Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

DDos within a pentest

from [Julian Totzek] Network Security [Permanent Link]
Subject: DDos within a pentest
Date: Fri, 6 May 2005 09:44:11 +0200 
Hi group,

within a pentest we trying to offer the possibility of a DDos Foold for our 
customers. I know there are many tools to do a flood from a single PC, but all 
of these tools just send as many syn's as the can. Does anybody know a tool 
where I'm able to limit the bandwidth? I donât want to get a bandwidth 
overload, I just want to show that the server is not able to handle all the syn 
packets.

An other question is from where would I start such a attack? We only have a 
2Mbit line here in the office, so if I need to flood a 10Mbit line there will 
not be enough packets to do this, right? Maybe there is a provider out there 
who already offers this service!

The third question is what will be the side effects if I send packets with 
spoofed sources? As you all know I don't a answer to my packets, but would it 
be a DDos to all spoofed sources then? How can you ensure that only the main 
target is getting flooded?


Best regards

Julian Totzek

THE BRISTOL GROUP Deutschland GmbH
Robert-Bosch-StraÃe 11
63225 Langen
Telefon +49 (0) 6103 20 55 300
Telefax +49 (0) 6103 70 27 87
Emergency Phone 0190/858 979 000 (1,86â/min)
julian.totzek@bristol.de 
www.bristol.de 


HTTPS, HTTP, SMTP, IMAP, POP3 und FTP
Kostenloser 14-Tage-Test einer CP Secure Antivirus Appliance
http://www.bristol.de/testing.htm
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow, Gary O'leary-Steele
Next by Thread:  Re: DDos within a pentest, Sels, Roger
Indexes:  [Date] [Thread] [Top] [All Lists]