killaloop
Apr 15 2004, 07:19 AM
| QUOTE (nemesis @ Apr 15 2004, 12:58 AM) |
hi, little n00b question..
a DoS attack, is it just flooding a pc with a huge amount of packets ?
like | CODE | | ping -t -v icmp -l 65000 x.x.x.x |
? or are there other ways? and how does it works with irc ? tx |
nope
thats DDoS
DoS = Denial of Service
for this one to work you have to find some vulnerability in a running service. A bad request or too long request causes a overflow and will crash the service or the whole system.
d00m
Apr 16 2004, 01:33 AM
Ping flooding used to work in early versions of windows by causing the infamous blue screen of death. But now most OS'es have been patched to protect againt this type of attack.
x.x.x.0 and x.x.x.255 are the broadcast addresses of any subnet...in *nix using ping -b x.x.x.255 u could cause a DoS attack..known as "smurf" attack.
nemesis
Apr 16 2004, 02:35 PM
ok, tx a lot guys!
it's more clear to me now. Thaught it was something much more complicated
tx for the smurf tip also, didn't knew what it was exactly
But I still have a long way to go
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
