Penetration Testing mailing list archives
Re: DoS ToolKit
From: dharana <dharana () dharana net>
Date: Tue, 31 Jul 2001 10:17:04 +0200
Ershad Shafi Chowdhury(iru () bol-online com)@2001.07.31 10:12:04 +0000:
Whoa! Hold on those tests if you don't know what to do to protect yourself first. DoS can be nasty especially if carried out during office hours.
The idea is first to try pen-testing against the actual configuration, and then make the necessary changes.
I suggest reading relevant security docs for those network devices, e.g. Cisco, WinNT, Win2K, Linux and other devices you may have, and checking if you have the protection in place.
http://neworder.box.sk/ http://packetstorm.linuxsecurity.com/ http://www.securityfocus.com/ Do you recommend me another website of the like?
Then, you can blast away, first from a remote site, then from your local LAN while no one is working at the office. If you can, close any DB's you may have running (you don't want your OS to crash and corrupt the DB too), and if everything works out, you can test again with them up and running.
I think I know what I'm playing with. My question was more about what kind of attacks. For example: - Smurf Attacks - Arp poisoning hubs and switches - Jolt'ing against the Windows Machines. - (a lot more I don't know at this moment) I've already tried exploits against the visible services (some of them might cause DoS) and now I wanted to test the stability of some of our routers, firewalls and workstations and servers.
On the other hand, if you have already taken the precautions, start with attempting DoS at workstations, servers, firewalls, hubs, switches and finally routers.
Here we are. Do you know any good place to start?
Regards, Ershad Shafi Chowdhury (Iru) Chief Information Officer Bangladesh Online Ltd - A Beximco Company House 21, Road 3, Dhanmondi R/A, Dhaka 1205 Tel: +88029668320, Fax: +88029668321 E-mail: iru () bol-online com, http://bol-online.com -----Original Message----- From: dharana () dharana net [mailto:dharana () dharana net] Sent: Tuesday, July 31, 2001 5:26 AM To: pen-test () securityfocus com Subject: DoS ToolKit Hello list: My company is performing (at least trying to do ) a full security test on our installations, and I've been assigned the network security tests. I've already performed network maps as seen from the Internet, I've run ISS and Nessus, I've performed some sniffing in specific areas, I've read and applied most of the OSSTM Manual and one of the few things that rests are DoS tests (against network devices, firewalls) but I have no idea of what checklist should I follow. Can anyone give me some advice? Thanks in advance. -- dharana dharana () dharana net "Don't worry; you can't do anything." ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Thanks for your time, -- dharana dharana () dharana net "Don't worry; you can't do anything." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- DoS ToolKit dharana (Jul 30)
- packetstorm.securify.com down? Joe Klein (Jul 31)
- RE: packetstorm.securify.com down? Aaron (Jul 31)
- Re: packetstorm.securify.com down? Blake Frantz (Jul 31)
- Re: packetstorm.securify.com down? bacano (Jul 31)
- <Possible follow-ups>
- Re: DoS ToolKit dharana (Jul 31)
- packetstorm.securify.com down? Joe Klein (Jul 31)