Re: Using Nmap as a Network Stress Testing Tool

[ithilgore <ithilgore.ryu.l () gmail com>]

Professor 0110 wrote:
> Hi everyone,
> I was just wondering if there was anyway that I could utilize Nmap as a
> Network Stress Testing tool, or a tool which enables me to get a rough idea
> of how my network and firewalls will be able withstand a DoS attack (SYN
> Flood and UDP Flood). What sparked this idea was the fact that Decoy
> scanning can cause a SYN Flood if the decoy targets are not available. But
> since this TCP/IP Flaw was fixed over a decade ago, it is hardly useful
> anymore.
>
> Cheers,
>
> Professor 0110

SYN Flooding is indeed solved with server-side syn cookies. However, some
firewalls might have dynamic rulesets that block the offending hosts that
attempt to syn flood them. This means that using a decoy against a host
with the above firewall "misconfiguration" could lead to a legitimate
host being blocked from the target. That could cause some serious trouble if
the decoy is the primary DNS server of the target, or something of equal
importance.

I had written a tool similar to netkill a couple of months ago, if you
want to stress-test a host against connection-flooding and possibly against
kernel memory exhaustion (though no up-to-date system suffers from that nowadays).
There is another newer version that also exploits a certain TCP Persist Timer functionality
and fixes many bugs in the current implementation, but will be released later.
More information at http://sock-raw.org/projects/nkiller/nkiller.c.html

--
ithilgore
sock-raw.org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org