Julian Totzek schrieb:
Hi group,
within a pentest we trying to offer the possibility of a DDos Foold for
our customers. I know there are many tools to do a flood from a single
PC, but all of these tools just send as many syn's as the can. Does
anybody know a tool where I'm able to limit the bandwidth? I donât want
to get a bandwidth overload, I just want to show that the server is not
able to handle all the syn packets.
Try hping with the -i switch you can set the rate of the generated packets.
You have to prevent your host from answering RST on the returned SYN-ACK.
See "man iptables" for that ;)
An other question is from where would I start such a attack? We only
have a 2Mbit line here in the office, so if I need to flood a 10Mbit
line there will not be enough packets to do this, right? Maybe there is
a provider out there who already offers this service!
For SYN-Floods you don't need to saturate the line. Most OS kann keep about
100-300 Half-Open Connections and have them stay for 10-120 seconds. So you
only need a few unanswered SYNs to tie up the half-open stack.
The third question is what will be the side effects if I send packets
with spoofed sources? As you all know I don't a answer to my packets,
but would it be a DDos to all spoofed sources then? How can you ensure
that only the main target is getting flooded?
Don't use other, unrelated persons and providers IP-Numbers. That is rude
and script-kiddy style. If you can't controll the sending host, have your
firewall discard all traffik to a certain IP and use this address.
As you are from Germany, see my article in ix on the topic:
http://www.heise.de/ix/artikel/2005/04/107/
--
Mit freundlichen GrÃÃen
Christoph Puppe
Security Consultant
We secure your business.(TM)
_______________________________________________________
HiSolutions AG Phone: +49 30 533289-0
BouchÃstrasse 12 Fax: +49 30 533289-99
D-12435 Berlin Internet: http://www.hisolutions.com
_______________________________________________________
