Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Worm attack generation tools

from [Robert D. Holtz] Network Security [Permanent Link]
Subject: RE: Worm attack generation tools
Date: Sat, 19 Aug 2006 13:07:20 -0500 
Good luck on your quest.  

These types of experiments are always fun learning experiences!

Great scientific discoveries aren't followed by "Eureka!" ... it's more like
"that's funny".

-----Original Message-----
From: Joey Peloquin [mailto:joeyp@cotse.net] 
Sent: Saturday, August 19, 2006 9:39 AM
To: Robert D. Holtz
Cc: 'miaomitiff119'; focus-ids@securityfocus.com
Subject: Re: Worm attack generation tools

Robert D. Holtz wrote:

You would be surprised at what one infected machine can crank out.  

I've seen two mediocre machines cripple a four T1 MLPPP bundle. I've done
time at a CLEC and one of our most common problems was folks insisting

there

internet connection was down when it was actually an infected machine on
their internal LAN going nuts.  I could watch the traffic once it entered
into the core and was able to see that it was trash.

What type of bandwidth are you trying to throw at these things?  

I would assume that the IDS system is "mainly" watching ingress traffic

from

the internet which for the most part won't be too high due to the cost of
this type of access.  

This assumption goes out the window if you have IDS systems separating
departments, business units, etc.  Then you're talking LAN speeds.


Department segregation within the LAN is exactly what I'm talking about,
though I can't speak for the OP.  Ingress worm traffic does virtually
nothing to us, because it's usually the same 'ole vectors, 135, 139 or 445,
which have been blocked, filtered, or otherwise denied (perimeter routers,
before the traffic even gets to our IPS) from the Internet for many moons.

Still, I like your style, and wish I would have thought of throwing "real"
worm traffic at my boxes.

Cheers,
-jp


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Worm attack generation tools, Joey Peloquin
Next by Date:  Re: Worm attack generation tools, whonosewho
Previous by Thread:  Re: Worm attack generation tools, Joey Peloquin
Next by Thread:  RE: Worm attack generation tools, Tony Haywood
Indexes:  [Date] [Thread] [Top] [All Lists]