Dombrowski, Stan wrote:
A DOS attack.... I'm trying to test a new product we just purchased.
It's a Packeteer which will recognize and deal with unusal traffic flow
and bandwidth problems. We experienced several internal DOS attacks from
internal hosts caused by bots. I've configured the Packeteer but haven't
found a way to test the device. I have it set up on a private vlan with
just the nessus server/client, the Packeteer and a test host. But
running the normal scan with DOS enabled doesn't generate much traffic.
How do I crank it up to really eat up the bandwidth and emulate an
attack. No animals will be used in this experiment and it is safe for
childrens consumption as required by the FDA. Appreciate any help as I
just downloaded this software and am a newbie.
On one hand, I am thrilled that Nessus isn't enough of a DOS tool for
you as we try very hard to make Nessus have as little effect on its
targets as possible.
Having said that, if you want to test the Packeteer with Nessus, I don't
think you will find very much using Nessus. I suggest you look into
capturing the Nessus scan with tcpdump and then replaying it as fast as
possible with a tool like tcpreplay. For testing inline devices, trying
to replay the conversation from one side of the device may not work.
Also, keep in mind that DOS attacks are not always bandwidth related or
from one source. If you are DOSed by a botnet, you'll see attacks from
many different remote IPs. You can also be DOSed by someone who is
exploiting a flaw in an application on your network. Certain web queries,
FTP queries, SMTP commands, .etc can cause high disk IO, CPU utilization
or memory utilization and can just of an effective DOS event.
There are plenty of commercial products in this space that do exactly
what you are asking. You might start with tools that are used to test
inline IPSes.
Ron Gula
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
