[cs615asa] Question & Reference

Divyendra Patil dpatil3 at stevens.edu
Fri Jan 26 11:19:03 EST 2018


The resource is great.

DDoS attacks are also an art.
There are many tools but I've only used hping3 till now for testing
purposes.
The Metasploit framework in Kali has a long list of types, just run
"/usr/share/metasplot-framework/auxiliary/dos" followed by "ls -l" & it
will list down different types of attacks.

One might find great resources in https://www.exploit-db.com/ too.

Others I've come across in research are:

LOIC: The Low Orbit Ion Cannon (LOIC) was used by Anonymous in the
Operation Payback attack against PayPal, Visa, and MasterCard in
retaliation for cutting off WikiLeaks donations. This tool is Windows-based
and almost as easy as pointing and clicking.

HOIC: HOIC uses an HTTP flood using booster files that enable a small
number of users to effectively DoS a website by sending a flood of
randomized HTTP GET and POST requests. It is capable of simultaneously
DoSing up to 256 domains. You can download it from SourceForge.

XOIC: The user simply needs to set the IP address and port of the target,
select a protocol (HTTP, UDP, ICMP, or TCP), then begin to fire.

HULK: Another tool capable of bringing down web servers. This tool uses
various obfuscation techniques to limit the ability of the target to
mitigate the attack.

UDP Flooder: does just as you would expect—it sends a flood of UDP packets
to the target. It has been effectively used to knock gamers off their
networks (online games primarily use UDP).

RUDY: RUDY takes a different approach to DoSing websites. It enables the
user to select a form from the web app and then use that form to send a
flood of POST requests. You can download it from Hybrid Security.

ToR's Hammer: Was designed to be run through the ToR network to anonymize
the attack and limit mitigation. The problem with this strategy is that the
ToR network tends to be very slow, thereby limiting the rate at which the
packets can be sent and thereby limiting the effectiveness of this tool.

Pyloris:  Another DoS tool, but with still a different strategy. It allows
the user to construct their own, unique HTTP request headers. It then
attempts to keep open these TCP connections as long as possible in order to
exhaust the connection queue. When it does this, no legitimate connections
can be made and new attempts to connect by other users will be dropped.

OWASP Switchblade: D the Switchblade DoS tool to be used to test the
resiliency of a web app to DoS attempts. It has three modes, 1. SSL
Half-Open, 2. HTTP Post, and 3. Slowloris.

DAVOSET: Written in Perl, that uses zombie systems to distribute the attack
across multiple systems. This tool uses Abuse of Functionality and XML
External Entities vulnerabilities on other sites to "zombie" them and
attacks the target site. Includes over 160 zombie services.

GoldenEye HTTP DoS Tool: GoldenEye is simple DoS tool that loads an HTTP
server attempting to exhaust its resource pool. It's great for testing your
website, but not really effective in the real world as most perimeter
defenses will detect it.

THC-SSL-DOS: This DDoS tool (built right into Kali) is different from most
DoS tools in that it doesn't require huge amounts of bandwidth and can be
conducted with a single system. It attacks vulnerabilities in SSL to bring
down the server.

DDOSIM - Layer 7 DDoS Simulator: This tool from Storm Security simulates a
DDoS attack from various zombies with random IP addresses. It attempts to
create a full TCP connection (SYN-SYN/ACK-ACK). As the name implies, it
operates at the application layer (layer 7). It is also capable of
simulating a DDoS attack upon the SMTP server and a TCP flood at random
ports.

Another Resource:
https://www.techrepublic.com/article/ddos-attacks-increased-91-in-2017-thanks-to-iot/

Feel free to correct!






‌
<https://mailtrack.io/> Sent with Mailtrack
<https://chrome.google.com/webstore/detail/mailtrack-for-gmail-inbox/ndnaehgpjlnokgebbaldlmgkapkpjkkb?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality>

On Fri, Jan 26, 2018 at 9:41 AM, Jan Schaumann <jschauma at stevens.edu> wrote:

> Divyendra Patil <dpatil3 at stevens.edu> wrote:
> >
> > How does a SysAdmin face a DDoS attack on a system he is
> monitoring/looking over.
>
> On the topic of DDoS attacks, I just came across this link, which
> describes the different types well:
>
> https://www.incapsula.com/blog/security-glossary-top-12-
> ddos-attack-types-need-know.html
>
> -Jan
> _______________________________________________
> cs615asa mailing list
> cs615asa at lists.stevens.edu
> https://lists.stevens.edu/mailman/listinfo/cs615asa
>



-- 
Thank You.
Divyendra Patil.
MS
Cyber Security
Github 615A
<https://github.com/DivyendraPatil/MS-Cyber-Security-Solutions/tree/master/CS%20615%20-%20System%20Administration/dpatil3-notes>
http://divyendra.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20180126/38da5aef/attachment-0001.html>


More information about the cs615asa mailing list